适用于NAT环境的隐蔽通道构建方法Covert channel applying to NAT environment
李卫;嵩天;
摘要(Abstract):
针对存在NAT(Network Address Translation,网络地址转换)情况下信息传输行为和内容的强隐蔽需求,提出了一种适用于NAT环境的隐蔽通道构建方法。该方法首先将待发送信息进行编码,核心在于利用传输层UDP数据包源端口号的序列变换实现隐蔽数据通信。该隐蔽通道能够有效适用于NAT环境,实现由内网地址向公网地址隐蔽的传递信息。在不同的NAT环境下对该方法进行了真实实验,验证了该方法在隐蔽传输方面的可行性,并对其传输速率、隐蔽性和鲁棒性进行了分析,实验结果表明该隐蔽信道在网络条件良好的情况下,能够达到2 kbit/s的传输速度。
关键词(KeyWords): 隐蔽通道;网络地址转换;源端口号;序列编码
基金项目(Foundation): 国家自然科学基金(No.U1636119,No.61672101)
作者(Author): 李卫;嵩天;
Email:
DOI:
参考文献(References):
- [1]Qiu L,Zhang Y,Wang F,et al.Trusted computer system evaluation criteria[J].Classified Information,1985.
- [2]王永吉,吴敬征,曾海涛,等.隐蔽信道研究[J].软件学报,2010,21(9):2262-2288.
- [3]Trabelsi Z,Frikha L,Rabie T.A novel covert channel based on the IP header record route option[J].International Journal of Advanced Media&Communication,2007,1(4):328-350.
- [4]Murdoch S J,Lewis S.Embedding covert channels into TCP/IP[C]//International Workshop on Information Hiding,Barcelona,Spain,2005:247-261.
- [5]张令通,罗森林.基于TCP协议首部的网络隐蔽通道技术研究[J].计算机工程与科学,2014,36(6):1072-1076.
- [6]Zander S,Armitage G,Branch P.An empirical evaluation of IP time to live covert channels[C]//IEEE International Conference on Networks,2007:42-47.
- [7]Elatawy A,Duan Q,Alshaer E S.A novel class of robust covert channels using out-of-order packets[J].IEEE Transactions on Dependable&Secure Computing,2017,14(2):116-129.
- [8]Berk V,Giani A,Cybenko G.Detection of covert channel encoding in network packet delays[J].Rapport Technique Tr,2005.
- [9]张凡,廖文军,杨驰颖.基于网络协议对等元素编码的隐通道技术研究[J].计算机技术与发展,2015,25(12):118-122.
- [10]姚诚,唐彰国,李焕洲,等.基于FTP目录编码的隐蔽信道[J].计算机工程与设计,2016(11):2944-2948.
- [11]Cabuk S,Brodley C E,Shields C.IP covert channel detection[J].ACM Transactions on Information&System Security,2009,12(4):1-29.
- [12]Francis P.The IP Network Address Translator(NAT)[R].1994.
- [13]Lampson B W.A note on the confinement problem[J].Communications of the ACM,1973,16(10):613-615.
- [14]Kemmerer R A.Shared resource matrix methodology:an approach to identifying storage and timing channels[J].ACM Transactions on Computer Systems,1983,1(3):256-277.
- [15]Girling C G.Covert channels in LAN’s[J].IEEE Transactions on Software Engineering,1987,SE-13(2):292-296.
- [16]Gimbi J,Johnson D,Lutz P,et al.A covert channel over transport layer source ports[C]//International Conference on Security and Management,2012.
- [17]Postel J.Rfc 768:user datagram protocol[R].1980.
- [18]Cisco IOS network address translation overview[EB/OL].https://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html.
- [19]Simmons G J.The prisoners’problem and the subliminal channel[C]//Proceedings of CRYPTO’83,Santa Barbara,California,USA,1983:51-67.