695.722.81 - Covert Channels
Description
This course will be a survey course for covert channels and information leakage (side channel) with hands-on investigations into building and defeating covert channels. We will begin with the long history of covert channels dating back to the 1970’s up to the present and beyond by looking at current research in this area. We will explore both storage and timing covert channels and information leakage from general purpose computers, mobile devices, and modern industrial control system devices. It is necessary to be able to write code in at least 1 language (python is preferred), be familiar with computer networking and the use of network packet sniffers.
Expanded Course Description
Prerequisites
605.642 Intrusion Detection or intermediate knowledge of Python.
Instructor
Lanier Watkins
Course Structure
Module # | Module Title | Module Overview |
1 |
History of Covert Channels | In this module, we discuss the history of covert channels |
2 | TCP/IP Internetworking and Covert Channel Exploitation | In this module, we discuss the TCP/IP protocol stack and how it can be generally manipulated to create covert channels |
3 |
ICMP Covert Channels | In this module, we will discuss research papers that detail the implementation, analysis, and countermeasures for ICMP Covert Channels |
4 |
TCP and UDP Covert Channels | In this module, we will discuss research papers that detail the implementation, analysis, and countermeasures for TCP and UDP Covert Channels |
5 |
RTP and RTCP Covert Channels | In this module, we will discuss research papers that detail the implementation, analysis, and countermeasures for RTP and RTCP Covert Channels |
6 |
HTTP Covert Channels | In this module, we will discuss research papers that detail the implementation, analysis, and countermeasures for HTTP Covert Channels |
7 | SSH Covert Channels | In this module, we will discuss research papers that detail the implementation, analysis, and countermeasures for SSH Covert Channels. Also, students will produce voice-over presentations of research papers of their choice. |
| 8 | DNS Covert Channels | In this module, we will discuss research papers that detail the implementation, analysis, and countermeasures for DNS Covert Channels |
| 9 | Useful Covert Channels: Information Leakage | In this module, we introduce students to the concept of information leakage in general purpose, ICS, mobile, and IoT nodes. |
| 10 | Using AI to Recognize Leaked Compute Node Behavior | In this module, we introduce students to the use of AI methods for the recognition of side channel information |
| 11 | Useful Covert Channels: Information Leakage in General purpose nodes | In this module, we will discuss research papers that identify information leakage in general purpose nodes and detail its usefulness in inferring general purpose node behavior |
| 12 | Useful Covert Channels: Information Leakage in Smart phones | In this module, we will discuss research papers that identify information leakage in smart phones and detail its usefulness in inferring smart phone behavior |
| 13 | Useful Covert Channels: Information Leakage in ICS devices | In this module, we will discuss research papers that identify information leakage in ICS nodes and detail its usefulness in inferring ICS node behavior |
| 14 | Useful Covert Channels: Information Leakage in IoT devices | In this module, we will discuss research papers that identify information leakage in IoT nodes and detail its usefulness in inferring IoT node behavior |
Course Topics
See the above Course Structure for a list of covered topics
Course Goals
The goals for this class are to: (1) introduce the history of covert channels, (2) define the fundamentals of covert channels and how to detect them, (3) introduce the concept of information leakage and discuss its relevance to covert channels, and (4) most importantly, challenge students to develop their own covert channels and related mitigations.
Course Learning Outcomes (CLOs)
- Analyze, implement, and defeat historical and modern covert channels.
- Assess modern compute nodes (i.e., general purpose, mobile, modern ICS, and IoT) for information leakage.
- Describe the basis of TCP/IP internetworking and how it can be exploited to implement covert channels.
- Debate popular paradigms on analysis, implementation, and countering covert channels.
- Investigate current research on covert channels.
- Perform novel covert channel research, including problem identification, solution proposal, experimentation, data analysis, and technical paper presentation development.
Textbooks
None.
Student Coursework Requirements
There will be weekly class discussions (in the class discussion area) covering topics from areas 1-3 mentioned above. This will be assessed under class participation (10%).
In modules 4, 5, and 6 , 5 teams of students will choose a covert channel research paper from areas 4 and 5 mentioned above, and will deliver voice track slide presentations to the class in the discussion area. The students will also field questions from their peers regarding the presentations. This will be assessed under team presentations (10%). Each student will be responsible for critiquing the paper (not the presentation) of other teams in the class discussion area. This will be included under class participation (See above).
There will be two exams, Exam 1 will cover the topics mentioned in areas 1 and 3 above and Exam 2 will cover the topics mentioned in areas 2, 4, and 5. These will be assessed under Exam1 and Exam2 respectively (15% each, total of 30%).
There will be 4 or 5 home works covering topics in areas 1-5 mentioned above. This will be assessed under home work (20%).
For the semester long project, the team must produce a double column 5-6 page research paper with the following elements: title, abstract, introduction, related works, experimental evaluation (setup, experiments, results and discussion), conclusions and future work, and properly formatted IEEE formatted references. Also, a technical presentation will be due along with the paper. The semester long project will be assessed like a peer reviewed conference paper and presentation (30%).
Of this 30%, an executive summary will be due in Week 5 worth 5%, in Week 9 a project plan will be due worth 5%, and in Week 14 the technical paper and presentation will be due worth 20%.
The final grade will be determined based on the below scale:
100-98%=A+, 97-94%=A, 93-90%=A-, 89-87%= B+, 86-83%= B, 82-80%= B-, 79-70%= C, <60%=F
Grading Policy
Assignments are due according to the dates posted in your Canvas course site. You may check these due dates in the Course Calendar or the Assignments in the corresponding modules. I/We will post grades one week after assignment due dates.
We generally do not directly grade spelling and grammar. However, egregious violations of the rules of the English language will be noted without comment. Consistently poor performance in either spelling or grammar is taken as an indication of poor written communication ability that may detract from your grade.
A grade of A indicates achievement of consistent excellence and distinction throughout the course—that is, conspicuous excellence in all aspects of assignments and discussion in every week.
A grade of B indicates work that meets all course requirements on a level appropriate for graduate academic work. These criteria apply to both undergraduates and graduate students taking the course.
EP uses a +/- grading system (see “Grading System”, Graduate Programs catalog, p. 10).
| Score Range | Letter Grade |
|---|---|
| 100-98 | = A+ |
| 97-94 | = A |
| 93-90 | = A− |
| 89-87 | = B+ |
| 86-83 | = B |
| 82-80 | = B− |
| 79-77 | = C+ |
| 76-73 | = C |
| 72-70 | = C− |
| 69-67 | = D+ |
| 66-63 | = D |
| <63 | = F |
Grading Rubric
Assignment | Percentage of Grade | Comments |
Exam #1 | 15% |
|
Exam #2 | 15% |
|
Class Participation:
| 10% |
|
Home Work Assignments | 20% |
|
Team Presentations | 10% | Each team will post voice-over powerpoints in module 4,5,and 6 |
Team Assignment
| 30% | Each group will give a technical presentation and hand in a technical paper |
Academic Policies
Deadlines for Adding, Dropping and Withdrawing from Courses
Students may add a course up to one week after the start of the term for that particular course. Students may drop courses according to the drop deadlines outlined in the EP academic calendar (https://ep.jhu.edu/student-services/academic-calendar/). Between the 6th week of the class and prior to the final withdrawal deadline, a student may withdraw from a course with a W on their academic record. A record of the course will remain on the academic record with a W appearing in the grade column to indicate that the student registered and withdrew from the course.
Academic Misconduct Policy
All students are required to read, know, and comply with the Johns Hopkins University Krieger School of Arts and Sciences (KSAS) / Whiting School of Engineering (WSE) Procedures for Handling Allegations of Misconduct by Full-Time and Part-Time Graduate Students.
This policy prohibits academic misconduct, including but not limited to the following: cheating or facilitating cheating; plagiarism; reuse of assignments; unauthorized collaboration; alteration of graded assignments; and unfair competition. Course materials (old assignments, texts, or examinations, etc.) should not be shared unless authorized by the course instructor. Any questions related to this policy should be directed to EP’s academic integrity officer at ep-academic-integrity@jhu.edu.
Students with Disabilities - Accommodations and Accessibility
Johns Hopkins University values diversity and inclusion. We are committed to providing welcoming, equitable, and accessible educational experiences for all students. Students with disabilities (including those with psychological conditions, medical conditions and temporary disabilities) can request accommodations for this course by providing an Accommodation Letter issued by Student Disability Services (SDS). Please request accommodations for this course as early as possible to provide time for effective communication and arrangements.
For further information or to start the process of requesting accommodations, please contact Student Disability Services at Engineering for Professionals, ep-disability-svcs@jhu.edu.
Student Conduct Code
The fundamental purpose of the JHU regulation of student conduct is to promote and to protect the health, safety, welfare, property, and rights of all members of the University community as well as to promote the orderly operation of the University and to safeguard its property and facilities. As members of the University community, students accept certain responsibilities which support the educational mission and create an environment in which all students are afforded the same opportunity to succeed academically.
For a full description of the code please visit the following website: https://studentaffairs.jhu.edu/policies-guidelines/student-code/
Classroom Climate
JHU is committed to creating a classroom environment that values the diversity of experiences and perspectives that all students bring. Everyone has the right to be treated with dignity and respect. Fostering an inclusive climate is important. Research and experience show that students who interact with peers who are different from themselves learn new things and experience tangible educational outcomes. At no time in this learning process should someone be singled out or treated unequally on the basis of any seen or unseen part of their identity.
If you have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, please reach out to the course instructor directly. Reporting will never impact your course grade. You may also share concerns with your program chair, the Assistant Dean for Diversity and Inclusion, or the Office of Institutional Equity. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).
Course Auditing
When a student enrolls in an EP course with “audit” status, the student must reach an understanding with the instructor as to what is required to earn the “audit.” If the student does not meet those expectations, the instructor must notify the EP Registration Team [EP-Registration@exchange.johnshopkins.edu] in order for the student to be retroactively dropped or withdrawn from the course (depending on when the "audit" was requested and in accordance with EP registration deadlines). All lecture content will remain accessible to auditing students, but access to all other course material is left to the discretion of the instructor.