Improving Detection Method for Covert Channel in TCP/IP Network
Covert channels use stealth communications to compromise the security policies of systems. They constitute an important security threat since they can be used to exfiltrate confidential data from networks. TCP/IP protocols are used every day and are subject to covert channels problems. Covert channels are used for the secret transfer of information. Encryption only protects communication from being decoded by unauthorized parties, whereas covert channels aim to hide the very existence of the communication. Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols. The huge amount of data and vast number of different protocols in the Internet seems ideal as a high-bandwidth vehicle for covert communication. The aim of this paper is to give an overview of covert channels in TCP/IP networks. We briefly describe the TCP and IP protocols, the methods to set them up in TCP/IP networks; then we study the methods to detect covert channels.