A channel hidden (in English: covert Chanel ) is a Channel of communication which uses the Band-width of another channel in the objective to transmit information without the authorization or the knowledge of the owner of the information or the administrator of the network.

Operation

The hidden channels are dynamic entities; they monopolize a site report without necessarily needing to be stored. Moreover, knowing that the data-processing unit lowest known is the Bit, certain hidden channels are able to extract from the half-bit (half-bit). So for a traditional user, the Antivirus and others Pare-feu X are often sufficient to thwart an attack by a Trojan horse, they are completely impotent in front of a disturbed hidden channel.

Type of hidden channel

There exist two types of hidden channels:

• the storage channels: the transmitting process modifies a particular data, and the receiving process detects and interprets the data modified to receive information indirectly.
• the timing channels: the transmitting process modulates the duration of a task carried out by the receiving process, and the receiving process interprets this variation like information.

It is not simple to distinguish a storage from a Chanel timing. For J. Wray, the difference is that, in the case of a timing Chanel, the receiving process needs to have access to an independent clock which enables him to date the events. The storage channels are exploitable without the assistance of this external temporal reference.

The particular characteristic of a hidden channel is the quantity of information which it can send. So that a Trojan horse is operational, it is enough that it can communicate two different messages. The binary type of channel is called, by D. McCullough, a one-bit Chanel and makes it possible a Trojan horse to transmit any message if time allows him. The presence of a one-bit Chanel can constitute a threat engraves for the confidentiality of a system.

Probabilistic hidden channel

A one-bit Chanel can be disturbed i.e. the receiving process receives a value different or equal to the signal emitted by the Trojan horse. In this case, the signal coming from the Trojan horse is ambiguous.

As long as the received signal is different from that emitted by the Trojan horse, then the Trojan horse can always transmit any information by again transmitting the message until the received signal is identical to that emitted. If the noise is total, there is no more covert Chanel. If not, the Trojan horse can still send a more or less disturbed message. We introduce the concept of hidden channel probabilistic.

Concept of half-bit Chanel

D. McCullough the concept of half-bit Chanel introduces which is a channel which makes it possible to communicate one message. Transmitted information is only partial, however, with two half-bit channels, we can build a one-bit Chanel.

An example illustrates well this concept, it acts of the blocking inputs .

; Objective: The goal of the Trojan horse east to transfer the contents from buffer BS (secret source) in the buffer not classified DRUNK.

; Assumptions:

• We suppose that buffers BA and BB are buffers of finished size. Indeed, if the buffer were infinite, then the problem of the blocking inputs would not arise.
• the processes how long do not know they are blocked nor even if they were blocked.
• the only thing which the processes know: If I am not blocked then, I know that I am not blocked . It is indeed a half-bit Chanel.

; Construction: The process has saturates the buffer BA with messages. The process B makes in the same way with buffer BB. Buffer BC is used to synchronize the processes has and B with the Trojan horse.

; Operation: When the processes have and B are blocked (respective buffers BA and saturated BB), the Trojan horse reads a bit in buffer BS. If the message read is equal to 0, then has is freed; this last writing one 0 in DRUNK then sends a message in BC to inform the Trojan horse which the transfer is carried out. If the message read is equal to 1, then B is freed; he writes one 1 in DRUNK then sends a message in BC to inform the Trojan horse which the transfer is carried out. The Trojan horse has to transfer the contents well from BS in DRUNK.

References