DOI : 10.5121/ijnsa.2015.7304 39
Anjan K
1, Srinath N K
1and Jibi Abraham
21
Department of Computer Science and Engineering, R V College of Engineering, Bengaluru,India 2
Department of Computer Engineering and Information Technology, College of Engineering, Pune, India
A
BSTRACTCovert channels is a vital setup in the analysing the strength of security in a network. Covert Channel is illegitimate channelling over the secured channel and establishes a malicious conversation. The trap-door set in such channels proliferates making covert channel sophisticated to detect their presence in network firewall. This is due to the intricate covert scheme that enables to build robust covert channel over the network. From an attacker's perspective this will ameliorate by placing multiple such trapdoors in different protocols in the rudimentary protocol stack. This leads to a unique scenario of “Hybrid Covert Channel", where different covert channel trapdoors exist at the same instance of time in same layer of protocol stack. For detection agents to detect such event is complicated due to lack of knowledge over the different covert schemes. To improve the knowledge of the detection engine to detect the hybrid covert channel scenario it is required to explore all possible clandestine mediums used in the formation of such channels. This can be explored by different schemes available and their entropy impact on hybrid covert channel. The environment can be composed of resources and subject under at-tack and subject which have initiated the attack (attacker). The paper sets itself an objective to understand the different covert schemes and the attack scenario (modelling) and possibilities of covert mediums along with metric for detection.
.
K
EYWORDSCovert Channel, Subliminal Channel, Network Forensics, Kleptography, Trapdoors, Covert Schemes
1.I
NTRODUCTIONGlobal internet consists of massive devices connected to it with numerous applications running on it. There is frequent inherent threat of intentional exposure of the confidential and sensitive information over secured channel. Such threats are implemented using "Covert Channel" which compromises very important attribute "Privacy"of secured channel. Covert channel is defined in different ways based on scenarios of establishment of covert channel and is non-concrete.
International Journal of Netw This clearly states the policy communication channel was env simple covert channel can be vis channel in the communication.
Covertchannelinformationexchan implementation of such langua proliferated into multiple protoc complex to detect such clan-desti mechanism for ameliorated devel have such multiple trapdoors eith
Multiple trapdoors can be implem the different covert channel var coherent covert channel. Such ch Channel [3] is homogeneous com instance of time. Hybrid covert c to assess the composition of the H is depicted in [3] and figure 2.
Fig.2. The covert channel was first int [11]. Extensive work is carried ou forensics [6] based. Scenario bas to understand the detection bette basis for detection. Modelling the
twork Security & Its Applications (IJNSA) Vol.7, No.3, Ma icy violation constraint, but does not consider
nvisaged as a communication channel by the system visualizedin [3] where channel comprises of both cov
Fig.1. Covert Channel Visualization
angeisbasedcovertlanguagespre-negotiated by the cov uages uses intricate encoding schemes. These sche ocols, where each such protocol will be a trapdoor. T
estine mediums. SETUP attack [18] makes uses of m velopment of covert channel. A hybrid covert channel
ither in the same layer on in different layers.
lemented in the same layer or in different layers.Imple ariants at the same instance of time tends to behav channel is termed as “Hybrid Covert Channel". A H omposition of two or more covert channel variants exi t channel may not have strict composition. It becomes Hybrid Covert Channel. An instance of the hybrid co
2. Hybrid Covert Channel in Transport Layer
introduced in the traditional confinement problem as out in devising the detection methods which can be on
ased analysis of the covert channel detections [3][7] tter. Monitoring the unusual traffic [14] in the networ the covert timing channel process as Poisson’s distribu
May 2015
40 r whether the em designer. A overt and overt
overt users and hemes may be . This makes it multi-trapdoor el scenario may
plementation of ave as a single Hybrid Covert xisting at same es complicated covert channel
way to detect such activity. Il Sequence Charts (MSC) [9].This to detect hybrid covert channel b
2.C
OVERTC
OMMUNICATIn Network communication, cove (a) covert data exchange and (b) covert indication
In covert data exchange, covert d in rudimentary protocols. This pipeline problem, where there ex inside the other such that d2< d1
transportation of crude oil. In F known or undocumented in the legitimate pipe. This type of the schemes will be simple placeme clandestine field in the traditio network covert channel.
Second form of covert commun language not known to others. I encoding scheme to leak informa 1 is the language that covert u environment. This sophisticated decoding the language might be q
The best real time classical exam leaks the answers to Student Y f presence of invigilating officer. triggers an event to student Y. F coughs. Same schema holds goo continuous clock events that com Y.Some of the other forms of cov
Illegitimate information flows can be tracked throu his paper employs a statistical protocol based entropy
based on analysis made on packet headers.
TION
T
YPESvert communication amongst a pair of users can take t nd
t data is exchanged between the covert users by hidin is form of covert communication can best be und exists two pipesp1 and p2 of diameters d1 and d2 resp
1. These pipes are setup between two geographical p
Figure 3, the inner pipe p2 of diameter d2 is the co
he design and used for smuggling oil. The outer p he covert communication type will not have pre-defin
ent of covert data (trapdoor creation) directly in to t tional network protocol stack. This channel is calle
Fig.3. Classical Pipeline Problem
unication is the covert indication. Covert users comm . In Figure 4, the covert sender and receiver share an mation. This information encoding scheme as seen fro users employ to communicate in a secured legitim ted communication is visible to our detection engi
e quite difficult in many situations.
ample of such communication is Examination Problem for an objective type examination paper in an exami r. For each choice in a question, student X makes a . For instance to communicate choice A to student ood in case network communication where covert us
ommunicate some form of action to be performed b overt indication in network scenario include
41 rough Message y detection [1]
e two forms;
ing covert data nderstood with spectively, one l places for the covert pipe not pipe p1 is the
ned encoding o the identified lled as simple
municate in a an information from the figure timate network gine; however
International Journal of Netw
• Encoding ASCII charac mathematical operation o • Repeated sending of ackn
is listening to. Receiver h to this server. This valu character.
• Retrieving the packet information to the covert • Using logical operators l
3.C
OVERTC
HANNELV
ARCovert channel are categorized b communication like the shared r the communication. The covert c
• Noisy Covert Channe
both Overt and covert u • Noiseless Covert Cha
parties.
• Storage Covert Chan indirectly read or writes R/W in hard disk. • Timing Covert Chan
modulating the resource receiver.
• Simple Network Cov
rudimentary protocols
• Steganographic Chan
receiver collude to pr communication is happ
• Subliminal Channel
typically proved undete
• Supraliminal Channe
semantic content of co similar to mimic functi
twork Security & Its Applications (IJNSA) Vol.7, No.3, Ma
Fig.4. Classical Examination Problem
acter set in Sequence number. Decoding the same n on sequence number. This can either be in TCP or In cknowledge packet to an unknown server where the co r has to count the number of time the acknowledge pa alue can later on mapped to ASCII table for retrie
t sorting order numbering in IPSec frames whic ert receiver.
s like the XOR with sequence number to get the covert
RIANTS
d based on different aspects of the overall entities inv d resources, backdoor/trapdoor placement and parties t channel general classification is given below –
nel [14] is a communication channel which has rt users.
hannel [14] is the communication channel used sole
annel [14] involves the sender and the receiver eith es in to storage location. The implementation can be
nnel [14] [13] involves the sender signalling the in rces in such a way that real response time is obse
overt Channel [14] (SNCC) exists by creating a ls used in network protocol suite.
annel [3] is a means of communication where prevent an observer being able to reliably det ppening.
[15]- is a covert channel in a cryptographic etectable.
nel [12] - A supraliminal channel encodes inform cover data, generating innocent communication ctions.
May 2015
42 e by applying In IP ID fields. covert receiver packet was sent rieving suitable
hich serves as
ert data.
involved in the ies involved in
as presence of
olely by covert
ther directly or be on file-lock,
information by bserved by the
a trapdoor in
re sender and etect whether
hic algorithm,
• Hybrid Covert Chan
covert channels existin covert channel is diffi Mixed composition of channel and is of a g instance noisy covert network layer or applic
4.A
TTACKM
ODELLINGThe attack modelling [4] can be these scenarios are designed and in direct or encoded format; dir clandestine medium in the netw using encoding scheme and that i
The intricate design, choosing of way for successful undetectable mediums may be difficult and he is given below and will be used f
This important formation scenari .
4.1Scenario - 1
The attack scenarios have three e and Eve is legitimate entity/use legitimate users hence it is scen Bob and Eve is legitimate chann covert channel. Alice and Bo information and is mentioned in d
While Eve is communicating wi over the covert channel. Once w would also stop communication snatched from Bob's machine. Th strong trapdoor so as to thwart Hybrid covert channel. Such po Network Covert Channel in the I
nnel [4] is co-existence of two or more differen ting at same instance of time. The composition of ifficult to assess from third party which is tryin of covert channel variants behave as single coh greatest threat to the legitimate network enviro
rt channel in transport layer with subliminal lication layer.
e based on different scenarios and placement covert u nd built to fulfil certain objectives. Covert users can
irect communication is merely placement of covert twork protocol. Alternatively the covert user can c t is known only to the covert users.
of clandestine mediums (trapdoors) and encoding sch le establishment of covert channel. Detecting such hence detection metric called covertness index is use
for assessment in the attack scenarios.
arios of covert channels where attack can be devised is
e entities - Alice, Bob and Eve; Alice and Bob are cov user. The scenario comprises of the combination o
enario of noisy covert channel. The channel establis nnel comprising of covert channel and between Alic Bob have pre-established channel to communicate
n dotted lines in the figure 5.
with Bob over legitimate channel, Alice would extrac e when the communication between Bob and Eve is ion with Bob. Further Alice and eve can share the The covert channel implemented between Alice and B
rt the detection methods. Such trapdoors can be de possible composition can be Subliminal channel in th
IP, both at network layer.
43 ent variants of of the Hybrid ing to detect. oherent covert ironment. For al channel in
t users. Each of n communicate rt data over an n communicate
scheme paves a h strong covert sed.The metric
is given below
covert attackers of covert and lished between lice and Eve is ate the attack
International Journal of Netw
This combination will prove e The covertness index for Netw
where P (Ut) = U
The covertness index for sublimi
IPSec make use of AES-XCB implantation - Sequence Numbe random number generator algor seed.
As per [7] the trapdoors can be d formation. However this will not headers.
twork Security & Its Applications (IJNSA) Vol.7, No.3, Ma
Fig.5. Noise Covert Channel
effective in hop-to-hop routing and can avoid any twork Covert Channel in Network Layer (IPv4)-
e P(T) = Probability ofa trapdoor card Universal set of all possibletrapdoors
inal channel in IPSec - ESP format
BC-MAC cipher suite and ESP format allow tw ber field and padding. The maximum number of ro orithm is 16. Out of which 5 rounds are used for g
e detected under the assumption stated in the hybrid co ot be the same if multiple trapdoors are set in each of
May 2015
44 ny detections.
two trapdoors rounds in AES generating the
4.2 Scenario-2
This scenario is built on the thr users in sub-network are compr communication from the sub ne Channel. This sub network can b
Fig.6. Noisel The scenario can have multi-tr trapdoor can move from one pro or can be combination trapdoors particular index.
5.C
OVERTS
CHEMES ANDThe covert schemes are crucial f obscured way. More sophisticat samples of covert schemes were presented here.
Scheme 1
The IP ID is field used for ident covert scheme used for this field • Intentional use of only ce • Scheme is designed by th
field.
• The Covert receiver ap character.
For instance a simple scheme performing modulus operation o encoding a character ‘c’ is
hreat model of noiseless covert channel, where the r promised. This sub-network is connected to other n network to all the other networks is built using a H be similar to bot-net as described in [8].
eless Covert Channel with Hybrid Covert Channel trapdoor or protocol hopped hybrid covert chann rotocol to another protocol during the hop-to-hop com ors in multiple level in the protocol suite. Hence the
D THEIR EMBODIMENT
l for conveying the covert data over communication ated scheme likely not to be retrieved by detection ere discussed in section 2 of this paper and detailed
entification of the packet and is used for the routing ld is based on following strategy-
certain IP ID's while having conversation with Covert the covert sender for embedding covert characters in
applies the scheme used by the sender to retriev
e that can be used for this field is extracting the of the character set size. General notation for this
45 resources and r network. The Hybrid Covert
nnel [16]. The ommunication here can be no
on channel in a on entity. Few ed schemes are
g purpose. The
ert receiver. in to the IP ID
eve the covert
International Journal of Network Security & Its Applications (IJNSA) Vol.7, No.3, May 2015
46 Where ( ) is the encoding function, R is the IP ID value and n is the size of the character set. For an ASCII character set, n = 256
Example: If IP ID = 26702 and if the character to be sent is `M' Then ( ) = 26702 − 1 256 = `M'
To convey a covert message, the covert sender has select IP ID in such a way as to match with
( ).
Scheme 2
Another prominent scheme used is on the sequence number where maximum range is
4,294,967,296 numbers as it is 32 bit field. To communicate covertly under this scheme following strategy is employed-
• Sequence number is multiplied with value of character set and bound is declared with maximum limit.
• The receiver side retrieves the sequence number and then divides it by character set size. The encoding function ( ) is given below-
Where S is the initial sequence number and n is the size of the character set. The decoding function is ( ’) is given below –
Where ’ is the decoded character and ’ is the received sequence number.
For instance to send a character `I' covertly over the channel, the sender would have to choose 1235037038 as sequence number and the max. value is derived as 65535 * 256 = 16777216
Therefore the decoded character is ( ’) = 1235037038=16777216 = 73, The value 73 when mapped back to ASCII Table is the character `I'.
Scheme 3
Another scheme which has tremendous effect on the bandwidth is the modulation of TCP timestamps or use of timing element in the network protocol. TCP timestamps is in the options field of the TCP header which indicates the round trip time of the packets. The TCP process accurately calculates the next retransmission of TCP segment which was failed to be acknowledged. If the character is to be covertly sent using this scheme following strategy is used.
• Get the binary representation of the character and extract bits from the least significant bit.
47 TCP segment.
• Covert receiver will extract the LSB of the timestamp and store the same until it is a byte.
Let be the binary representation of the character `c' and FLSB(Bc) be the encoding function for
encoding the covert bits in TCP timestamp.
6.E
NTROPY BASED COVERT CHANNEL ANALYSISThe entropy [2] in communication network indicates the number of bits required to encode a character over the channel as stated by Shannon Entropy theory. This is based on the frequency of the characters in given string and the size of the alphabet. The entropy measure also checks for uncertainty of the random variable.
Let A be finite set of characters such that | | ≥ 1 and any character` ’ ∈ . A is sequence of symbols which is a string, each of alphabet in string ∈ A. For instance let cbbacabbac be
sequence of symbols that needs to be transmitted over network then its sequence of bits represents the coded symbol sequence which may be 101110011011100010. Then the entropy for such scenario is defined as –
where ∈ | | and | | > 1, pi is the probability of the occurrence of symbol ‘c’ in the string and n gives the length of the string. To transmit a message “network” over the communication network, following are the calculated entropy for each alphabet –
The frequency of all the characters in a string with unique symbols will be same, since the word
“network” has unique symbols the frequency is 0.143. Let X be string for which the entropy is to be calculated, here X may word like network or stream of numbers then
H(X)=[(0.143log20.143) + (0.143log20.143) + (0.143log20.143) +(0.143log20.143) + (0.1 43log20.143) + (0.143log20.143) + (0.143log20.143)]
H(X)=2:803
It requires 3 bits to represent each symbol in the given string and 21 bits are required to represent the entire string. Further the appropriate line coding technique has to be chosen to represent them in the transmission line. So in general entropy of X where each alphabet is a unique symbol is
In a covert channel scenario, the covert user has to be chosen the message in such a way that the entropy of string should always be less that number of bits available for that field in the protocol header.
International Journal of Netw The IP ID presented in the sch X the minimum of 21 bits are
The covert channel occupies 25 header or protocol header simpl channel capacity ratio will be low
This makes the detection of cove fields for analysis.
In general,
for robust covert channel constr covert channel will be greater protocols is actually setting up o entropy for such scenarios is d scheme. Also in the scenario of hybrid covert channel where the figure 7 and figure 8 shows the a
twork Security & Its Applications (IJNSA) Vol.7, No.3, Ma cheme 1 of this paper has 16 bits in the IP heade re required. Hence capacity of the covert channel i
25% of total IP header space. Multiple trapdoors (t) ply doubles the covert channel capacity. However th ow thus making it robust ie.,
vert bits much difficult as the detection systems needs
struction where [7]the covertness index for such m r than 0.5. The multiple trapdoors through a proto p of multiple covert channels in the communication n
dispersed across multiple making it difficult to un of multi-trapdoors covert channel behaves like a sin e effect of the entropy is doubled. The below results accurate expected behaviour discussed in this paper
-Fig.7. IP Entropy analysis
Fig.8. TCP Entropy Analysis
May 2015
48 der, so to send
l is
t) [5] [4] in IP the entropy to
ds to scan more
multi-trapdoor tocol or set of n network. The understand the single coherent ts shown in the
49 The results indicate the multiple trapdoors used in hybrid covert channel yields to a higher entropy value and low channel to entropy ratio (C/E). The constant C/E ratio also indicates the consistent usage of protocol header for constructing multi-trapdoor based hybrid covert channel. This implies that the covert schemes used in Hybrid covert channel is difficult detect in secured communication.
7.R
ESULTS ANDD
ISCUSSIONSThe number of trapdoors implemented in a protocol cannot be all the fields vulnerable in that protocol. i.e.,
where Tm is the max number of trapdoors possible in that protocol Ts is the no. of Trapdoors set.
The analysis of the trapdoor setting is performed on protocols like IPv4, TCP and IPSec, SSL/TLS. The trapdoor setting in the rudimentary network protocols like the IPv4 and TCP is merely based on placing the covert data in any of its header fields. The table 1 shows effect of varying the number of trapdoors in IPv4 protocol.
Table1.Multi-TrapdoorAnalysisofIPv4 Sl.No
.
TrapdoorName No.ofTrap doors
No. o fTrapdoor
Algorith m
Covertness Index
EntropyC/E
1 NetworkCovert Channel-IPv4-Single
4 1 NIL 0.25 2.803 0.089
2 NetworkCovert Channel-IPv4-dual
4 2 NIL 0.5 5.606 0.17
3 NetworkCovert Channel-IPv4-triple
4 3 NIL 0.75 11.21 0.358
International Journal of Netw
Fig.9
Table 2.
Multi-The graph of Trapdoors Vs the C number of the trapdoors in IPSe based protocol is simple and prov the changing trapdoor that has trapdoors are involved it is diffic shows change in the trapdoor cou covertness index can be minima based on the algorithm used in i However to increase the comple bits is feasible in chosen prime n index for such channels is discus
Fig.10. Entropy V Sl.No.TrapdoorName
1 SubliminalChan nel-IPSecESP-1 2 SubliminalChan
nel-IPSecESP-2 3 SubliminalChan
nel-IPSecESP-3
twork Security & Its Applications (IJNSA) Vol.7, No.3, Ma
g.9. Entropy Vs Covertness Index in IPv4
-Trapdoor Analysis of Subliminal Channel in IPSec
e Covertness Index is show in the figure 10 where in Sec ESP makes covertness index constant. The trapd rovides seven fields for placing the covert data. The ta s an effect on the covertness index. When more nu ficult to detect the composition of the covert channel. T ount that has an effect in the detection. However the c
al. The trapdoor setting in the subliminal channel in n its cipher suite. This is purely called as random or plexity of the subliminal to thwart detection the rand e number. This forms Newton Subliminal Channel. Th ussed in the table 4
Vs Covertness Index in IPSec based subliminal channel No.ofTrapd
oors No.
of Trapdoorsu
Algorithm CovertnessI ndex
Entropy C
n 2 1
AES- XCBC-MAC
0.15 2.803 0.
n - -
AES- XCBC-MAC
0.47 4.78 0.
n - -
AES- XCBC-MAC
0.47 5.21 0.
May 2015
50 increase in the pdoors in TCP table 3 depicts number of the l. The figure 11 changes in the in SSL/TLS is oracle channel. ndomization of The covertness
C/E
.14
.35
Table 3. Multi-T Sl.No.TrapdoorName
1 NetworkCovertC
hannel-TCP-1
2 NetworkCovertC
hannel-TCP-2
3 NetworkCovertC
hannel-TCP-3 The graph of covertness index V 12. The higher entropy value fo [10] is able to detect the activi Hybrid Covert channel is not fea and IPv4 as this become easily de
Fig.11. Entrop Table4.Multi-Sl.No.TrapdoorName
1 SubliminalC hannel(Oracl
e)-SSL/TLS-1 2. SubliminalC
hannel(Oracl
e)-SSL/TLS-2 3 SubliminalC
hannel(Oracl
e)-SSL/TLS-3
Trapdoor Analysis of Network covert channel in TCP No.ofTrapd
oors No.
of Trapdoorsu sed
Algorithm CovertnessI ndex
Entropy C
C 1
7 1 NIL 0.142 2.803 0.
C 2
7 2 NIL 0.28 5.606 0.
C 3
7 3 NIL 0.42 11.21 0.
Vs the trapdoor in the subliminal channel is shown for the some of the formation indicates that the dete ivity and this give clear indication of the higher de
easible for the combinations of the Network covert ch detectable combination.
opy Vs Covertness Index in Covert Channel based on TCP -TrapdoorAnalysisofSubliminalChannelinSSL/TLS
No.ofTrapd oors
No. of Trapdoorsu
Algorithm CovertnessI ndex
Entropy C
- -
SSLCi-pherSuite
0.25 2.803 0.
- -
SSLCi-pherSuite
0.58 3.67 0.
- -
SSLCi-pherSuite
0.58 3.67 0.
51 C/E
.14 .28 .14
n in the figure etection engine detection rates. channel in TCP
C/E
.14
.35
International Journal of Netw
Fig.12. Covertne
8.C
ONCLUSIONCovert schemes are difficult to taken in protocol header. This pr be malware code. Entropy based covert symbol in a protocol. Thi in a better way. It is unacceptable of administrator. It is inference t entropy which makes it difficul principle to detect such events.
A
CKNOWLEDGEMENTAnjanKoundinya thanks Late Computer Science and Enginee igniting the passion for research.
R
EFERENCES[1] Description of Detec net/projects/papers/html/cctde. [2] Description of the Entropy calc
[Online; accessed 16-Feb-2015 [3] KoundinyaAnjan and Jibi Ab channel. In Third Internation Chennai, India, 2010. Springer [4] Jibi Abraham, Anjan K, Srin channel in secured communica 2014.
[5] Bo Yuan Chaim Sanders, Jac Network Covert Channels. 201 [6] RajarathnamChandramouli an internet: Issues, approaches, an
twork Security & Its Applications (IJNSA) Vol.7, No.3, Ma
ness Index for Subliminal Channel based on SSL/TLS
to understand from third party entity as they obscure provides an opportunity for embedding any data whi sed analysis gives the actual number of bits used to his gives clearly metric to understand the covert chan ble to have malicious conversation of the network eve e this experiment that the hybrid covert channel has h ult to detect. It is required to concentrate on stron
e Dr. V.K Ananthashayana, Erstwhile Head, De neering, M.S.Ramaiah Institute of Tech-nology, Ba
h.
ection Approaches at the URL. http e.html, 2014. [Online; accessed 15-Feb-2015].
alculation at the URL. http://www. shannonentrop 15].
Abraham. Behaviour analysis of transport layer based onal Conference on Net-work Security and Application,
er-Verlag LNCS series.
inath N K. Attack modelling and behavioral analysis of ication. ACEEE In-ternational Journal of Network Security Jacob Valletta.Employing Entropy in the Detection and
012.
and Koduvayur P. Subbalakshmi. Covert chan-nel for and experiences. 5(1):4150, July 2007.
May 2015
52 ure the content hich may even to represent the hannel schemes ven in presence high degree of onger detection
e-partment of Bangalore, for
ttp://gray-world. ropy.netmark.pl/,
[7] Anjan K Koundinya et.al... Co In ADCONS 2011, pages 582-[8] JaideepChandrashekar et.al. E
Proceedings of 12th Internati September 2009.
[9] LoicHelou, Claude Jard, and SPV'03, Volume 3, April 2003 [10] Anjan K Koundinya and Jibi Detection Engine, volume 1 of 2010.
[11] B. W. Lampson. A Note on the [12] Enping Li and Scott Craver. A of the 11th ACM workshop o 2009.
[13] Clay Shields SarderCabuk, Ca 2004.
[14] Clay Shields SarderCabuk, Information and System Secur [15] Gustavus J Simmons. The Sub [16] Steffen Wendzel. Protocol Cha [17] Andreas Willig. A short introd
1999.
[18] Adam Young and Moti Yung 220-240, 2004.
AUTHOR’S
AnjanK has received his B University,Belgaum,India in 2007 A Science and Engineering, M.S.Rama been awarded Best Performer PG 20 includes NetworkSecurityandCrypto Ph.D in Computer Science and Engi as Assistant Professorin Dept.of Co Engineering, Bengaluru, India.
SrinathNK has his M.E degree in S Roorkee University, in 1986 and Ph in 2009.His areas of research inte Distributed Computing, DBMS ,Mic PG, Dept of Computer Science and
JibiAbraham has received he BITS,Rajasthan,India in 199 and University , Belgaum , India in 2 fresearch interests include Network of Wireless Sensor Networks and A Head in Dept. of CEIT, College of E
Covertness analysis of subliminal channels in legitimate c -591. Springer- Verlag LNCS series, 2012
Exploiting temporal persistence to detect covert botnet ational Symposium, RAID 2009, pages 326{345, Saint-d Marc Zeitoun.Covert channels Saint-detection in protocols us 03.
bi Abraham. Design of Transport Layer Based Hybrid C of 4. International Journal of Ad hoc,Sensor and Ubiquitou the Con_nement Problem.Communication of the ACM, 197 . A supraliminal channel in a wireless phone application,.I on Multimedia and security, pages 7{18, Princeton, New Carla Brodley. IP covert timing channels : Design and dete , Carla Brodley. IP covert channel detection.ACM T urity, Volume 12(Article 22), 2009.
ubliminal Channel and Digital Signatures.Springer-Verlag, hannels.HAKIN9, 2009.
oduction to queuing theory.lecture notes at Technical Univ ng, Malicious Cryptography. First edition. Wiley
Publish-B.E degree from Visveswariah Technological And his master degre from Department of Computer aiahInstitute of Technology ,Bangalore, India.He has 010 for his academic excellence.His area so fresearch ography,Agile Software Engineering.He ispursuing ineeing fromVTU,Belgaum. He is currently working Computer Science and Engineering, RV College of
Systems Engineering and Operations Research from hD degree from Avinash Lingum University,India erests include Operations Research, Parallel and croprocessor. His isworking as Professor and Dean d Engineering,RVCollege of Engineering.
er M.S degree in Software Systems from nd PhD degree from Visveswariah Technological 2008 in the area of Network Security.He rarea so routing algorithms ,Cryptography ,Network Security Algorithms Design.She is working as Professor and Engineering Pune.
53 communication et channels,. In -Malo, France, using scenarios. Covert Channel tous Computing, 973.
,.In Proceedings ew Jersey, USA, etection. CCS, 4, Transaction on g, 1998.