Covert Channels in Transport Layer Security:
Performance and Security Assessment


Corinna Heinz
1, Marco Zuppelli2+, and Luca Caviglione2

1FernUniversität in Hagen, Hagen, Germany
 ch@sysv.de

2National Research Council of Italy, Genova, Italy

{marco.zuppelli, luca.caviglione}@ge.imati.cnr.it

 

Abstract

The ability of creating covert channels within network traffic is now largely exploited by malware to elude detection, remain unnoticed while exfiltrating data or coordinating an attack. As a consequence, designing a network covert channel or anticipating its exploitation are prime goals to fully understand the security of modern network and computing environments. Due to its ubiquitous availability and large diffusion, Transport Layer Security (TLS) traffic may quickly become the target of malware or attackers wanting to establish a hidden communication path through the Internet. Therefore, this paper investigates mechanisms that can be used to create covert channels within TLS conversations. Experimental results also demonstrated the inability of de-facto standard network security tools to spot TLS-based covert channels out of the box.

Keywords: covert channels, transport layer security, network intrusion detection.

 

+: Corresponding author: Marco Zuppelli
Institute for Applied Mathematics and Information Technologies, National Research Council of Italy, Via de Marini 6, Genova, Italy, I-16149,
Web: http://imati.cnr.it


Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
 (JoWUA)
Vol. 12, No. 4, pp. 22-36, December 2021 [pdf]

Received: March 29, 2021; Accepted: September 2, 2021; Published: December 31, 2021

DOI: 10.22667/JOWUA.2021.12.31.022