ps6sols

ps6sols - 6.857 : Handout 20: Problem Set 6 Solutions...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 6.857 : Handout 20: Problem Set 6 Solutions Problem 6-2. Covert Channels Some of the covert channels identified include: Encoding data in the TCP Initial Sequence Number Field. Encoding data in the size of the TCP window. (Use an even window to send a 0, an odd window to send a 1.) Adding additional information to the HTTP header sent as part of SSL streams; because the SSL stream is encrypted, observers on the local network wont be able to read it! Modulating the packet size of successive packets in a TCP stream. Modulating the information contained in the last byte of each TCP packet in a TCP stream. Modulating the speed with which packets are sent. (This is somewhat inecient and it might be hard to read the data on the other side, as the network might change arrival times, so a point was taken off for this approach unless there was a detailed discussion of how to tune the packet transmission speed for different websites.) Encoding information by the order in which images are requested from the web server. Some groups suggested encrypting data with a public-key system. One group suggested compressing data rather than (or before) encrypting it, since this would both make the data sent smaller and would make it appear more random. The following methods were not accepted because they would be too easy to detect: Having the browser send different cookies than it receives, relying on the fact that users will not notice if the contents of long cookies filled with BASE64-encoded binary data has changed. (This was not accepted because automated software could easily detect that cookies sent by the browser are not the same as cookies received.) Adding headers to the HTTP request (e.g. X-Data: 39382304f232j3423j4kas3 ). Adding additional elements, such as a language or image type, to an existing HTTP header. Changing the User-Agent: header. Changing the order of HTTP fields or elements within an HTTP field. Massachusetts Institute of Technology Massachusetts Institute of Technology Massachusetts Institute of Technology Massachusetts Institute of Technology Massachusetts Institute of Technology Massachusetts Institute of Technology Massachusetts Institute of Technology Massachusetts Institute of Technology Massachusetts Institute of Technology Massachusetts Institute of Technology Massachusetts Institute of Technology Massachusetts Institute of Technology Handout 20 Handout 20 Handout 20 Handout 20 6.857: Network and Computer Security 6.857: Network and Computer Security 6.857: Network and Computer Security 6.857: Network and Computer Security 6.857: Network and Computer Security 6.857: Network and Computer Security 6.857: Network and Computer Security 6.857: Network and Computer Security 6.857: Network and Computer Security 6.857: Network and Computer Security 6.857: Network and Computer Security 6.857: Network and Computer Security 6.857: Network and Computer Security November 20, 2003 November 20, 2003...
View Full Document

Page1 / 5

ps6sols - 6.857 : Handout 20: Problem Set 6 Solutions...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online