IPv6 Covert Channels in the Wild

Wojciech Mazurczyk , Krystian Powójski , Luca Caviglione


The increasing diffusion of malware endowed with steganographic techniques requires to carefully identify and evaluate a new set of threats. The creation of a covert channel to hide a communication within network traffic is one of the most relevant, as it can be used to exfiltrate information or orchestrate attacks. Even if network steganography is becoming a well-studied topic, only few works focus on IPv6 and consider real network scenarios. Therefore, this paper investigates IPv6 covert channels deployed in the wild. Also, it presents a performance evaluation of six different data hiding techniques for IPv6 including their ability to bypass some intrusion detection systems. Lastly, ideas to detect IPv6 covert channels are presented.
Author Wojciech Mazurczyk (FEIT / IT)
Wojciech Mazurczyk,,
- The Institute of Telecommunications
, Krystian Powójski (FEIT / IT)
Krystian Powójski,,
- The Institute of Telecommunications
, Luca Caviglione - Istituto di studi sui sistemi intelligenti per l'automazione (ISSIA) [National Research Council of Italy (CNR)]
Luca Caviglione,,
Publication size in sheets0.5
Article number10
Book Vrhovec Simon (eds.): Proceedings of the Third Central European Cybersecurity Conference, 2019, Association for Computing Machinery, ISBN 978-1-4503-7296-1
Keywords in EnglishIPv6, information hiding, network covert channels, network steganography
URL https://dl.acm.org/citation.cfm?doid=3360664.3360674
Project[e6s3] Secure Intelligent Methods for Advanced Recognition of Malware and Stegomalware . Project leader: Janicki Artur, , Phone: +48 22 234 7722, start date 01-05-2019, planned end date 30-04-2022, IT/2019/horyzont2020/05, Implemented
WEiTI Horizon 2020 [Horyzont 2020]
Languageen angielski
2019 Mazurczyk IPv6 Covert Channels in the Wild.pdf 606.66 KB
Score (nominal)20
Score sourcepublisherList
ScoreMinisterial score = 20.0, 18-09-2020, ChapterFromConference
Publication indicators GS Citations = 2.0
Citation count*2 (2020-09-10)
Share Share

Get link to the record

* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Are you sure?