网络地址转换环境下的隐蔽通道构建方法

doi:10.3969/j.issn.1671-1122.2019.07.007

信息网络安全 ›› 2019, Vol. 19 ›› Issue (7): 59-66.doi: 10.3969/j.issn.1671-1122.2019.07.007

网络地址转换环境下的隐蔽通道构建方法

孙宇, 嵩天()

北京理工大学计算机学院,北京 100081

收稿日期:2019-04-29 出版日期:2019-07-19 发布日期:2020-05-11
作者简介:
作者简介：孙宇（1987—）,男,黑龙江,硕士研究生,主要研究方向为网络安全;嵩天（1980—）,男,辽宁,副教授,博士,主要研究方向为网络安全、计算机体系结构。
基金资助:
国家自然科学基金[U1636119,61672102]

Covert Channel Construction Method in Network Address Translation Environment

Yu SUN, Tian SONG()

School of Computer Science and Technology, Beijing Institute of Technology, Beijing 100081, China

Received:2019-04-29 Online:2019-07-19 Published:2020-05-11

摘要/Abstract

摘要：

隐蔽通道是一种利用公开通道传输秘密信息的通信技术,也是安全通信的重要组成部分。文章提出一种能够穿透网络地址转换环境（NAT）的隐蔽通道构建方法,该方法利用NAT对于地址和端口映射的关系,对数据包源端口号进行控制,采用编码技术对待通信数据进行编码,进而构建隐蔽通道。文章构建了NAT真实实验环境,测试该通道在不同参数条件、不同应用场景下的数据传输速率、丢包率,并对其安全性进行分析。选择合适的通道参数,在公网环境下该隐蔽通道数据传输速率可达24.7 KB/s;在局域网环境下可达101.1 KB/s。

关键词: 网络地址转换, 隐蔽通道, One-Hot编码

Abstract:

Covert channel is a kind of communication technology that uses open channel to transmit secret information, and it is also an important part of security communication. This paper proposes a covert channel construction method that can penetrate the network address translation environment(NAT). This method uses NAT’s relationship between address and port mapping, controls the source port number of data packets, coding communication data by using coding technology. Then build a covert channel. In this paper, the real experimental environment of NAT is constructed, the data transmission rate and packet loss rate of the channel are measured under different parameter conditions and different application scenarios, and its security is analyzed. Select the appropriate channel parameters, in the public network scenario, the covert channel data transmission rate can reach 24.7 KB/s; up to 101.1 KB/s in the LAN scenario.

Key words: NAT, covert channel, One-Hot coding

中图分类号:

TP309

孙宇, 嵩天. 网络地址转换环境下的隐蔽通道构建方法[J]. 信息网络安全, 2019, 19(7): 59-66.

Yu SUN, Tian SONG. Covert Channel Construction Method in Network Address Translation Environment[J]. Netinfo Security, 2019, 19(7): 59-66.

图/表 9

图1

图2

图3

表1

图4

图5

表2

图6

图7

参考文献 18

[1]	FRANCIS P.IP Network Address Translator(NAT) [EB/OL]., 1994-2-22.
[2]	SRISURESH P, HOLDREGE M.IP Network Address Translator(NAT) Terminology and Considerations[M]. Fremont: RFC Editor, 1999.
[3]	LAMPSON B W.A Note on the Confinement Problem[J]. Communications of the ACM, 1973, 16(10): 613-615.
[4]	GIRLING C G.Covert Channels in LAN’s[J]. IEEE Transactions on Software Engineering, 1987, SE-13(2): 292-296.
[5]	HANDEL T G, SANDFORD M T.Hiding Data in the OSI Network Model[C]//ACM. 1st International Workshop on Information Hiding, May 30-June 1, 1996, London. New York: ACM, 1996: 23-38.
[6]	ROWLAND C H.Covert Channels in the TCP/IP Protocol Suite[J]. Peer Reviewed Journal on the Internet, 1997, 2(5): 1-5.
[7]	LOU Jiapeng, ZHANG Meng, FU Peng, et al.Design of a Network Covert Transmission Scheme Based on TCP Protocol[J]. Netinfo Security, 2016, 16(1): 34-39.
	娄嘉鹏,张萌,付鹏,等. 一种基于TCP协议的网络隐蔽传输方案设计[J]. 信息网络安全,2016,16(1):34-39.
[8]	ZHANG Ran, YIN Yifeng, HUANG Xinpeng, et al.Research and Implementation of Network Covert Channels[J]. Netinfo Security, 2013, 13(7): 44-46.
	张然,尹毅峰,黄新彭,等. 网络隐蔽通道的研究与实现[J]. 信息网络安全,2013,13(7):44-46.
[9]	AMERI A, JOHNSON D.Covert Channel over Network Time Protocol[EB/OL]. , 2019-1-11.
[10]	SEBASTIAN Z, ARMITAGE G, BRANCH P.Covert Channels in Multiplayer First Person Shooter Online Games[C]//IEEE. 33rd IEEE Conference on Local Computer Networks, October 14-17, 2008, Montreal, Que, Canada. New Jersey: IEEE, 2008: 215-222.
[11]	LIPNER S B.A Comment on the Confinement Problem[J]. ACM SIGOPS Operating Systems Review, 1975, 9(5): 192-196.
[12]	ZANDER S, ARMITAGE G, BRANCH P.An Empirical Evaluation of IP Time to Live Covert Channels[C]//IEEE. 15th IEEE International Conference on Networks, November 19-21, 2007, Adelaide, SA, Australia. New Jersey: IEEE, 2007: 42-47.
[13]	CABUK S, BRODLEY C, SHIELDS C.IP Covert Timing Channels Design and Detection[C]//ACM. 11th ACM Conference on Computer and Communications Security, October 25-29, 2004, Washington DC, USA. New York: ACM, 2004: 178-187.
[14]	BERK V, GIANI A, CYBENKO G,et al.Detection of Covertchannel Encoding in Network Packet Delays[EB/OL]. , 2019-1-12.
[15]	KEMMERER R A.Shared Resource Matrix Methodology: An Approach to Identifying Storage and Timing Channels[J]. ACM Transactions on Computer Systems, 1983, 1(3): 256-277.
[16]	LI Wei, SONG Tian.Concealed Channel Construction Method for NAT Environment[J]. Computer Engineering and Applications, 2018, 54(17): 108-114.
	李卫,嵩天. 适用于NAT环境的隐蔽通道构建方法[J]. 计算机工程与应用,2018,54(17):108-114.
[17]	ZHANG Jiuwen, LIU Li, MA Yide.Research on Optimal State Coding[J]. Journal of Gansu Science, 2002, 14(4): 45-48.
	张久文,刘莉,马义德. 最优状态编码研究[J]. 甘肃科学学报,2002,14(4):45-48.
[18]	XIE Weihua.Design and Implementation of Embedded Video Surveillance System Server[D]. Chengdu: Southwest Jiaotong University, 2009.
	谢韦华. 嵌入式视频监控系统服务器的设计与实现[D]. 成都:西南交通大学,2009.

P	35754	64701	50987	64743	56498	28113	14400	11231
X	52219	52220	52221	52222	52223	52224	52225	52226
m	0	1	2	3	4	5	6	7
P	52549	59105	3674	18234	42559	30688	35966	19762
X	52227	52228	52229	52230	52231	52232	52233	52234
m	8	9	10	11	12	13	14	15

P	6650	2431	63034	15820	11823	20720	29262	15434
X	55842	55843	55844	55845	55846	55847	55848	55849
m	0	1	2	3	4	5	6	7
P	33403	30117	24501	54928	55016	39969	12641	52969
X	55850	55851	55852	55853	55854	55855	55856	55857
m	8	9	10	11	12	13	14	15

网络地址转换环境下的隐蔽通道构建方法

Covert Channel Construction Method in Network Address Translation Environment

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 18

相关文章 2

编辑推荐

Metrics

本文评价

[1]	章航, 郑荣锋, 彭华, 刘嘉勇. 基于请求域名的DNS隐蔽通道检测方法研究[J]. 信息网络安全, 2019, 19(8): 76-82.
[2]	张??尹毅峰;黄新彭;甘勇. 网络隐蔽通道的研究与实现[J]. , 2013, 13(7): 0-0.