HTML5 Zero Configuration Covert Channels: Security Risks and Challenges

Jason Farina, Mark Scanlon, Stephen Kohlmann, Nhien-An Le-Khac, Tahar Kechadi

Abstract


In recent months there has been an increase in the popularity and public awareness of secure, cloudless file transfer systems. The aim of these services is to facilitate the secure transfer of files in a peer-to-peer (P2P) fashion over the Internet without the need for centralized authentication or storage. These services can take the form of client installed applications or entirely web browser based interfaces. Due to their P2P nature, there is generally no limit to the file sizes involved or to the volume of data transmitted - and where these limitations do exist they will be purely reliant on the capacities of the systems at either end of the transfer. By default, many of these services provide seamless, end-to-end encryption to their users. The cybersecurity and cyberforensic consequences of the potential criminal use of such services are signicant. The ability to easily transfer encrypted data over the Internet opens up a range of opportunities for illegal use to cybercriminals requiring minimal technical know-how. This paper explores a number of these services and provides an analysis of the risks they pose to corporate and governmental security. A number of methods for the forensic investigation of such transfers are discussed.

Keywords


Covert Transfers, Encrypted Data Transmission, Counter-forensics

Full Text:

PDF

References


Stevens Le Blond, Pere Manils, Chaabane Abdelberi, Mohamed Ali Dali Kaafar, Claude Castelluccia, Arnaud Legout, and Walid Dabbous. One bad apple spoils the bunch: exploiting p2p applications to trace and profile tor users. arXiv preprint arXiv:1103.1518, 2011.

Daryl; Bogaard, Daniel; Johnson and Robert Parody. Browser web storage vulnerability investigation: Html5 localstorage object. In Proceedings of The 2012 International Conference on Security and Management, 2012.

Serdar Cabuk, Carla E Brodley, and Clay Shields. Ip covert channel detection. ACM Transactions on Information and System Security (TISSEC), 12(4):22, 2009.

Hyunji Chung, Jungheum Park, Sangjin Lee, and Cheulhoon Kang. Digital forensic investigation of cloud storage services. Digital Investigation, 9(2):81 - 95, 2012a. ISSN 1742-2876.

Hyunji Chung, Jungheum Park, Sangjin Lee, and Cheulhoon Kang. Digital forensic investigation of cloud storage services. Digital investigation, 9(2):81-95, 2012b.

Vicka Corey, Charles Peterman, Sybil Shearin, Michael S Greenberg, and James Van Bokkelen. Network forensics analysis. Internet Computing, IEEE, 6(6):60-66, 2002.

Corrado Federici. Cloud data imager: A unified answer to remote acquisition of cloud storage areas. Digital Investigation, 11(1):30- 42, 2014. ISSN 1742-2876. http://dx.doi.org/10.1016/j.diin.2014.02.002. URL http://www.sciencedirect.com/science/article/pii/S174228761400005X.

Simson Garfinkel. Network forensics: Tapping the internet. IEEE Internet Computing, 6: 60-66, 2002.

Annarita Giani, Vincent H Berk, and George V Cybenko. Data exfiltration and covert channels. In Defense and Security Symposium, pages 620103-620103. International Society for Optics and Photonics, 2006.

Michael Herrmann and Christian Grothoff. Privacy-implications of performance-based peer selection by onion-routers: a real-world case study using i2p. In Privacy Enhancing Technologies, pages 155-174. Springer, 2011.

Julian Jang-Jaccard and Surya Nepal. A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5):973 - 993, 2014. ISSN 0022-0000. http://dx.doi.org/10.1016/j.jcss.2014.02.005. URL http://www.sciencedirect.com/ science/article/pii/S0022000014000178. Special Issue on Dependable and Secure Computing The 9th {IEEE} International Conference on Dependable, Autonomic and Secure Computing.

Yali Liu, Cherita Corbett, Ken Chiang, Rennie Archibald, Biswanath Mukherjee, and Dipak Ghosal. Sidd: A framework for detecting sensitive data exfiltration by an insider attack. In System Sciences, 2009. HICSS'09. 42nd Hawaii International Conference on, pages 1-10. IEEE, 2009.

Karsten Loesing, Steven J Murdoch, and Roger Dingledine. A case study on measuring statistical data in the tor anonymity network. In Financial Cryptography and Data Security, pages 203-215. Springer, 2010.

Ben Martini and Kim-Kwang Raymond Choo. Cloud storage forensics: owncloud as a case study. Digital Investigation, 10(4):287 - 299, 2013. ISSN 1742-2876.

Nagendra Modadugu and Eric Rescorla. The design and implementation of datagram tls. In NDSS, 2004.

Mark Scanlon, Jason Farina, Nhien-An Le Khac, and M-Tahar Kechadi. Leveraging Decentralisation to Extend the Digital Evidence Acquisition Window: Case Study on BitTorrent Sync. Journal of Digital Forensics, Security and Law, pages 85-99, September 2014.

Taeshik Sohn, JungTaek Seo, and Jongsub Moon. A study on the covert channel detection of tcp/ip header using support vector machine. In Information and Communications Security, pages 313-324. Springer, 2003.

Juan Pablo Timpanaro, Isabelle Chrisment, and Olivier Festor. Group-based characterization for the i2p anonymous file-sharing environment. In New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pages 1-5. IEEE, 2014.


Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

(c) 2006-2015 Association of Digital Forensics, Security and Law