Results 1 to 3 of 3

Thread: Pls explain Covert data channel

  1. #1
    Junior Member
    Join Date
    May 2005
    Posts
    15

    Pls explain Covert data channel

    Can someone pls explain the concept behind covert storage channel in layman's terms for me?

  2. #2
    Covert Channels

    A covert channel is a way for an entity to receive information in an unauthorized man-
    ner. It is an information flow that is not controlled by a security mechanism or the
    mechanism has been successfully compromised. This type of information path is usu-
    ally not used for communication; thus, the system does not properly protect this path
    because the developers never envisioned information being passed this way. For an en-
    tity to receive information in this manner violates the security policy of the system.
    There are two types of covert channels: timing and storage. In a covert timing channel,
    one process relays information to another by modulating its use of system resources.
    The modulation of system resources can be accessing the hard drive, using excessive
    CPU cycles, or head placement on a hard drive track. For example, if one process wrote
    to the hard drive 30 times within 30 seconds this could mean something to another pro-
    cess that is programmed to look for this type of activity. The second process watches out
    for this “signal” and once it receives it, the second process carries out whatever evil activ-
    ity it is programmed to do. You can think of it as a type of Morse code, but with the use
    of some type of system resource.
    A covert storage channel is when a process writes data to a storage location and an-
    other process directly, or indirectly, reads it. The problem occurs when the processes are
    at different security levels, and therefore not supposed to be sharing sensitive data.
    Maybe an attacker figures out that two processes with different trust levels can view
    the pagefile.sys file. Process 1 writes some type of confidential information to the
    pagefile.sys file, and process 2 reads it. This would go against the information flow of
    the system and directly negate the security policy.
    The most common covert channel in use today is the Loki attack. This attack uses the
    ICMP protocol for communication purposes. This protocol was not developed to be
    used in this manner, it is only supposed to send status and error messages. But someone
    developed a tool (Loki) that will allow an attacker to write data right behind the ICMP
    header. This allows the attacker to communicate to another system through a covert
    channel. It is usually very successful because most firewalls are configured to allow
    ICMP traffic in and out of their environments. This is a covert channel because it is using
    something for communication purposes that was not developed for this type of com-
    munication functionality.
    NOTE An overt channel is a channel of communication that was developed
    specifically for communication purposes. Processes should be communicating
    through overt channels, not covert channels.

    Source: PDF File

    Html Format: http://64.233.187.104/search?q=cache...&hl=en&start=1
    O.G at A.O

  3. #3
    Junior Member
    Join Date
    May 2005
    Posts
    15
    thanks mate

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •