基于HTTP协议组合的隐蔽信道构建方法研究

doi:10.3969/j.issn.1671-1122.2020.06.007

信息网络安全 ›› 2020, Vol. 20 ›› Issue (6): 57-64.doi: 10.3969/j.issn.1671-1122.2020.06.007

基于HTTP协议组合的隐蔽信道构建方法研究

陈骋¹, 罗森林¹, 吴倩²(), 杨鹏²

1.北京理工大学信息系统及安全对抗实验中心,北京 100081
2.国家计算机网络与信息安全管理中心,北京 100094

收稿日期:2019-07-01 出版日期:2020-06-10 发布日期:2020-10-21
通讯作者: 吴倩 E-mail:wuqian@cert.org.cn
作者简介:陈骋（1994—）,男,浙江,硕士研究生,主要研究方向为信息安全|罗森林（1968—）,男,河北,教授,博士,主要研究方向为信息安全、数据挖掘、文本安全|吴倩（1987—）,女,山东,博士,主要研究方向为信息安全|杨鹏（1982—）,男,内蒙古,高级工程师,博士,主要研究方向为信息安全、人工智能
基金资助:
国家242信息安全计划(2017A149)

Research on Covert Channel Construction Method Based on HTTP Protocol Combination

CHEN Cheng¹, LUO Senlin¹, WU Qian²(), YANG Peng²

1. Information System & Security and Countermeasures Experiments Center, Beijing Institute of Technology, Beijing 100081, China
2. National Computer Network Emergency Response Technical Team Coordination Center of China, Beijing 100094, China

Received:2019-07-01 Online:2020-06-10 Published:2020-10-21
Contact: WU Qian E-mail:wuqian@cert.org.cn

摘要/Abstract

摘要：

针对现有的存储型隐蔽信道隐蔽性较低,时间型隐蔽信道误码率高且传输速率较低的问题,文章提出一种基于HTTP协议组合的隐蔽信道构建方法。该方法通过模拟浏览器应用发送HTTP请求,将HTTP请求动态分配在不同浏览器上,利用数学组合的方式嵌入隐蔽信息,且对访问对象、数据包时间间隔和数据包长度进行动态调整,提高了信道的隐蔽性。同时,信道基于TCP协议内部的可靠传输使其不受网络抖动的影响,从而保证信道的可靠性。实验结果表明,该方法能够抵御基于应用签名的检测法、协议指纹检测法及组合模型检测法,具有较强的隐蔽性;能够根据应用场景调整隐蔽性强度与信道容量的平衡。

关键词: 隐蔽信道, 数学组合编码, HTTP协议

Abstract:

Aiming at the problem that the existing covert storage channel has a low concealment, and the covert timing channel has a high bit error rate and a low transmission rate, a covert channel construction method combining HTTP protocol behaviors is proposed. In the method, HTTP requests are sent by simulating a browser application and allocated dynamically among different browsers, the concealed information is embedded by means of mathematical combination. The access object, the packet time interval and the packet length are also dynamically adjusted to improve the concealment of channel. At the same time, the channel is based on the reliable transmission of TCP protocol, so that it is not affected by the network jitter, thus ensuring the reliability of the channel. The experimental results show that the proposed method can resist the application signature based detection method, protocol fingerprint detection method and combined model detection method, and has strong concealment. It can adjust the concealment and channel capacity according to the application scenario.

Key words: covert channel, mathematical combination coding, HTTP protocol

中图分类号:

TP309

陈骋, 罗森林, 吴倩, 杨鹏. 基于HTTP协议组合的隐蔽信道构建方法研究[J]. 信息网络安全, 2020, 20(6): 57-64.

CHEN Cheng, LUO Senlin, WU Qian, YANG Peng. Research on Covert Channel Construction Method Based on HTTP Protocol Combination[J]. Netinfo Security, 2020, 20(6): 57-64.

图/表 10

图1

表1

图2

图3

图4

表2

表3

表4

表5

表6

参考文献 14

[1]	COPPERSMITH D. The Data Encryption Standard(DES) and Its Strength Against Attacks[J]. IBM Journal of Research and Development, 1994,38(3):243-250.
[2]	WANG Yongji, WU Jingzheng, ZENG Haitao, et al. Covert Channel Research[J]. Journal of Software, 2010,21(9):2262-2288.
	王永吉, 吴敬征, 曾海涛, 等. 隐蔽信道研究[J]. 软件学报, 2010,21(9):2262-2288.
[3]	GIRLING C G. Covert Channels in LAN’s[J]. IEEE Transactions on Software Engineering, 1987,13(2):292-296.
[4]	LOW S H, MAXEMCHUK N F, BRASSIL J T, et al. Document Marking and Identification Using Both Line and Word Shifting [C]//IEEE. 4th Annual Joint Conference of the IEEE Computer and Communication Societies, April 2-6, Boston, MA, USA. New Jersey: IEEE, 1995: 853-860.
[5]	BROWN E, YUAN B, JOHNSON D, et al. Covert Channels in the HTTP Network Protocol: Channel Characterization and Detecting Man-in-the-Middle Attacks[J]. Journal of Information Warfare, 2010,9(3):26-38.
[6]	LUO Xiapu, CHAN E W W, ZHOU Peng, et al. Robust Network Covert Communications Based on TCP and Enumerative Combinatorics[J]. IEEE Transactions on Dependable and Secure Computing, 2012,9(6):890-902.
[7]	WANG Fei, HUANG Liusheng, MIAO Haibo, et al. A Novel Distributed Covert Channel in HTTP[J]. Security & Communication Networks, 2014,7(6):1031-1041.
[8]	CABUK S, BRODLEY C E, SHIELDS C. IP Covert Timing Channels: Design and Detection [C]//ACM. 11th ACM Conference on Computer and Communications Security, October 18-20, 2004, Washington DC, USA. New York: ACM, 2004: 178-187.
[9]	SHAH G, MOLINA A, BLAZE M. Keyboards and Covert Channels[EB/OL]. https://www.mendeley.com/catalogue/89442cba-faaa-3d0a-a936-2a0b989a8bb1, 2019 -5-11.
[10]	QIAN Yuwen, ZHAO Bangxin, KONG Jianshou, et al. Robust Covert Timing Channel Based on Web[J]. Journal of Computer Research and Development, 2011,48(3):423-431.
	钱玉文, 赵邦信, 孔建寿, 等. 一种基于Web的可靠网络隐蔽时间信道的研究[J]. 计算机研究与发展, 2011,48(3):423-431.
[11]	KWECKA Z. Application Layer Covert Channel Analysis and Detection[D]. Edinburgh: Napier University, 2006.
[12]	DUSI M, CROTTI M, GRINGOLI F, et al. Tunnel Hunter: Detecting Application-layer Tunnels with Statistical Fingerprinting[J]. Computer Networks, 2009,53(1):81-97.
[13]	GUO Chuanchuan. Research and Implementation on the System of Storage Network Covert Channels Detection[D]. Chengdu: University of Electronic Science and Technology of China, 2016.
	郭川川. 存储式网络隐蔽信道检测研究与实现[D]. 成都:电子科技大学, 2016.
[14]	LIU Yayi, GHOSAL D, ARMKNECHT F, et al. Robust and Undetectable Steganographic Timing Channels for i.i.d. Traffic [C]//ACM. 12th International Conference on Information Hiding, June 28-30, 2010, Calgary, AB, Canada. New York: ACM, 2010: 193-207.

U_i	B₁	B₂	B₃	B₄
0000	5	0	0	0
0001	4	1	0	0
0010	4	0	1	0
0011	4	0	0	1
0100	3	2	0	0
0101	3	0	2	0
0110	3	0	0	2
0111	2	1	1	0
1000	2	1	0	1
1001	2	0	1	1
1010	2	3	0	0
1011	2	0	3	0
1100	2	0	0	3
1101	2	2	1	0
1110	2	1	0	2
1111	2	1	2	0

文件类型	丢包率
	5%	10%	15%
txt	0%	0%	0%
Word	0%	0%	0%

λ	N
λ	4	8	16
10	69.3 bit/s	134.2 bit/s	188.3 bit/s
20	36.4 bit/s	69.6 bit/s	101.4 bit/s
30	27.7 bit/s	50.9 bit/s	73.2 bit/s
40	22.1 bit/s	38.7 bit/s	55.3 bit/s

方法	应用签名检测	协议指纹技术	组合模型检测
本文方法	0%	3%	2%
文献[7]	0%	4%	4%
文献[11]	100%	63%	100%

方法	丢包率
方法	5%	10%	15%
本文方法	0%	0%	0%
文献[7]	4%	7%	12%
文献[11]	0%	0%	0%

基于HTTP协议组合的隐蔽信道构建方法研究

Research on Covert Channel Construction Method Based on HTTP Protocol Combination

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 14

相关文章 1

编辑推荐

Metrics

本文评价