(C) 2007 Steffen Wendzel (code transferred to github in recent years but remains unchanged)
This is a simple and first implementation of a protocol switching covert channel (PHCC). A PHCC is a covert channel that switches the utilized network protocol from time to time, e.g. on a randomized basis. I invented the term PHCC while working for my diploma thesis at Kempten University of Applied Sciences, Germany, in 2007). The goal of using such a covert channel is that if one of the channels gets blocked, the others still remain. A PHCC applies different network protocols simultaneously for this purpose.
We later renamed PHCC to multiprotocol covert channels and refined the conceptual description in 2011.
- Steffen Wendzel, Jörg Keller: Low-attention forwarding for mobile network covert channels, in Proc. 12th Conference on Communications and Multimedia Security (CMS 2011), LNCS vol. 7025, pp. 122-133, Springer, Ghent (Belgium), 2011.
Start the tool on two hosts and provide the peer address of the other host using the parameter -a to allow the both hosts to connect to each other:
alice# ./phcct -a 192.168.2.100
bob# ./phcct -a 192.168.2.101
To transfer data from alice to bob, connect locally to TCP port 9999 and send data to it (e.g. using telnet or nc).
- A more sophisticated covert channel is one that actively probes for non-blocked network protocols, see my tool NELphase.
- Steffen Wendzel: Novel Approaches for Network Covert Storage Channels, PhD thesis, University of Hagen, submitted: Jan-2013, defended: May-2013.
- Wojciech Mazurczyk, Steffen Wendzel, Sebastian Zander, Amir Houmansadr, Krzysztof Szczypiorski: Information Hiding in Communication Networks: Fundamentals, Mechanisms, and Applications, IEEE Series on Information and Communication Networks Security, Wiley-IEEE, 2016.
- add encryption
- add support for additional protocols
- add a packet mixing mode
- kernel based implementation