ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2018, Vol. 55 ›› Issue (6): 1157-1166.doi: 10.7544/issn1000-1239.2018.20170451

• 信息安全 • 上一篇    下一篇

一种基于HTTP/2协议的隐蔽序列信道方法

刘政祎,嵩天   

  1. (北京理工大学计算机学院 北京 100081) (liuzhengyi@bit.edu.cn)
  • 出版日期: 2018-06-01
  • 基金资助: 
    国家自然科学基金项目(U1636119,61272510,61672101)

Covert Sequence Channel Based on HTTP/2 Protocol

Liu Zhengyi, Song Tian   

  1. (School of Computer Science, Beijing Institute of Technology, Beijing 100081)
  • Online: 2018-06-01

摘要: 隐蔽通信技术能够为使用者提供有效保证隐私安全的数据传输服务.现有存储类隐蔽信道一直存在隐蔽安全性疑问,而时间类信道较多选择网络及以下层协议作为载体,需额外提供复杂编码方法以降低误码率,且难以提供足够的传输速率.以新一代应用层协议HTTP/2为基础,提出了一种新的隐蔽信道方法——H2CSC.该方法通过控制HTTP/2协议服务器响应的数据传输过程,通过修改待发送数据帧的发送顺序,使用组合数学编码方法在数据帧序列中隐蔽消息,充分利用了HTTP/2协议提供信道可靠性及安全性.H2CSC方法在广泛使用的Apache Web服务器中以功能模块形式予以实现,并通过真实系统对该方法的有效性和可靠性进行测试,使用基于修正条件熵的逻辑回归分类检测方法进行安全性测试.实验证明:H2CSC方法能够达到574bps的隐蔽通信速度,具有较高的健壮性和隐蔽性.

关键词: 隐蔽信道, HTTP/2协议, 数据帧序列, 组合数学编码方法, 修正条件熵

Abstract: Covert communication technology offers effective privacy-preserving and secure data transmission services with covertness in behavior and content. Existing covert storage channels have always been questioned about their covertness. On the other hand, covert timing channels mainly use middle and lower layer network protocols as overt channels, which usually requires complex encoding methods to reduce bit error rates. It is hard to satisfy the transmission rate requirements through current covert timing channels as well. In this paper, we present H2CSC, a new covert sequence channel approach over the next-generation application layer HTTP/2 protocol. H2CSC controls and manipulates the responses of HTTP/2 Web server to its requests, forming a kind of covert sequence from the stream IDs of those response frames. Then, H2CSC exploits combinatorial coding methods to embed covert bits into these frame sequences. It takes advantage of HTTP/2 protocol to provide channel reliability and security. We implement H2CSC method in the widely used Apache Web server as a function module, and examine the channel’s effectiveness and robustness in the real system. We further evaluate the covertness of this channel by using a detection method based on logistic regression of corrected conditional entropy. The experimental results show that H2CSC could provide 574bps of covert transmission rates with excellent robustness and covertness.

Key words: covert channel, HTTP/2 protocol, data frame sequence, combinatorial coding methods, corrected conditional entropy

中图分类号: