Covert Channels in the HTTP Network Protocol: Channel Characterization and Detecting Man-in-the-Middle Attacks

Abstract

Network covert channels allow two entities to communicate stealthily. Hypertext Transfer Protocol (HTTP), accounting for approximately half of all traffic on the Internet (Burke, 2007), has become the de facto standard for hiding network covert channels. Proliferation of covert channels throughout the World Wide Web has brought both challenges and enhancements to the area of Information Warfare. This paper defines a set of common characteristics, then classifies and analyzes several known and new covert channels in HTTP with respect to these characteristics. Lastly, this paper proposes that there are beneficial applications of network covert channels, such as detecting Man-in-the-Middle attacks.


AUTHORS

Rochester Institute of Technology, Rochester, NY,
USA

Erik Brown received a Bachelors of Science Degree in Information Security and Forensics from Rochester Institute of Technology, Rochester, NY in 2009. Upon graduation, he was commissioned as a Lieutenant and currently serves in the United States Air Force as a Cyber Operations officer. He is currently working towards a MS in Cybersecurity. His research interests include covert channels, steganography and various network security topics.

Rochester Institute of Technology, Rochester, NY,
USA

Bo Yuan works at the School of Informatics at Rochester Institute of Technology. He received his Ph.D. in Systems Science from Binghamton University. Before joined Rochester Institute of Technology in 2003, he did research in the areas of computational intelligence and their applications in natural language processing and information retrieval. Dr. Yuan is the inventor of Trainable Semantic Vectors where he holds four US patents. Recently, Dr. Yuan’s main research interests are in the areas of cyber security, and covert communication channels in particular. Dr. Yuan has coauthored three books and published over 40 research papers in many areas.

 

Rochester Institute of Technology, Rochester, NY,
USA

Daryl G Johnson works in the Department of Networking, Security and Systems Administration at the Rochester Institute of Technology. Professor Johnson received his MS in Computer Science from Rochester Institute of Technology in 1987. He has designed over six and co-developed over a dozen new courses in the networking, security and systems administration areas as well as redesigning many other courses. He has been involved in the creation of two departments and five-degree courses. Most of his attention over the last decade has been in the area of Computing and network Security with a focus on Covert Channels and vulnerabilities in P2P networking. He has authored several papers in the security area.

Rochester Institute of Technology, Rochester, NY,
USA

Peter Lutz received his Ph.D. in Computer Science from the State University of New York at Buffalo in 1979, while working as a Member of Technical Staff at Bell Telephone Laboratories. Shortly thereafter,he joined the faculty of the School of Computer Science at Rochester Institute of Technology. In his 30 years of service to RIT, Professor Lutz has moved from Computer Science to the Department of Information Technology and then to the Department of Networking, Security and Systems Administration. He served as chair of the Department of Information Technology for four years and was the moving force behind five-degree proposals. Lately, Professor Lutz has begun research in the area of covert communication channels. His interests include covert channels, low level network programming, and the pedagogy used to teach scripting.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com