This paper introduces a novel covert channel attack technique that leverages bit-rate modulation to enable stealthy data transfer between compromised devices over a wide-area network (WAN). The attack, named "CONNECTION", allows a malicious actor to control the bit-rate at which data is transmitted, associating high bit-rates with '1' bits and low bit-rates with '0' bits. This approach effectively modulates the network throughput, creating a covert channel that is highly resistant to detection by conventional security measures.
The authors provide a detailed description of the attack model, where the attacker controls both the covert sender and receiver devices. The sender implements a bit-rate modulation algorithm to transmit a bitstream, while the receiver analyzes the network traffic to demodulate and recover the transmitted data.
Extensive experiments conducted in a controlled cyber range environment demonstrate the effectiveness of the proposed attack. The results show that the covert channel can achieve a data transmission rate of up to 5 bits per second (bps) and a channel capacity of 0.9239 bps/Hz, with excellent robustness against various network impairments, such as jitter, latency, packet loss, and coexistence with legitimate traffic. The simplicity of the algorithm and its ability to operate on resource-limited devices make it a potentially significant threat to enterprise networks.
The paper highlights the importance of developing advanced network monitoring and detection capabilities to identify and mitigate such bit-rate modulation-based covert channels, which can be used to exfiltrate sensitive data from compromised systems.
Til et andet sprog
fra kildeindhold
arxiv.org
Vigtigste indsigter udtrukket fra
by Simone Soder... kl. arxiv.org 04-25-2024
https://arxiv.org/pdf/2404.15858.pdfDybere Forespørgsler