https://github.com/cdpxe/cceap

The Covert Channel Educational Analysis Protocol (CCEAP) is a network protocol designed for teaching covert channels to professionals and students in higher education. It is also an easy-to-use covert channel traffic generator. The basis for CCEAP are so-called `hiding patterns'.
https://github.com/cdpxe/cceap

c covert-channel education hiding-patterns higher-education information-hiding infosec network network-protocol patterns protocol research-paper research-project research-tool scientific-publications steganography students traffic-analysis tunneling undergraduate

Last synced: 2 months ago
JSON representation

The Covert Channel Educational Analysis Protocol (CCEAP) is a network protocol designed for teaching covert channels to professionals and students in higher education. It is also an easy-to-use covert channel traffic generator. The basis for CCEAP are so-called `hiding patterns'.

• Host: GitHub
• URL: https://github.com/cdpxe/cceap
• Owner: cdpxe
• License: gpl-3.0
• Created: 2016-07-26T17:04:22.000Z (almost 9 years ago)
• Default Branch: master
• Last Pushed: 2024-10-29T18:39:19.000Z (7 months ago)
• Last Synced: 2025-03-01T22:43:48.395Z (3 months ago)
• Topics: c, covert-channel, education, hiding-patterns, higher-education, information-hiding, infosec, network, network-protocol, patterns, protocol, research-paper, research-project, research-tool, scientific-publications, steganography, students, traffic-analysis, tunneling, undergraduate
• Language: C
• Homepage: https://patterns.ztt.hs-worms.de/cceap/
• Size: 4.5 MB
• Stars: 14
• Watchers: 5
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG
  • License: LICENSE
  • Citation: CITATION.cff
  • Support: support.c

Awesome Lists containing this project

README

        
# CCEAP: Covert Channel Educational Analysis Protocol

The *Covert Channel Educational Analysis Protocol* (CCEAP) is a simple network protocol designed for teaching covert channels (network steganography) to professionals and students. It is also an easy-to-use covert channel traffic generator.

The protocol is explicitly vulnerable against several [hiding patterns](https://patterns.ztt.hs-worms.de/about/), i.e. patterns that represent hiding methods (steganographic methods that create covert channels, see [here](https://github.com/cdpxe/Network-Covert-Channels-A-University-level-Course/) for my GitHub online class on network steganography/covert channels). The protocol's structure is simple and self-explanatory and its implementation is kept at a minimum level of code lines to make it especially accessible to students. There is also a [documentation](https://github.com/cdpxe/CCEAP/tree/master/documentation) and an *academic publication* (published under the umbrella of ACM CCS 2016, download link is also in the documentation) available.

Please send requests and feedback to the author: Steffen Wendzel, [www.wendzel.de](https://www.wendzel.de) (steffen (at) wendzel (dot) de).

### How to Cite this Work?

Steffen Wendzel, Wojciech Mazurczyk: [Poster: An Educational Network Protocol for Covert Channel Analysis Using Patterns](https://doi.org/10.1145/2976749.2989037), in Proc. 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS 2016). ACM, New York, NY, USA, pp. 1739–1741, DOI: [10.1145/2976749.2989037](https://doi.org/10.1145/2976749.2989037).

## Kickstart - a few Examples:

#### 1. A First Start

First, start the server, e.g. on your local host: `./server -P 9999`. This lets the server run on IP 127.0.0.1, port 9999.

Then, connect with the client: `./client -D 127.0.0.1 -P 9999`. This will make the client send ten simple standard messages to your server. The server should display the received packets' meta-data.

#### 2. Covert Timing Channel

Now, let us create a simple covert timing channel that we use to transfer the file `/etc/hosts`. And we want to encode 1 and 0 bits with 500ms and 1000ms. Therefore, we start the server again, and then run the client as follows using CCEAP's `iat_encode` tool which encodes files into inter-arrival times (this would represent the [Inter-arrival Time](https://patterns.ztt.hs-worms.de/NIHPattern/) pattern):

`./client -D 127.0.0.1 -P 9999 -t ´./iat_encode /etc/hosts 500 1000´`

#### 3. Simple Covert Channel Traffic Generator

Of course, one could also use `dd` together with `/dev/random` as a source of randomness to create a file with random bits and use this file instead of `/etc/hosts`.

Similarly, the [Manipulated Message Ordering](https://patterns.ztt.hs-worms.de/NIHPattern/) pattern can be represented using `./seq_encode /etc/hosts 256 2` instead of `./iat_encode /etc/hosts 500 1000`. Check the [documentation](https://github.com/cdpxe/CCEAP/tree/master/documentation) for details.

More parameters of `client` can be obtained by running `./client -h`.

#### More Examples

Additional examples can be found in the [sample_exercises](https://github.com/cdpxe/CCEAP/tree/master/sample_exercises) directory and in the documentation.