基于TCP协议首部的网络隐蔽通道技术研究

通过研究网络隐蔽通道建立的机制，提出了一种基于TCP协议首部实现网络隐蔽通道的方法，通过将秘密信息经AES加密后嵌入TCP协议首部的序列号和确认号字段，模拟访问Web服务器的行为生成TCP数据包，以达到穿透防火墙和躲避入侵检测系统的目的，并利用此隐蔽通道进行信息传递和远程控制。设计并实现了该原型系统。实验结果表明，该系统的隐蔽性高、传输速度快、可扩展性强，可以实现隐秘信息的传输，也为解决网络隐蔽通道的安全策略问题提供了理论依据和技术支持。

Research of the network covert channel technique based on TCP protocol header

Through studying the mechanism established by network covert channel, a network covert channel implementation method using TCP protocol header is proposed. The firewall and intrusion detection system are penetrated by the following procedure: Firstly, certain AES encrypted secret information is embedded into the sequence number/confirm number fields of the TCP header. Secondly,TCP data packets are constructed by web behavior simulating technique. Finally, information transferring and remote controlling can be implemented through this covert channel.A prototype system is also implemented.The experimental results show that, the system has some advantages such as high concealment performance, fast transmission speed, good expansibility, etc. The transmission of privacy information can be achieved. Theory basis and technical support are also provided for the network information security problem solving.