Software Index
Linux Software Security Tools  

Covert Channels Evaluation Framework

download download home home   report broken
important software information
company name:
Sebastian Zander
license: Freeware
minimum requirements: No special requirements.
functional limitations:
Covert Channels Evaluation Framework description
Covert Channels Evaluation Framework (CCHEF) is a software framework for empirically evaluating covert channels in network protocols running under Linux.

Using encryption is not sufficient to secure communication because the simple fact that communication exists is often enough to raise suspicion and take further actions. Covert channels aim to hide the very existence of communication by using means of communication not normally intended to be used. The huge amount of data and vast number of different protocols in the Internet makes it ideal as a high-bandwidth vehicle for covert channels in network protocols.

The de-facto standard covert channel communication model is the prisoner problem. Two people, Alice and Bob, are thrown into prison and intend to escape. To agree on an escape plan they need to communicate, but Wendy the warden monitors all their messages. If Wendy finds any signs of suspicious messages she will place Alice and Bob into solitary confinement -- making an escape impossible. Alice and Bob must exchange innocuous messages containing hidden information that (hopefully) Wendy will not notice.

We have developed a flexible software framework for empirically evaluating covert channels in network protocols called Covert Channels Evaluation Framework (CCHEF). CCHEF runs under Linux and can be used in real networks with real overt traffic, but can also emulate covert channels using overt traffic from trace files. Usually testing with real traffic is restricted to controlled testbeds where it is almost impossible to generate a realistic traffic mix from a larger number of hosts. Therefore, CCHEF also runs on single hosts emulating covert channels based on overt traffic from trace files.

CCHEF is not designed to be (mis)used for real covert channel communication. Therefore, we have made no attempts to disguise the sender or receiver in any way, illegally acquire superuser priviledges etc. The sender and receiver are normal user space applications. This allows us to focus on the actual covert channel methods (embedding of hidden information in network protocols), prevents possible misuse, and makes porting easier since techniques to hide executables etc. are very operating system dependent.

The central component of CCHEF is the Channel module that interfaces with multiple device modules. Covert data to be send is read from the Covert In device, while received covert data is written to the Covert Out device. The Overt In/Out device taps into a stream of IP packets to be used as carrier for the covert data. At the sender suitable overt packets are intercepted and passed to the Channel module. The Channel module encodes the covert data and passes the modified packet back to the device, which will re-inject it into the network. If an overt packet arrives at the receiver the Channel module decodes any covert information and removes the covert channel (if possible) before re-injecting the packet. (CCHEF also supports passive receivers that uses copies of overt packets and do not delay the actual traffic, if removing the covert channel is not necessary.) The Channel module has various sub-modules responsible for modulation, framing, reliable transport, encryption etc.. Swinburne ICT - Centre for Advanced Internet Architechtures (CAIA). Publisher of Covert Channels Evaluation Framework, Author of Covert Channels Evaluation Framework 0.1. Covert Channels Evaluation Framework (CCHEF) is a software framework for empirically evaluating covert channels in network protocols running under Linux. Using encryption is not sufficient t
Similar software
CryptoLib (Popularity: ) : CryptoLib is a library that provides the implementation of several cryptographic algorithms.

It is designed as an extension to the .Net Framework cryptographic library, and it is totally interoperable with its classes.. . Publisher of CryptoLib, Author of CryptoLib 0.1. CryptoLib ...

Trf (Popularity: ) : Trf is an extension library to the script language tcl, as created by John Ousterhout. It extends the language at the C-level with so-called "transformer"-procedures.

With the help of some patches to the core the package is able to intercept all ...

Avira AntiVir UNIX Workstation (Popularity: ) : Avira AntiVir UNIX Workstation is a superior antivirus solution, especially created to offer a virus-free Linux environment, for home and network users worldwide.

Avira benefits:

- Automatic updates of the virus signatures database and of the antivirus engine;
- Extensive Malware Recognition: aside ...

Apso (Popularity: ) : Apso project is a framework for adding secrecy to version control systems. Usually, version control systems support transfer of encrypted data between clients and the server (in centralized systems) or between clients (in distributed systems).

This, however, does not help one ...

Avira AntiVir UNIX Server (Popularity: ) : Avira AntiVir UNIX Server is a VB100 % award-winning antivirus solution for Linux file servers with a real-time scanner and multifunctional performance features, designed to ensure complete protection against viruses and unwanted network programs. Uncompromising protection: - Leading detection and ...
Astaro Security Linux (Popularity: ) : Astaro Security Linux is an award-winning, unique network security solution in an integrated and easy-to-use and manage package. Astaro Security Linux includes a combination of the following security applications:

- A Firewall with stateful packet inspection and application proxies guards Internet ...

Burp Suite (Popularity: ) : Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust ...
Obol (Popularity: ) : Obol is part of a project to investigate properties of security protocols, what they are, how they behave, how they interact, how to deal with them. The Obol language grew out of a desire to escape the distractions of low-level ...
eCryptfs (Popularity: ) : eCryptfs is an POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. eCryptfs is derived from Erez Zadok's Cryptfs, implemented through the FiST framework for generating stacked filesystems.

eCryptfs extends Cryptfs to provide advanced key management and policy features. eCryptfs stores cryptographic metadata ...

Email Security through Procmail (Popularity: ) : Email Security through Procmail (the Procmail Sanitizer) provides methods to sanitize email, removing obvious exploit attempts and disabling the channels through which exploits are delivered.

Email Security through Procmail also provides facilities for detecting and blocking Trojan Horse exploits and worms.. ...

Colombia Radio Stations (Popularity: ) : Colombia Radio Stations is a simple script shamelessly recopied for Amarok 2. It offers you some Colombian radio streams.. Applications for your KDE-Desktop - Applications for your KDE-Desktop - Community Portal for KDE Applications Software Office Multimedia Graphic ...
Cluster Tabs for Firefox (Popularity: ) : Cluster Tabs for Firefox is a Firefox extension to end tab overload, make your browser faster and share public & anonymous cluster tab web addresses with others.

Share more on the web

Every cluster tab you create or edit has a pubic ...

User reviews

Write a review:
1 2 3 4 5 6 7 8 9 10
1=poor 10=excellent
Write review*
Your name*
  (Comments are moderated, and will not appear on this site until the editor has approved them)
Covert Channels Evaluation Framework
Rate me
supported os's
downloads 20
version 0.1
size in Kb 543
user rating 5/10
our rating 0 Stars
share info
Recommend Covert Channels Evaluation Framework
Report spyware
New Software
Popular Software
Latest Reviews