An asynchronous covert channel using spam

Current Internet e-mail facilities are built onto the foundation of standard rules and protocols, which usually allow a considerable amount of ''freedom'' to their designers. Each of these standards has been defined based on a number of vendor specific implementations, in order to provide common inter-working procedures for cross-vendor communication. Thus, a lot of optional and redundant information is being exchanged during e-mail sessions, which is available to implement versatile covert channel mechanisms. This work exploits this possibility by presenting a simple but effective steganographic scheme that can be used to deploy robust secret communication through spam e-mails. This scheme can offer unidirectional asynchronous one-to-one or one-to-many covert channel facilities that are able to bypass the most sophisticated firewalls and traffic analyzers. Its implementation neither affects the involved transport protocols nor causes any perceivable performance degradation or data loss to the end-users. The proposed scheme allows one to manage possible filtering/loss of the e-mails being the vehicle of the secret information. A novel retransmission method based on the Raptor codes has been adopted. The use of Raptor codes is key to correctly and efficiently manage the difficulty or impossibility to retransmit e-mails in the case of a unidirectional secret communication starting from one sender and directed to many recipients. In order to evaluate the performance characteristics of the proposed scheme, an empirical estimation of the covert channel bandwidth has been performed.

[1]  Burton S. Kaliski,et al.  PKCS #5: Password-Based Cryptography Specification Version 2.0 , 2000, RFC.

[2]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[3]  Wen Xu,et al.  Raptor codes for reliable download delivery in wireless broadcast systems , 2006, CCNC 2006. 2006 3rd IEEE Consumer Communications and Networking Conference, 2006..

[4]  Nathaniel S. Borenstein,et al.  Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types , 1996, RFC.

[5]  Thomas Stockhammer,et al.  Raptor Forward Error Correction Scheme for Object Delivery , 2007, RFC.

[6]  Mark Handley,et al.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics , 2001, USENIX Security Symposium.

[7]  Borko Furht,et al.  Handbook of Mobile Broadcasting: DVB-H, DMB, ISDB-T, AND MEDIAFLO , 2008 .

[8]  Mihir Bellare,et al.  New Proofs for NMAC and HMAC: Security without Collision Resistance , 2015, Journal of Cryptology.

[9]  Peter W. Resnick,et al.  Internet Message Format , 2001, RFC.

[10]  Zbigniew Kwecka Application layer covert channel analysis and detection. , 2006 .

[11]  Thomas Stockhammer,et al.  Application Layer Forward Error Correction for Mobile Multimedia Broadcasting , 2008 .

[12]  Vincent Rijmen,et al.  The Block Cipher Rijndael , 1998, CARDIS.

[13]  David Watson,et al.  Protocol scrubbing: network security through transparent flow modification , 2004, IEEE/ACM Transactions on Networking.

[14]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[15]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[16]  D. H. Crocker,et al.  Standard for the format of arpa intemet text messages , 1982 .

[17]  Thomas Stockhammer,et al.  Reliable Multimedia Download Delivery in Cellular Broadcast Networks , 2007, IEEE Transactions on Broadcasting.

[18]  Amin Shokrollahi Raptor codes , 2006, TNET.

[19]  Sebastian Zander,et al.  Performance of selected noisy covert channels and their countermeasures in IP networks , 2010 .

[20]  Mike Fisk,et al.  Eliminating Steganography in Internet Traffic with Active Wardens , 2002, Information Hiding.

[21]  Robert Michael Tanner,et al.  A recursive approach to low complexity codes , 1981, IEEE Trans. Inf. Theory.

[22]  Claudio Soriente,et al.  Security and privacy issues in the Portable Document Format , 2010, J. Syst. Softw..

[23]  Theodore G. Handel,et al.  Hiding Data in the OSI Network Model , 1996, Information Hiding.

[24]  Claudio Soriente,et al.  Taking advantages of a disadvantage: Digital forensics and steganography using document metadata , 2007, J. Syst. Softw..

[25]  Nathaniel S. Borenstein,et al.  Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples , 1996, RFC.

[26]  Bruce Schneier,et al.  Proceedings of the The International Conference on Smart Card Research and Applications , 1998 .

[27]  Robert G. Gallager,et al.  Low-density parity-check codes , 1962, IRE Trans. Inf. Theory.

[28]  Nathaniel S. Borenstein,et al.  Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies , 1996, RFC.

[29]  Alfredo De Santis,et al.  E-mail-Based Covert Channels for Asynchronous Message Steganography , 2011, 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.