Samstag, 7. Juli 2012

Detecting Protocol Switching Covert Channels

A new paper of Sebastian Zander and me got accepted at the The 37th IEEE Conference on Local Computer Networks (LCN) in Florida. As usual, I will post an abstract here.

Steffen Wendzel, Sebastian Zander:
Detecting Protocol Switching Covert Channels,
in Proc. 37th IEEE Conf. on Local Computer Networks (LCN), Clearwater, Florida, 2012 (to appear).


The work presents the first detection technique for protocol switching covert channels (protocol channels). A summary on my recent covert channel research is available here.

Abstract
Network covert channels enable hidden and security policy breaking communication. Within the last years, new techniques for such covert channels arose, including protocol switching covert channels (PSCCs). PSCCs transfer hidden information by sending network packets with different selected network protocols.

In this paper we present the first detection methods for PSCCs. We show that the number of packets between network protocol switches and the time between switches can be monitored to detect PSCCs with 98-99% accuracy for bit rates of 4 bits/second or higher.

Freitag, 6. Juli 2012

Covert and Side Channels in Building Automation Systems

In my paper „Covert and Side Channels in Buildings and the Prototype of a Building-aware Active Warden“ which I recently presented at the IEEE Workshop on Security and Forensics in Communication Systems (SFCS) in Ottawa, I initially spoke about information hiding research for building automation systems. In this posting I summarize the most important aspects of the paper. The final version of the paper will only be available via IEEE as soon as they will publish the proceedings.
A building automation system (BAS, cf. Wikipedia Entry) is basically a computer network containing sensors (devices which provide measured values, such as the temperature) and actuators (devices used to control something, like a heating actuatur used to control the heating in a room). BAS use various protocols (containing own stacks) and thus make only very limited use of TCP/IP.
The question I wanted to answer is: Are Covert or Side Channels possible in BAS environments? Indeed, the answer for both questions is “Yes”.
To differ between both terms, I refer to a side channel as a communication channel without an intentional sender while a covert channel requires an intentional sender. This distinction is relativeley common in the current CS research.

Side Channels in BAS
A side channel in a building automation systems exists if a user can obtain information leaked by the BAS network. Therefore, the user can monitor the BAS network for messages or can request information from sensors. While the first scenario is a passive side channel, the latter one is an active side channel.

Example use-case:
An employee wants to steal a document from the manager's office. Therefore, the employee wants to ensure that the manager is currently out of his office, i.e. the employee wants to be sure that it is safe to steal the document without getting caught.
The employee utilizes the BAS to obtain information about the presence of the manager in the room. Therefore the employee can request sensor information (e.g. temperatur, lighting …) in the manager's office. If the ligthening is turned off, the temperature does not seem to represent the presence of a person, the heating is turned off and so on, the employee can be relatively sure that the office is empty and that it is safe to steal the document at the moment.

Covert Channels in Building Automation Systems
For a covert channel communication, it is necessary to have an intentional sender in the scenario. Let us therefore imagine a situation in which we have a building with two rooms as shown in Figure 1. The left room is closed and Internet access in the room is prevented. A secret meeting is taking place in the room and the results of the meeting have to be kept secret until the meeting is over. The security policy of the organization prevents any communication from the left (secret) room to the right (public) room.
-->
Fig. 1: A Sample Covert Channel Scenario for a Building Automation System.
-->
Let us imagine, one person in the left room wants to pre-inform a person in the right room about the estimated result of the secret discussion. Therefore, the BAS can be manipulated. The “sender” person in the left room could turn on the light in the left room ("because it is getting dark outside") but the light button can be connected to an additional device by the BAS logic and could turn on the lightening in the right room (or any other device in the building) at the same time to signal hidden information to the covert channel receiver. This covert channel is shown in Figure 2.

Fig. 2: A covert channel established in the BAS that breaks the security policy of the building.
Thus, covert channels can leak hidden information and can break security policies in building environments. The details can be found in my referenced paper above.

Preventing Covert and Side Channels
In my paper, I also present a technique to prevent at least a subset of the possible covert and side channels in BAS. I therefore route all BAS commands of applications (e.g. smart phone applications used to control or monitor the building) through a middleware that contains multilevel security (MLS) and role-based access control (RBAC) support. Low-level prevention means are part of future work.
You can find a summary on my whole covert channel research here.

Update: There is new work on covert channels in BACnet (and on their prevention). 

Sonntag, 1. Juli 2012

Denken und Sprache

(R:OK)
Heute wieder ein Posting im Kontext meines Psychologiestidums.

In der Aprilausgabe von Spektrum der Wissenschaft schreibt Lera Boroditsky von der Stanford University über die Wirkung der Sprache auf das Denken.

Die Autorin beginnt ihren Artikel mit dem Beispiel eines Aborigine-Mädchens. Es ist dem Mädchen ein Leichtes auf Wunsch der Autorin nach Norden zu zeigen. Dasselbe Beispiel wiederholt Boroditsky in den besten amerikanischen Universitäten, bittet die dort anwesenden Menschen also nach Norden zu zeigen, und überfordert die Personen. Worin besteht der Grund für diese Unterschiedlichkeit?

Die Autoren führt auf, dass in der Sprache des kleinen Mädchens alles mit Himmelsrichtungen angegeben wird (etwa: Mein Tischnachbar sitzt "südlich" von mir, statt "links" von mir). Diese sprachliche Andersartigkeit führt dazu, dass auch das Denken geformt wird.

Mit räumlichen Unterschieden ist beim Denken durch Sprachhintergründe aber noch nicht Schluss: Die Autorin führt auf, dass es auch eine zeitliche Komponente gibt, bei der sich klare Unterscheidungen zeigen:
Man ließ Probanden bestimmte Bilder in zeitlicher Reihenfolge sortieren (etwa Bilder, die ein wachsendes Krokodil zeigten). Die Bilder lagen auf einer Fläche und je nach sprachlichem Hintergrund folgten andersartige Sortierungen der Karten.
Während Menschen, die von links nach rechts schreiben die zeitliche Reihenfolge links beginnen und rechts enden ließen, machten es Menschen, die von rechts nach links schreiben (etwa im Hebräischen) genau anders herum. Die Aboriginies hingegen legten die Karten (egal, in welche Himmelsrichtung sie saßen) immer von Osten nach Westen.

Am Ende des Artikels wird schließlich die Frage aufgeworfen, was nun was formt -- das Denken die Sprache oder die Sprache das Denken? Beantwortet wird die Frage damit, dass beides wahr ist, denn unsere "Denkweise prägt die Art, wie wir sprechen", aber wenn wir etwa ein neues Wort lernen, verändern wir auch unser Denken.

Quelle: L. Boroditsky: Wie die Sprache das Denken formt, Spektrum der Wissenschaft, S. 30-33, April 2012.