Covert channel vulnerabilities in anonymity systems

Monday, 10 December 2007, 4:10 PM EST

The spread of wide-scale Internet surveillance has spurred interest in anonymity systems that protect usersí privacy by restricting unauthorised access to their identity. This requirement can be considered as a flow control policy in the well established field of multilevel secure systems. I apply previous research on covert channels (unintended means to communicate in violation of a security policy) to analyse several anonymity systems in an innovative way.

One application for anonymity systems is to prevent collusion in competitions. I show how covert channels may be exploited to violate these protections and construct defences against such attacks, drawing from previous covert channel research and collusion-resistant voting systems.

In the military context, for which multilevel secure systems were designed, covert channels are increasingly eliminated by physical separation of interconnected single-role computers. Prior work on the remaining network covert channels has been solely based on protocol specifications. I examine some protocol implementations and show how the use of several covert channels can be detected and how channels can be modified to resist detection.

At cl.cam.ac.uk

[ Read more ]




Spotlight

Russian hackers stole millions from banks, ATMs

Posted on 22 December 2014.  |  Tens of millions of dollars, credit cards and intellectual property stolen by a new group of cyber criminals. This group has been involved in targeted attacks and espionage since 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //