Analyzing network-aware active wardens in IPv6

Grzegorz Lewandowski, Norka B. Lucena, Steve J. Chapin

Research output: Chapter in Book/Entry/PoemConference contribution

16 Scopus citations


A crucial security practice is the elimination of network covert channels. Recent research in IPv6 discovered that there exist, at least, 22 different covert channels, suggesting the use of advanced active wardens as an appropriate countermeasure. The described covert channels are particularly harmful not only because of their potential to facilitate deployment of other attacks but also because of the increasing adoption of the protocol without a parallel deployment of corrective technology. We present a pioneer implementation of network-aware active wardens that eliminates the covert channels exploiting the Routing Header and the hop limit field as well as the well-known Short TTL Attack. Networkaware active wardens take advantage of network-topology information to detect and defeat covert protocol behavior. We show, by analyzing their performance over a controlled network environment, that the wardens eliminate a significant percentage of the covert channels and exploits with minimal impact over the end-to-end communications (approximately 3% increase in the packet roundtrip time).

Original languageEnglish (US)
Title of host publicationInformation Hiding - 8th International Workshop, IH 2006, Revised Selected Papers
PublisherSpringer Verlag
Number of pages20
ISBN (Print)9783540741237
StatePublished - 2007
Event8th International Workshop on Information Hiding, IH 2006 - Alexandria, VA, United States
Duration: Jun 10 2006Jun 12 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4437 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other8th International Workshop on Information Hiding, IH 2006
Country/TerritoryUnited States
CityAlexandria, VA


  • Active mappers
  • Active wardens
  • Covert channels
  • Evasion attacks
  • Network-aware
  • Stateful
  • Stateless
  • Traffic analysis
  • Traffic normalizers

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Analyzing network-aware active wardens in IPv6'. Together they form a unique fingerprint.

Cite this