Jörg Keller
Steffen Wendzel
ABSTRACT
We present a covert channel between two network devices where one authenticates itself with Lamport's one-time passwords based on a cryptographic hash function. Our channel enables plausible deniability. We also present countermeasures to detect the presence of such a covert channel, which are non-trivial because hash values are randomly looking binary strings, so that deviations are not likely to be detected.
- C. Abad. 2001. IP Checksum Covert Channels and Selected Hash Collision. Technical Report. Univ. of California, Los Angeles.Google Scholar
- R. Anderson, R. Needham, and A. Shamir. 1998. The steganographic file system. In International Workshop on Information Hiding. Springer, 73--82.Google Scholar
- T. E. Calhoun Jr, X. Cao, et al. 2012. An 802.11 MAC layer covert channel. Wireless Communications and Mobile Computing 12, 5 (2012), 393--405.Google ScholarDigital Library
- S. Craver, E. Li, and J. Yu. 2009. Protocols for data hiding in pseudo-random state. In Media Forensics and Security, Vol. 7254.Google Scholar
- N. Haller. 1995. The S/KEY One-Time Password System. RFC 1760. RFC Editor. https://www.rfc-editor.org/rfc/rfc1760.txtGoogle Scholar
- L. Lamport. 1981. Password authentication with insecure communication. Commun. ACM 24, 11 (1981), 770--772. https://doi.org/10.1145/358790.358797Google ScholarDigital Library
- B. W. Lampson. 1973. A Note on the Confinement Problem. Commun. ACM 16, 10 (Oct. 1973), 613--615. https://doi.org/10.1145/362375.362389Google ScholarDigital Library
- A.J. Menezes, P. C. van Oorschot, and S. A. Vanstone. 1996. Handbook of Applied Cryptography. CRC Press.Google Scholar
- A. Perrig, R. Canetti, et al. 2002. The TESLA Broadcast Authentication Protocol. CryptoBytes 5, 2 (2002), 2--13.Google Scholar
- S. Wendzel, S. Zander, et al. 2015. Pattern-Based Survey and Categorization of Network Covert Channel Techniques. Computing Surveys 47, 3 (2015).Google Scholar
Index Terms
Covert Channels in One-Time Passwords Based on Hash Chains
Recommendations
Challenging Channels: Encrypted Covert Channels within Challenge-Response Authentication
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and SecurityChallenge-response authentication is an essential and omnipresent network service. Thus, it is a lucrative target for attackers to transport covert information. We present two covert channels in nonce-based network authentication that allow the ...
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part IDesign a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
A more efficient and secure ID-based remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem
Recently, Yang and Chang proposed an identity-based remote login scheme using elliptic curve cryptography for the users of mobile devices. We have analyzed the security aspects of the Yang and Chang's scheme and identified some security flaws. Also two ...
Comments