A HTTP cookie covert channel

Huba, William; Yuan, Bo; Johnson, Daryl; Lutz, Peter

doi:10.1145/2070425.2070447

Cited by 4 publications

(2 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There have been many research papers exploring the varied mechanisms and implementations of covert channels [3]. HTTPS and HTTP protocols have been the vehicle for several covert channel applications [4][5] [6]. Numerous other studies have been done using other aspects of the TCP/IP protocol [7][8] [9][10] [11][12] [13].…”

Section: Introductionmentioning

confidence: 99%

Covert Channel Using Man-in-the-Middle over HTTPS

Johnson

Lutz

Johnson

2016

2016 International Conference on Computational Science and Computational Intelligence (CSCI)

Self Cite

View full text Add to dashboard Cite

The goal of this covert channel is to prove the feasibility of using encrypted HTTPS traffic to carry a covert channel. The encryption key is not needed because the original HTTPS payload is not decrypted. The covert message will be appended to the HTTPS data field. The receiver will extract the covert channel and restore the original HTTPS traffic for forwarding. Only legitimate HTTPS connections will be used as the overt channel. A Man-in-the-Middle (MITM) attack at the sending and receiving ends will give access to modify the traffic streams. The HTTPS return traffic from the server can carry a covert channel. Without the original HTTPS traffic for comparison or the original encryption keys, this covert channel is undetectable.

show abstract

Section: Introductionmentioning

confidence: 99%

Covert Channel Using Man-in-the-Middle over HTTPS

Johnson

Lutz

Johnson

2016

2016 International Conference on Computational Science and Computational Intelligence (CSCI)

Self Cite

View full text Add to dashboard Cite

show abstract

“…A typical covert channel in HTTP just disguises some prohibited protocols by encapsulating covert traffic inside the payload of HTTP, but the channel is frustrated by a statistical detection technique paying attention to HTTP behavior characteristics . Another covert channel in HTTP just attaches messages into the URLs or the cookies . However, the inexistent URLs and the illegal tampering in cookies can be easily recognized by advanced application‐layer gateways .…”

Section: Introductionmentioning

confidence: 99%

A novel distributed covert channel in HTTP

Wang

Huang

Miao

et al. 2013

Security Comm Networks

View full text Add to dashboard Cite

In this paper, we propose a novel distributed covert channel in HTTP. Different from traditional covert channels in HTTP, the channel deploys multiple HTTP clients to dilute steganographic features. In a proper multiple-to-multiple transmission model based on the modulation of URLs, the channel is efficient and reliable. With a Poisson request generator, simulating behaviors of normal HTTP visitors, the covert traffic has a legitimate HTTP appearance that helps it be undetectable. The transmission experiments prove that the channel is error free and has a high transmission rate. The results of the undetectability experiment show that the channel is adjustable. By adjusting a certain parameter, the channel can trade off two different features, the transmission rate and the undetectability, which can meet different demands in practical applications.

show abstract