StegoFrameOrder—MAC Layer Covert Network Channel for Wireless IEEE 802.11 Networks

Sawicki, Krzysztof; Bieszczad, Grzegorz; Piotrowski, Zbigniew

doi:10.3390/s21186268

Cited by 9 publications

(12 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Section: Discussionmentioning

confidence: 99%

On Securing MAC Layer Broadcast Signals Against Covert Channel Exploitation in 5G/6G & Beyond

Soosahabi¹,

Bayoumi²

2022

Preprint

View full text Add to dashboard Cite

We have proposed a novel framework to identify and mitigate a recently disclosed covert channel scheme exploiting unprotected broadcast messages in cellular MAC layer protocols. Examples of covert channel include data exfiltration, remote command-and-control (CnC) and espionage. Responsibly disclosed to GSMA as CVD-2021-0045, the SPARROW covert channel scheme exploits the downlink power of LTE/5G base-stations that broadcast contention resolution identity (CRI) from any anonymous device according the 3GPP standards. Thus, the SPARROW devices can covertly relay short messages across long-distance which can be potentially harmful to critical infrastructure. The SPARROW schemes can also serve as an efficient solution for long-range M2M applications. Instead of naively reducing the size of CRI in similar random access procedures, this work offers a rigorously designed method to randomly obfuscate CRI broadcast in future 5G/6G standards. Compared to the naive approach, the proposed method achieves considerable reduction in SPARROW covert channel capacity with less impact on the other cell users, according to the numerical results.

show abstract

Section: Discussionmentioning

confidence: 99%

On Securing MAC Layer Broadcast Signals Against Covert Channel Exploitation in 5G/6G & Beyond

Soosahabi¹,

Bayoumi²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Exploitation of non-terrestrial wireless infrastructure can significantly amplify the operational range of SPARROW covert channels. The general vulnerability framework in Section II can be readily extended to covert channels schemes using other passively measurable aspects of the cell radio that can be exploited for a covert channel complementing the examples discussed in [16] Revisiting Proposition 2, the random obfuscation in EL-ISHA scheme turns the exploited channel into a typical erasure channel such that the receiver cannot decode the messages mapped to the same broadcast output, as if they were erased. Thus, the capacity of the exploited channel is given by…”

Section: Discussionmentioning

confidence: 99%

On Securing MAC Layer Broadcast Signals Against Covert Channel Exploitation in 5G, 6G & Beyond

Soosahabi¹,

Bayoumi²

2022

Preprint

View full text Add to dashboard Cite

In this work, we propose a novel framework to identify and mitigate a recently disclosed covert channel scheme exploiting unprotected broadcast messages in cellular MAC layer protocols. Examples of covert channel are used in data exfiltration, remote command-and-control (CnC) and espionage. Responsibly disclosed to GSMA (CVD-2021-0045), the SPARROW covert channel scheme exploits the downlink power of LTE/5G base-stations that broadcast contention resolution identity (CRI) from any anonymous device according to the 3GPP standards. Thus, the SPARROW devices can covertly relay short messages across long-distance which can be potentially harmful to critical infrastructure. The SPARROW schemes can also complement the solutions for long-range M2M applications. This work investigates the security vs. performance trade-off in CRI-based contention resolution mechanisms. Then it offers a rigorously designed method to randomly obfuscate CRI broadcast in future 5G/6G standards. Compared to CRI length reduction, the proposed method achieves considerable protection against SPARROW exploitation with less impact on the random-access performance as shown in the numerical results.

show abstract

“…It can be categorized into two types. One is a type to exploit the upper layer, including MAC layer protocol, such as in mobile network [11], [12], [13], [14], [15], [16], in IEEE 802.11 WLAN [17], [18], [19], [20], [21], [22], in IoT covert channel [24], [25], [26], [27], [28]. And, the other type is based on the physical layer which is commonly used in radio frequency (RF) signal characteristics.…”

Section: Related Workmentioning

confidence: 99%

“…The covert channels are categorized as network covert channels and wireless covert channels (WCCs). A network covert channel is one that is built into the network layer (or upper protocol layer) [2], [3], [4], [5], [6], [7], [8], [9], [10], whereas a WCC is one that primarily exploits the MAC/physical-layer characteristics of wireless communication [11], [12], [13], [14], [15], [16], [17], [18], [19], [20], [21], [22], [23], [24], [25], [26], [27], [28], [29], [30], [31], [32], [33], [34], [35], [36], [37]. Network covert channels are also divided into storage and time aspects depending on the type of resource shared in the legitimate channel [38].…”

mentioning

confidence: 99%

See 1 more Smart Citation

Practical Covert Wireless Unidirectional Communication in IEEE 802.11 Environment

Seong

Kim

Jeon

et al. 2023

IEEE Internet Things J.

View full text Add to dashboard Cite

Covert communications, or covert channels, are commonly exploited to establish a data exfiltration channel from an insider on a trusted network to a malicious receiver outside the network without using normal communication of the network. It is because the malicious receiver is an unauthorized user of the communication network and so he cannot communicate with any entity in the network. In this study, we construct a new covert wireless unidirectional communication mechanism in an IEEE 802.11 environment. Our covert communication is based on a covert timing channel exploiting the beacon interval of a given commercial-like AP. Because the wireless covert channel we proposed can be implemented only with firmware modification to the WLAN MAC protocol, it is very suitable for application in a real public AP environment. In order to dramatically reduce the chance of covert signals being detected by others, a new and simple covert data encoding scheme, called ping-pong covert timing channel (PPCTC), is proposed, and we show that the covertness of the PPCTC is excellent compared to the previous timing-based covert channels. Although this wireless covert communication is unidirectional communication, since PPCTC has recovery characteristics against consecutive 2-bit errors, stable communication is guaranteed. Furthermore, a covert frame structure is presented for providing the confidentiality and integrity of the information transmitted via our covert channel. To the best of our knowledge, this is the first attempt. Index Terms-Covert AP, covert frame structure, covert timing channel (CTC), interpacket delay (IPD) CTC, packet loss recovery. I. INTRODUCTION A. BackgroundC OVERT communication is a type of attack to create an abnormal communication channel to transfer information to a malicious entity that is not supposed to be Manuscript

show abstract

StegoFrameOrder—MAC Layer Covert Network Channel for Wireless IEEE 802.11 Networks

Cited by 9 publications

References 33 publications

On Securing MAC Layer Broadcast Signals Against Covert Channel Exploitation in 5G/6G & Beyond

On Securing MAC Layer Broadcast Signals Against Covert Channel Exploitation in 5G/6G & Beyond

On Securing MAC Layer Broadcast Signals Against Covert Channel Exploitation in 5G, 6G & Beyond

Practical Covert Wireless Unidirectional Communication in IEEE 802.11 Environment

Contact Info

Product

Resources

About