Home
Softono
CCEAP

CCEAP

Open source C
Website GitHub
15
Stars
3
Forks
0
Issues
3
Watchers
1 year
Last Commit
Supply Chain Education & Learning

About CCEAP

The Covert Channel Educational Analysis Protocol (CCEAP) is a simple network protocol designed for teaching covert channels and network steganography to students and professionals. It functions as both an educational tool and an easy-to-use covert channel traffic generator. CCEAP is built around the concept of hiding patterns, which are structured methods for creating covert channels. The protocol is intentionally vulnerable to several such patterns, enabling learners to observe and analyze how hidden data can be embedded in network traffic. Its structure is straightforward and self-explanatory, and the implementation is kept minimal in terms of code, making it highly accessible for academic use. Key features include support for demonstrating hiding patterns such as inter-arrival time encoding and manipulated message ordering. The CCEAP includes a server, a client, and helper tools for encoding data into timing sequences and ordering manipulations. Documentation and sample exercises are available, along with

Platforms

Web Self-hosted

Languages

C

Links

Website Source Code
c
Published by
cdpxe
Visit View Profile

README.md

View on GitHub

CCEAP: Covert Channel Educational Analysis Protocol

The Covert Channel Educational Analysis Protocol (CCEAP) is a simple network protocol designed for teaching covert channels (network steganography) to professionals and students. It is also an easy-to-use covert channel traffic generator.

The protocol is explicitly vulnerable against several hiding patterns, i.e. patterns that represent hiding methods (steganographic methods that create covert channels, see here for my GitHub online class on network steganography/covert channels). The protocol's structure is simple and self-explanatory and its implementation is kept at a minimum level of code lines to make it especially accessible to students. There is also a documentation and an academic publication (published under the umbrella of ACM CCS 2016, download link is also in the documentation) available.

Please send requests and feedback to the author: Steffen Wendzel, www.wendzel.de (steffen (at) wendzel (dot) de).

How to Cite this Work?

Steffen Wendzel, Wojciech Mazurczyk: Poster: An Educational Network Protocol for Covert Channel Analysis Using Patterns, in Proc. 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS 2016). ACM, New York, NY, USA, pp. 1739–1741, DOI: 10.1145/2976749.2989037.

Kickstart - a few Examples:

1. A First Start

First, start the server, e.g. on your local host: ./server -P 9999. This lets the server run on IP 127.0.0.1, port 9999.

Then, connect with the client: ./client -D 127.0.0.1 -P 9999. This will make the client send ten simple standard messages to your server. The server should display the received packets' meta-data.

2. Covert Timing Channel

Now, let us create a simple covert timing channel that we use to transfer the file /etc/hosts. And we want to encode 1 and 0 bits with 500ms and 1000ms. Therefore, we start the server again, and then run the client as follows using CCEAP's iat_encode tool which encodes files into inter-arrival times (this would represent the Inter-arrival Time pattern):

./client -D 127.0.0.1 -P 9999 -t ´./iat_encode /etc/hosts 500 1000´

3. Simple Covert Channel Traffic Generator

Of course, one could also use dd together with /dev/random as a source of randomness to create a file with random bits and use this file instead of /etc/hosts. Similarly, the Manipulated Message Ordering pattern can be represented using ./seq_encode /etc/hosts 256 2 instead of ./iat_encode /etc/hosts 500 1000. Check the documentation for details.

More parameters of client can be obtained by running ./client -h.

More Examples

Additional examples can be found in the sample_exercises directory and in the documentation.