COVERT STORAGE CHANNELS IN THE TLS PROTOCOL
M. A. Finoshin, I. D. Ivanova, I. Yu. Zhukov, A. V. Zuikov National Research Nuclear University MEPhI (Moscow Engineering Physics Institute) Russian University of Transport (MIIT) LLC Group Companies Infotaktika LLC Hexagon
Annotation: Protection methods against TLS covert storage channels using the Random and SessionID fields of the ClientHello message are proposed. Protection means have been developed using the proposed protection methods: a module for IDS/IPS Suricata that filters TLS packets depending on the SessionID contents, and a proxy server that reformats packets transmitted to the communication environment. A comparative analysis of the implemented protection means was carried out from the point of view of their impact on the communication channel bandwidth and their effectiveness in the secret information transfer countering. The developed protection means are applicable for integration into existing protection systems against network covert channels. Recommendations on the use of proposed protection means depending on the desired level of security are given
Keywords: secret information, ClientHello message, Random, SessionID field, proxy server, filtering mean