A MAC layer covert channel in 802.11 networks

Abstract

Covert channels in modern communication networks are a source of security concerns. Such channels can be used to facilitate command and control of botnets or inject malicious contents into unsuspected end-user devices or network nodes. The vast majority of the documented covert channels make use of the upper layers of the Open Systems Interconnection (OSI) model. In this thesis, we present a new covert channel in IEEE 802.11 networks, making use of the Protocol Version field in the Medium Access Control (MAC) header. This is achieved by forging modified Clear To Send (CTS) and Acknowledgment (ACK) frames. Forward error correction mechanisms and interleaving were implemented to increase the proposed channel's robustness to error. A laboratory implementation of the proposed channel is presented by developing the necessary code in Python, operating in a Linux environment. We present the results of tests conducted on the proposed channel, including measurements of channel errors, available data rate for transmission, and level of covertness.