Data

Tools

Indexes

Applications

Experiments

Open Source Science

cceap

The Covert Channel Educational Analysis Protocol (CCEAP) is a network protocol designed for teaching covert channels to professionals and students in higher education. It is also an easy-to-use covert channel traffic generator. The basis for CCEAP are so-called `hiding patterns'.

https://github.com/cdpxe/cceap

Science Score: 57.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
    Found 5 DOI reference(s) in README
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (13.2%) to scientific vocabulary

Keywords

c covert-channel education hiding-patterns higher-education information-hiding infosec network network-protocol patterns protocol research-paper research-project research-tool scientific-publications steganography students traffic-analysis tunneling undergraduate
Last synced: 6 months ago · JSON representation ·

Repository

The Covert Channel Educational Analysis Protocol (CCEAP) is a network protocol designed for teaching covert channels to professionals and students in higher education. It is also an easy-to-use covert channel traffic generator. The basis for CCEAP are so-called `hiding patterns'.

Basic Info
Statistics
  • Stars: 14
  • Watchers: 4
  • Forks: 3
  • Open Issues: 0
  • Releases: 5
Topics
c covert-channel education hiding-patterns higher-education information-hiding infosec network network-protocol patterns protocol research-paper research-project research-tool scientific-publications steganography students traffic-analysis tunneling undergraduate
Created over 9 years ago · Last pushed over 1 year ago
Metadata Files
Readme Changelog License Citation Support

README.md

CCEAP: Covert Channel Educational Analysis Protocol

The Covert Channel Educational Analysis Protocol (CCEAP) is a simple network protocol designed for teaching covert channels (network steganography) to professionals and students. It is also an easy-to-use covert channel traffic generator.

The protocol is explicitly vulnerable against several hiding patterns, i.e. patterns that represent hiding methods (steganographic methods that create covert channels, see here for my GitHub online class on network steganography/covert channels). The protocol's structure is simple and self-explanatory and its implementation is kept at a minimum level of code lines to make it especially accessible to students. There is also a documentation and an academic publication (published under the umbrella of ACM CCS 2016, download link is also in the documentation) available.

Please send requests and feedback to the author: Steffen Wendzel, www.wendzel.de (steffen (at) wendzel (dot) de).

How to Cite this Work?

Steffen Wendzel, Wojciech Mazurczyk: Poster: An Educational Network Protocol for Covert Channel Analysis Using Patterns, in Proc. 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS 2016). ACM, New York, NY, USA, pp. 1739–1741, DOI: 10.1145/2976749.2989037.

Kickstart - a few Examples:

1. A First Start

First, start the server, e.g. on your local host: ./server -P 9999. This lets the server run on IP 127.0.0.1, port 9999.

Then, connect with the client: ./client -D 127.0.0.1 -P 9999. This will make the client send ten simple standard messages to your server. The server should display the received packets' meta-data.

2. Covert Timing Channel

Now, let us create a simple covert timing channel that we use to transfer the file /etc/hosts. And we want to encode 1 and 0 bits with 500ms and 1000ms. Therefore, we start the server again, and then run the client as follows using CCEAP's iat_encode tool which encodes files into inter-arrival times (this would represent the Inter-arrival Time pattern):

./client -D 127.0.0.1 -P 9999 -t ´./iat_encode /etc/hosts 500 1000´

3. Simple Covert Channel Traffic Generator

Of course, one could also use dd together with /dev/random as a source of randomness to create a file with random bits and use this file instead of /etc/hosts. Similarly, the Manipulated Message Ordering pattern can be represented using ./seq_encode /etc/hosts 256 2 instead of ./iat_encode /etc/hosts 500 1000. Check the documentation for details.

More parameters of client can be obtained by running ./client -h.

More Examples

Additional examples can be found in the sample_exercises directory and in the documentation.

Owner

  • Name: Steffen Wendzel
  • Login: cdpxe
  • Kind: user
  • Location: Worms, Germany

Professor at HS Worms, author of several books on InfoSec and Linux. OSS developer. #Networking #BSD #InformationHiding #Steganography #ReplicationStudies

Citation (CITATION.cff) 

cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
- family-names: "Wendzel"
  given-names: "Steffen"
  orcid: "https://orcid.org/0000-0002-1913-5912"
- family-names: "Mazurczyk"
  given-names: "Wojciech"
  orcid: "https://orcid.org/0000-0002-8509-4127"
title: "Poster: An Educational Network Protocol for Covert Channel Analysis Using Patterns"
doi: "10.1145/2976749.2989037"
version: 1.0.0
date-released: 2016-10-01
url: "https://github.com/cdpxe/CCEAP"
preferred-citation:
  type: conference-paper
  authors:
  - family-names: "Wendzel"
    given-names: "Steffen"
    orcid: "https://orcid.org/0000-0002-1913-5912"
  - family-names: "Mazurczyk"
    given-names: "Wojciech"
    orcid: "https://orcid.org/0000-0002-8509-4127"
  conference:
      name: "Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS 2016)"
      date-start: "2021-07-27"
  start: 1739 # First page number
  end: 1741 # Last page number
  title: "Poster: An Educational Network Protocol for Covert Channel Analysis Using Patterns"
  url: "https://github.com/cdpxe/CCEAP"
  doi: "10.1145/2976749.2989037"
  year: 2012
  publisher: "ACM"
  volume-title: "Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS 2016)"

GitHub Events

Total
  • Watch event: 6
  • Push event: 4
Last Year
  • Watch event: 6
  • Push event: 4

Issues and Pull Requests

Last synced: over 1 year ago

All Time
  • Total issues: 0
  • Total pull requests: 1
  • Average time to close issues: N/A
  • Average time to close pull requests: 1 minute
  • Total issue authors: 0
  • Total pull request authors: 1
  • Average comments per issue: 0
  • Average comments per pull request: 0.0
  • Merged pull requests: 1
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 0
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 0
  • Pull request authors: 0
  • Average comments per issue: 0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
Pull Request Authors
  • cdpxe (1)
Top Labels
Issue Labels
Pull Request Labels