Exploiting the IoT Through Network-based Covert Channels

Author

Kyle S. Harris

Date of Award

3-2022

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Wayne C. Henry, PhD

Abstract

Information leaks are a top concern to industry and government leaders. The IoT is a technology capable of sensing real-world events. A method for exfiltrating data from these devices is by covert channel. This research designs a novel IoT CTC without the need for inter-packet delays to encode data. Instead, it encodes data within preexisting network information, namely ports or addresses. Additionally, the CTC can be implemented in two different modes: Stealth and Bandwidth. Performance is measured using throughput and detectability. The Stealth methods mimic legitimate traffic captures while the Bandwidth methods forgo this approach for maximum throughput. Detection results are presented using shape and regularity-based detection tests. The Stealth results have a throughput of 4.61 bits per second (bps) for TCP /IP and 3.90 bps for ZigBee. They also evade shape and regularity-based detection tests. The Bandwidth methods average 81.7 Kbps for TCP/IP and 9.76 bps for ZigBee, but are evident in detection tests.

AFIT Designator

AFIT-ENG-MS-22-M-031

DTIC Accession Number

AD1166896

Recommended Citation

Harris, Kyle S., "Exploiting the IoT Through Network-based Covert Channels" (2022). Theses and Dissertations. 5322.
https://scholar.afit.edu/etd/5322