Vulnerability Development mailing list archives
RE: Covert Channels
From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Wed, 23 Oct 2002 14:54:07 -0400 (EDT)
On 23 Oct 2002, Frank Knobbe wrote:
For the most part yes. But cutting through the snake oil, aren't there products that attempt to detect steganography (i.e. examining images in transit to check if they contain hidden messages)? I would consider this a covert channel as well.
Hardly the point. Detection of certain, existing and grossly imperfect
tools is possible. In the example you've mentioned, this is because the
steganography used is a fairly low-level one, susceptible to a trivial
analysis. What if, instead of least significant bits, I decide to transfer
information in the fact the picture shows an apple and a cucumber instead
of a banana and three pears? Or, more realistic example, text
steganography - what if, instead of hiding information in typos and
whitespaces, I decide to hide information in the wording, subject,
language constructions, etc? There was some impressive research done on
that subject, and it's not as difficult or ineffective as it may sound.
There is a good software that can write certain types of documents to make
them virtually indistinguishable from those authored by humans, so this
process can be automated. Ooops. While it's possible to build a model of
how least significant bits in a picture should look like, or how
whitespaces are supposed to look, it's practically impossible to do it on
higher levels of abstraction. Because of that, I think there's a wall
ahead - making just few steps further in covert channel detection would be
the end of the road, while attackers would still have lots of
possibilities to use; this is, of course, a bit pessimistic, I tend to
overestimate how smart and determined people are.
--
------------------------- bash$ :(){ :|:&};: --
Michal Zalewski * [http://lcamtuf.coredump.cx]
Did you know that clones never use mirrors?
--------------------------- 2002-10-23 14:47 --
Current thread:
- Re: Covert Channels, (continued)
- Re: Covert Channels Anton Aylward (Oct 23)
- Re: Covert Channels Roland Postle (Oct 24)
- RE: Covert Channels Omar Herrera (Oct 23)
- Re: Covert Channels Mark Grimes (Oct 17)
- RE: Covert Channels Michael Wojcik (Oct 17)
- RE: Covert Channels Jeremy Junginger (Oct 17)
- Re: Covert Channels FX (Oct 17)
- RE: Covert Channels Jeremy Junginger (Oct 18)
- RE: Covert Channels Chris Anley (Oct 22)
- RE: Covert Channels Frank Knobbe (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Richard Masoner (Oct 23)
- RE: Covert Channels Omar Herrera (Oct 23)
- Re: Covert Channels Timothy J. Miller (Oct 23)
- Re: Covert Channels David Wagner (Oct 24)
- RE: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Brooke, O'neil (EXP) (Oct 23)
- RE: Covert Channels Anton Aylward (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Jose Nazario (Oct 24)
- Re: Covert Channels David Wagner (Oct 24)
