{"id":16409861,"url":"https://github.com/cdpxe/cceap","last_synced_at":"2025-03-23T06:31:02.813Z","repository":{"id":100166391,"uuid":"64239429","full_name":"cdpxe/CCEAP","owner":"cdpxe","description":"The Covert Channel Educational Analysis Protocol (CCEAP) is a network protocol designed for teaching covert channels to professionals and students in higher education. It is also an easy-to-use covert channel traffic generator. The basis for CCEAP are so-called `hiding patterns'.","archived":false,"fork":false,"pushed_at":"2024-10-29T18:39:19.000Z","size":4714,"stargazers_count":14,"open_issues_count":0,"forks_count":3,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-01T22:43:48.395Z","etag":null,"topics":["c","covert-channel","education","hiding-patterns","higher-education","information-hiding","infosec","network","network-protocol","patterns","protocol","research-paper","research-project","research-tool","scientific-publications","steganography","students","traffic-analysis","tunneling","undergraduate"],"latest_commit_sha":null,"homepage":"https://patterns.ztt.hs-worms.de/cceap/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cdpxe.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":null,"support":"support.c","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-07-26T17:04:22.000Z","updated_at":"2024-12-26T03:50:15.000Z","dependencies_parsed_at":"2024-10-28T15:52:40.477Z","dependency_job_id":null,"html_url":"https://github.com/cdpxe/CCEAP","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdpxe%2FCCEAP","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdpxe%2FCCEAP/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdpxe%2FCCEAP/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdpxe%2FCCEAP/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cdpxe","download_url":"https://codeload.github.com/cdpxe/CCEAP/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244277179,"owners_count":20427312,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","covert-channel","education","hiding-patterns","higher-education","information-hiding","infosec","network","network-protocol","patterns","protocol","research-paper","research-project","research-tool","scientific-publications","steganography","students","traffic-analysis","tunneling","undergraduate"],"created_at":"2024-10-11T06:21:44.919Z","updated_at":"2025-03-23T06:31:02.803Z","avatar_url":"https://github.com/cdpxe.png","language":"C","readme":"# CCEAP: Covert Channel Educational Analysis Protocol\n\nThe *Covert Channel Educational Analysis Protocol* (CCEAP) is a simple network protocol designed for teaching covert channels (network steganography) to professionals and students. It is also an easy-to-use covert channel traffic generator.\n\nThe protocol is explicitly vulnerable against several [hiding patterns](https://patterns.ztt.hs-worms.de/about/), i.e. patterns that represent hiding methods (steganographic methods that create covert channels, see [here](https://github.com/cdpxe/Network-Covert-Channels-A-University-level-Course/) for my GitHub online class on network steganography/covert channels). The protocol's structure is simple and self-explanatory and its implementation is kept at a minimum level of code lines to make it especially accessible to students. There is also a [documentation](https://github.com/cdpxe/CCEAP/tree/master/documentation) and an *academic publication* (published under the umbrella of ACM CCS 2016, download link is also in the documentation) available.\n\nPlease send requests and feedback to the author: Steffen Wendzel, [www.wendzel.de](https://www.wendzel.de) (steffen (at) wendzel (dot) de).\n\n### How to Cite this Work?\n\nSteffen Wendzel, Wojciech Mazurczyk: [Poster: An Educational Network Protocol for Covert Channel Analysis Using Patterns](https://doi.org/10.1145/2976749.2989037), in Proc. 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS 2016). ACM, New York, NY, USA, pp. 1739–1741, DOI: [10.1145/2976749.2989037](https://doi.org/10.1145/2976749.2989037).\n\n## Kickstart - a few Examples:\n\n#### 1. A First Start\nFirst, start the server, e.g. on your local host: `./server -P 9999`. This lets the server run on IP 127.0.0.1, port 9999.\n\nThen, connect with the client: `./client -D 127.0.0.1 -P 9999`. This will make the client send ten simple standard messages to your server. The server should display the received packets' meta-data.\n\n#### 2. Covert Timing Channel\nNow, let us create a simple covert timing channel that we use to transfer the file `/etc/hosts`. And we want to encode 1 and 0 bits with 500ms and 1000ms. Therefore, we start the server again, and then run the client as follows using CCEAP's `iat_encode` tool which encodes files into inter-arrival times (this would represent the [Inter-arrival Time](https://patterns.ztt.hs-worms.de/NIHPattern/) pattern):\n\n`./client -D 127.0.0.1 -P 9999 -t ´./iat_encode /etc/hosts 500 1000´`\n\n#### 3. Simple Covert Channel Traffic Generator\nOf course, one could also use `dd` together with `/dev/random` as a source of randomness to create a file with random bits and use this file instead of `/etc/hosts`.\nSimilarly, the [Manipulated Message Ordering](https://patterns.ztt.hs-worms.de/NIHPattern/) pattern can be represented using `./seq_encode /etc/hosts 256 2` instead of `./iat_encode /etc/hosts 500 1000`. Check the [documentation](https://github.com/cdpxe/CCEAP/tree/master/documentation) for details.\n\nMore parameters of `client` can be obtained by running `./client -h`.\n\n#### More Examples\n\nAdditional examples can be found in the [sample_exercises](https://github.com/cdpxe/CCEAP/tree/master/sample_exercises) directory and in the documentation.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcdpxe%2Fcceap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcdpxe%2Fcceap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcdpxe%2Fcceap/lists"}