GENERATION OF SOPHISTICATED CHANNEL FOR SECRET FILE TRANSFER

Amravathi.M, Diana.C, Shalini Kumar and Sheela.R

Email ID:dianachandrasekar@gmail.com
Telephone no:9944622257
Sona college of technology
Affiliated to Anna University
Salem.

Abstract:

Covert channel aims to hide the very existence of network communication between hosts.
Encryption only protects communication from being decoded by unauthorized parties,
whereas covert channels are used for secret transfer of information. This paper discusses
a novel covert file transfer protocol (CFTP) based on the IP record route option. The
CFTP protocol is used to secretly transfer text files and short messages between hosts.
Firewalls that limit the outgoing traffic to a few allowed application protocols (e.g. FTP)
can be circumvented by the CFTP protocol by making use of the ICMP header. The
proposed work is mainly intended for defense, business organizations and in every sector
where secrecy is the main concern. The hidden information exchanged by the CFTP
server and client cannot be identified by the hackers because the proposed IP packet will
be identical to the standard IP packet. To demonstrate the practical efficiency of the
proposed covert protocol, a user friendly tool based on the client/server technology is
recommended. Compared with related research, the contribution of our work is to
introduce a new generation of covert channels. It provides more sophisticated
communication channel that can be used for hiding information. This paper also makes
use of public key encryption – RSA algorithm to reinforce security features.
Introduction: sufficient to detect the onset of activity,

Covert channels are regarded as one of the discover organizational structures or justify

main sub disciplines of data hiding. Covert further investigation. Many applications of

channel is a channel that is used for secret covert channels like unused header field,

information transfer by hiding the very modulating address field and packet length

existence of communication. Typically, they techniques, etc are of a malicious or

use communication means which are not unwanted nature, and therefore pose a

normally intended to be used for data serious threat to network security.

transfer and is neither designed nor intended Furthermore, because of increased measures

for network communication between hosts. against overt channels, such as the free

This property makes them quite elusive. transfer of memory storage devices in and
out of organizations, the use of covert
In computer networks, overt channels, such channels in computer networks will
as typical network protocols, are used as increase. Understanding existing covert
carriers for covert channels. Covert channels channel techniques is crucial to the
in computer network protocols are similar to development of countermeasures. The
techniques for hiding information in audio, detection, elimination, and capacity
visual or textual content (steganography). limitation of covert channels are challenging
While steganography requires some form of but need to be addressed to secure future
content as cover, covert channels require computer networks. In this paper, a new
some network protocols as carrier. covert channel technique that offers a covert

The utilization of covert channels for file transfer protocol (CFTP) based on the

communication and coordination is typically record route option of the IP header and

motivated by the existence of an adversarial ICMP traffic is presented.

relationship between two parties. In

addition, many organizations and groups
have an interest to keep their communication
secret. However, simply using encryption
does not prevent adversaries from detecting
communication patterns. Often, only the
evidence of communication taking place is Figure1:Embedding covert channel in Overt Channel
Existing System: application protocols (e.g. HTTP).
Therefore, most of these channels do not
Eighteen groups have been proposed to
aim for stealth but rather for maximizing the
describe existing covert channels[6].These
throughput. A variety of tools exist for
channels uses unused bits of header and
tunneling over application protocols that are
predefined header extensions for hiding the
often not blocked such as ICMP or HTTP .
secret information. Thus they are restricted
to small amounts of covert data Proposed System:

transmission. In the detection of Covert 1. The proposed covert channel is

channels, all the existing covert channels identical to normal use of the IP
exhibits non-standard or abnormal behavior protocol and consequently it will be
and so the anomalous packets can be easily harder to detect. Hence, it
filtered by the firewall. circumvents the firewall.
2. In some cases ,if the firewall does
Two groups of covert channels are related to
not allow FTP traffic between inside
the proposed paper. They are the following:
and outside hosts, then the proposed
Header extensions and padding: Many CFTP can be used to transfer text
protocols support extension of the standard files and messages using IP traffic
headers. Usually there are some pre-defined that is usually allowed by the
header extensions that allow transporting firewall.
non-mandatory information on demand, but
To protect against eavesdropping, the CFTP
many protocols also allow header extensions
protocol generates ICMP packets with
to carry data not foreseen in the original
random types such as echo and timestamp
specification, extending the capabilities of
ICMP messages
the protocol.
1. Even with the sniffer, the hidden
Payload tunneling: Payload tunnels are
information exchanged by the CFTP
covert channels that tunnel one protocol
server and client cannot be
(usually the IP protocol) in the payload of
identified.
another protocol. The main purpose of these
2. Since, the sniffer’s users assume that
channels is circumventing firewalls that
the hidden information in the record
limit outgoing traffic to a few allowed
 route IP options is just a list of router
IP addresses.
3. For providing confidentiality we use
public key encryption.
The IP Record Route Option:
In order to introduce the terms used by the
proposed covert channel and lay the
groundwork for what follows, we introduce
the IP record route option. The Internet
Protocol (IP) is the most commonly used
protocol in the network layer today, and is
used for all traffic moving across the
Internet. Upon receiving a TCP, UDP or
ICMP packet, the IP protocol generates a
header which includes the source and
destination IP addresses. An IP header is
added to the front of a TCP, UDP or ICMP
packet to create the resulting IP packet,
which will be used to carry the entire
contents (IP header, TCP/UDP/ICMP
header, and application-level data) across
the network.
Figure 2. The IP header
The IP Options field is not required in every
datagram; options are included primarily for
network testing or debugging. Option
processing is an integral part of the IP
protocol, and all standard implementations
must include it. The IP Options field is not
required in every datagram; options are
included primarily for network testing or
debugging. Option processing is an integral
part of the IP protocol, and all standard
implementations must include it.
Figure 3.The structure of the IP Options field
The length of the IP Options field varies
depending on which options are selected.
Some options are one byte long; they consist
of a single option code byte. Other options,
such as the Timestamps record and the Strict
source routing, have variable lengths. Each
option consists of a single octet option code,
which may be followed by a single octet
length and a set of data octets. The option
code byte is divided into three fields.
 Figure 5 shows the format of the record
route option. As described above, the Code
Figure 4.The field code of the IP header option field contains the option number and option
class (e.g. 7 for record route option). The
The fields consist of a 1-bit copy flag, a 2-
Length field specifies the total length of the
bits option class, and a 5-bits option
option as it appears in the IP datagram,
number. The copy flag controls the way
including the first three octets. The Pointer
gateways treat options during fragmentation.
field specifies the offset within the option of
When the copy bit is set to 1, it specifies that
the next available slot. The remaining area
the option should be copied into all
in the Options field is reserved for recording
fragments. When it is set to 0, it means that
IP address entries.
the option should only be copied into the
first fragment and not into all fragments.
The option class and option number bits
specify the general class of the option, and
the specific option in that class, respectively.
Table 1 shows how classes are assigned.

Whenever a host handles a datagram that

has the record route option set, the host adds
its IP address to the record route list (enough
There are eight possible options that can
space must be allocated in the option by the
accompany an IP datagram. Table 2 lists the
original source to hold all entries that will be
most used options and gives their option
needed). To add itself to the list, a host first
class and option number values. As the list
compares the pointer and length fields. If the
shows, most options are used for control
pointer is greater than the length, then the
purposes. The record route option allows the
list is full and the host forwards the
source to create an empty list of IP addresses
datagram without inserting its IP address. If
and arrange for each gateway that handles
the list is not full, the host inserts its 4-octet
the datagram to add its IP address to the list.
IP address at the position specified by
Pointer, and increments the value in the
Pointer by four.
THE IP RECORD ROUTE OPTION
BASED COVERT CHANNEL
The principle of the covert channel:
When the IP header option designates a
record route, the fields Code and Pointer
should be set to the values 7 and 4,
respectively. The maximum value in the
Length field is 40 bytes. These fields and
their corresponding values are listed in
Table 3.
In its way to the destination, each router
writes its IP address in the 4-byte-field
pointed by the value in the Pointer field.
Figure 5 shows the fields in the record route
option.
Figure 5. The format of the record route option in an
IP datagram
Then, the value of the Pointer field in the IP
header option is increased by 4.
Consequently, the next router would write
its IP address in the next 4-byte-field.
However, if the value of the Pointer field
becomes greater than the value of the
Length field, then no more routers can write
their IP addresses.
Figure 6. A normal IP record route option
Therefore, we may establish a covert
channel if the initial value of the Pointer
field is greater than the value of the Length
field, or just greater than the length of the
hidden message. Specifically, if we set the
initial value of the Pointer field greater than
the value of the Length field, then no router
can write its IP address. In this case, we can
use all the remaining 36 bytes of the IP
header option to insert a hidden message.
This is shown in Figure 7.a. However, if we
set the initial value of the Pointer field to a
value greater than the length of the hidden
message, then a number of routers can still
write their IP addresses in the remaining
bytes of the IP header option. This is shown
in Figure
Figure 7.(A) The different values of the Pointer field
used for the covert channel
Figure 7.(B) The different values of the Pointer field
used for the covert channel
Proposed algorithm for embedding data:
Step 1:Get the secret data to be
transferred.
Step 2: Convert the secret data into
binary format.
Step 3: Encrypt the binary bits using
RSA algorithm.
Step 4: Process the encrypted data
by using the substitution algorithm.
Step 5:Perform logical operation on
the resultant data.
Encryption process:
7.b.
Embedding process:
Advantages
1. Sniffers are unable to detect the
hidden messages which are assumed
to be router IP addresses.
2. The proposed technique offers 40
bytes of covert memory which is
considerably larger than the 4 byte
size available in TCP based covert
channel.
3. The covert channel has to follow
restrictions and the rules imposed by
the TCP protocol including
synchronization, flow control and
congestion control. In contrast, the
proposed techniques can exclusively
 rely on ICMP traffic to carry hidden ICMP packet types. Compared to
messages. related work, the novelty of the
4. The good rate of privacy, memory proposed protocol is that it provides
and flexibility provided by the a new generation of sophisticated
proposed covert channel. covert channels that can be used for
5. Confidentiality is provided by hiding information.. The hidden
making use of the public key information is packaged in the form
encryption – RSA algorithm. of IP addresses. However, it is
6. Confusion technique is given by possible for one to verify the validity
making use of the substitution of these IP addresses in the
algorithm and logical operation. connection path. Therefore, a public
key encryption – RSA algorithm
along with the substitution
techniques is used. This enhances the
Conclusion: level of security and favors secret
This paper discusses a novel covert file transfer.
file transfer protocol (CFTP) based
on the IP record route option used to References:
secretly transfer text files and short 1. Steganography and Steganalysis by
messages between hosts. It was Robert Krenn .
understood that even with a Sniffer, 2. Practical Data Hiding in TCP/IP by
the hidden information exchanged by Kamran Ahren, Kundur.
the CFTP server and client cannot be 3. Covert channel over TCP/IP and
identified. Since, the Sniffer’s users Protocol Steganography by Kashif
assume that the hidden information Ali Siddiqui
in the record route IP options is just a 4. .A survey of covert channels and
list of router IP addresses. In counter measures in computer
addition, to avoid the detection of the network protocols by
packet flow between the CFTP s.zander,G.Armitage,P.Branch.
server and client, the packets 5. S. Katzenbeisser and F. Petitcolas,
exchanged do not have the same “Information Hiding Techniques for
 Steganography and Digital
Watermarking.”
6. S. Zander, G. Armitage, P. Branch.
“A Survey of Covert Channels and
Countermeasures in Computer
Network Protocols.”