Analyzing network-aware active wardens in IPv6

Grzegorz Lewandowski, Norka B. Lucena, Stephen J Chapin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Scopus citations

Abstract

A crucial security practice is the elimination of network covert channels. Recent research in IPv6 discovered that there exist, at least, 22 different covert channels, suggesting the use of advanced active wardens as an appropriate countermeasure. The described covert channels are particularly harmful not only because of their potential to facilitate deployment of other attacks but also because of the increasing adoption of the protocol without a parallel deployment of corrective technology. We present a pioneer implementation of network-aware active wardens that eliminates the covert channels exploiting the Routing Header and the hop limit field as well as the well-known Short TTL Attack. Networkaware active wardens take advantage of network-topology information to detect and defeat covert protocol behavior. We show, by analyzing their performance over a controlled network environment, that the wardens eliminate a significant percentage of the covert channels and exploits with minimal impact over the end-to-end communications (approximately 3% increase in the packet roundtrip time).

Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages58-77
Number of pages20
Volume4437 LNCS
StatePublished - 2007
Event8th International Workshop on Information Hiding, IH 2006 - Alexandria, VA, United States
Duration: Jun 10 2006Jun 12 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4437 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other8th International Workshop on Information Hiding, IH 2006
CountryUnited States
CityAlexandria, VA
Period6/10/066/12/06

    Fingerprint

Keywords

  • Active mappers
  • Active wardens
  • Covert channels
  • Evasion attacks
  • Network-aware
  • Stateful
  • Stateless
  • Traffic analysis
  • Traffic normalizers

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Lewandowski, G., Lucena, N. B., & Chapin, S. J. (2007). Analyzing network-aware active wardens in IPv6. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4437 LNCS, pp. 58-77). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4437 LNCS).