Host security and data exfiltration via novel covert channels

Protecting sensitive and private information in a host's local environment has become an even more important security problem wIth the increased connectivity of computers and other devices to public networks like the Internet. Traditional host security mechanisms prevent sensitive data from being leaked onto a network by ensuring that rogue software cannot access and send data over a network to an eavesdropper. Surprisingly, I show that exfiltrating sensitive data over a network does not require compromising the target host and installing malware by the attacker.

I demonstrate that covert timing channels, previously analyzed in multi-level secure systems (MLS), pose a considerable threat to information leakage in general purpose systems. In addition to acting as information hiding mechanisms, covert channels can also aid in the exfiltration of sensitive information captured at one system layer over a network. Inducing such covert channels does not require compromising the host OS or software, rendering traditional defenses to such leakages ineffective.

I will present an analysis of the Keyboard JitterBug, a hardware keystroke logger which can leak its captured information (e.g., passwords) over a network timing channel without compromising the host or its OS. I will also briefly talk about other interesting exfiltration attacks using covert timing channels. Finally, I will describe initial efforts at hiding the presence of timing channels in normal network traffic by borrowing ideas from cryptography and steganography.