• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2014, Vol. 36 ›› Issue (06): 1072-1076.

• 论文 • 上一篇    下一篇

基于TCP协议首部的网络隐蔽通道技术研究

张令通1,2,罗森林2   

  1. (1.云南大理学院工程学院,云南 大理 671003;
    2.北京理工大学信息安全与对抗技术实验室,北京 100081)
  • 收稿日期:2012-12-05 修回日期:2013-04-07 出版日期:2014-06-25 发布日期:2014-06-25
  • 基金资助:

    国家242计划资助项目(2005C48);云南省教育厅科学基金资助项目(2012Y154)

Research of the network covert channel
technique based on TCP protocol header          

ZHANG Lingtong1,2,LUO Senlin2   

  1. (1.College of Engineering,Dali University,Dali 671003;
    2.Lab for Information Security and Countermeasures,Beijing Institute of Technology,Beijing 100081,China)
  • Received:2012-12-05 Revised:2013-04-07 Online:2014-06-25 Published:2014-06-25

摘要:

通过研究网络隐蔽通道建立的机制,提出了一种基于TCP协议首部实现网络隐蔽通道的方法,通过将秘密信息经AES加密后嵌入TCP协议首部的序列号和确认号字段,模拟访问Web服务器的行为生成TCP数据包,以达到穿透防火墙和躲避入侵检测系统的目的,并利用此隐蔽通道进行信息传递和远程控制。设计并实现了该原型系统。实验结果表明,该系统的隐蔽性高、传输速度快、可扩展性强,可以实现隐秘信息的传输,也为解决网络隐蔽通道的安全策略问题提供了理论依据和技术支持。

关键词: 隐蔽通道, TCP协议, 网络安全, 信息传输, 远程控制

Abstract:

Through studying the mechanism established by network covert channel, a network covert channel implementation method using TCP protocol header is proposed. The firewall and intrusion detection system are penetrated by the following procedure: Firstly, certain AESencrypted secret information is embedded into the sequence number/confirm number fields of the TCP header. Secondly,TCP data packets are constructed by web behavior simulating technique. Finally, information transferring and remote controlling can be implemented through this covert channel.A prototype system is also implemented.The experimental results show that, the system has some advantages such as high concealment performance, fast transmission speed, good expansibility, etc. The transmission of privacy information can be achieved. Theory basis and technical support are also provided for the network information security problem solving.

Key words: covert channel;TCP protocol;network security;information transmission;remote control