An Approach for Thwarting Malicious Secret Channel: The Case of IP Record Route Option Header-Based Covert Channels

Firas Saidi, Zouheir Trabelsi, Henda Ben Ghézela

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The Internet constitutes actually one of the main communication platforms for cybercriminals and terrorists to exchange secret messages and hidden information. The use of clear or non-encrypted network traffic to communicate over the Internet allows steganalysis process and surveillance agencies to easily identify the presence of secret messages and hidden information, and classify the involved entities as potential cyber criminals or terrorists. However, covert channels can be an efficient and remedial communication solution for cybercriminals and terrorists to exchanged secret messages and hidden information. In fact, most covert channels attempt to send clear and non- encrypted messages embedded in the fields of network packets in order to offer robust communication channels against steganalysis. Nevertheless, covert channels are an immense cause of security concern and are classified as a serious threat because they can be used to pass malicious messages. This explains why detection and elimination of covert channels are considered a big issue that faces security systems and needs to be addressed. In this paper, a novel approach for detecting a particular type of covert channels is discussed. The covert channel uses the IP Record route option header in network IP packets to send secret messages and hidden information. The paper demonstrates that this type of covert channels is not robust enough against steganalysis. The proposed detection approach is based on the IP Loose source route option header. Conducted experiments show that the proposed approach is simple and straightforward to implement and can contribute to identifying malicious online activities of cyber criminals and terrorists.

Original languageEnglish
Title of host publicationRisks and Security of Internet and Systems - 14th International Conference, CRiSIS 2019, Proceedings
EditorsSlim Kallel, Ahmed Hadj Kacem, Frédéric Cuppens, Nora Cuppens-Boulahia
PublisherSpringer
Pages177-192
Number of pages16
ISBN (Print)9783030415679
DOIs
Publication statusPublished - 2020
Event14th International Conference on Risks and Security of Internet and Systems, CRiSIS 2019 - Hammamet, Tunisia
Duration: Oct 29 2019Oct 31 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12026 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference14th International Conference on Risks and Security of Internet and Systems, CRiSIS 2019
Country/TerritoryTunisia
CityHammamet
Period10/29/1910/31/19

Keywords

  • Covert channel
  • Covert channel detection
  • Cyber terrorism
  • IP header option
  • Steganalysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'An Approach for Thwarting Malicious Secret Channel: The Case of IP Record Route Option Header-Based Covert Channels'. Together they form a unique fingerprint.

Cite this