Covert Channels in TCP/IP Headers
Presentation: [PowerPoint][HTML]
Code: The code is currently unavailable. There are a few rather critical bugs in the code, and I'd rather not have someone download it, use it, and believe that they're completely safe when they're really not. If you'd like like to help test it, please email me. On a side note, you can download the ancestor of my code at http://www.mit.edu/~gif/covert-channel/
Other Reading:
- Eliminating Steganography in Internet Traffic with Active Wardens by Gina Fisky, Mike Fisk, Christos Papadopoulos, and Josh Neil
This recent paper, presented at info-hiding 2002, describes an implementation of an active warden that reduces the availability of covert channels in TCP/IP headers. It also briefly discusses some covert channels in TCP/IP headers and structured and unstructured carriers. The definition and use of Minimal Requisite Fidelity (MRF) is also presented. - Covert Messaging Through TCP Timestamps by John Giffin, Rachel Greenstadt, Peter Litwack, and Richard Tibbetts
This paper, presented at PET2002, details how to use the low bit of the TCP timestamp option as a covert channel. It also briefly describes an implementation for Linux. - Covert Channels in the TCP/IP Protcol Suite by Craig H. Rowland
A paper that outlines basic subliminal channels in TCP/IP. Includes some basic code as a proof-of-concept.