Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Introducing Dead Drops to Network Steganography using ARP-Caches and SNMP-Walks

 
: Schmidbauer, T.; Wendzel, S.; Mileva, A.; Mazurczyk, W.

:

Association for Computing Machinery -ACM-:
ARES 2019, 14th International Conference on Availability, Reliability and Security. Proceedings : Canterbury, CA, United Kingdom, August 26 - 29, 2019
New York: ACM, 2019
ISBN: 978-1-4503-7164-3
Art. 64, 10 pp.
International Conference on Availability, Reliability and Security (ARES) <14, 2019, Canterbury>
English
Conference Paper
Fraunhofer FKIE ()

Abstract
Network covert channels enable various secret data exchange scenarios among two or more secret parties via a communication network. The diversity of the existing network covert channel techniques has rapidly increased due to research during the last couple of years and most of them share the same characteristics, i.e., they require a direct communication between the participating partners. However, it is sometimes simply not possible or it can raise suspicions to communicate directly. That is why, in this paper we introduce a new concept we call "dead drop", i.e., a covert network storage which does not depend on the direct network traffic exchange between covert communication sides. Instead, the covert sender stores secret information in the ARP (Address Resolution Protocol) cache of an unaware host that is not involved in the hidden data exchange. Thus, the ARP cache is used as a covert network storage and the accumulated information can then be extracted by the covert receiver using SNMP (Simple Network Management Protocol).

: http://publica.fraunhofer.de/documents/N-624867.html