| Presentation | 2023-11-10 NTP Tunneling Threat Model Verification and Countermeasure Shinjisangeru Sugasawa, Hisayoshi Kunimune, Shigeaki Tanimoto, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Fraudulent covert communication methods are techniques used by attackers to avoid detection of malicious communication by disguising it as harmless communication. These methods are used for information leakage in targeted attacks and for command and control of malware. Representative fraudulent covert communication methods include DNS tunneling and HTTP(S) tunneling, which have common elements such as fields that can insert arbitrary strings into the protocols used. The Network Time Protocol (NTP), used for time synchronization, is one such protocol with similar elements. In this paper, we propose and verify a threat model of NTP tunneling, which exploits NTP as a fraudulent covert communication method, and propose measures to suppress NTP tunneling. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Network Time Protocol / Covert Communication Methods / Network Security |
| Paper # | ISEC2023-64,SITE2023-58,LOIS2023-22 |
| Date of Issue | 2023-11-02 (ISEC, SITE, LOIS) |
| Conference Information | |
| Committee | LOIS / SITE / ISEC |
|---|---|
| Conference Date | 2023/11/9(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Satellite Campus Hiroshima |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | Hiroyuki Toda(NTT) / Takushi Otani(Kibi International Univ.) / Goichiro Hanaoka(AIST) |
| Vice Chair | Manabu Motegi(Takushoku Univ.) / Soichiro Morishita(Cyber Agent) / Takeo Tatsumi(Open Univ. of Japan) / Junji Shikata(Yokohama National Univ.) / Shinsaku Kiyomoto(KDDI Research) |
| Secretary | Manabu Motegi(Nagasaki Univ.) / Soichiro Morishita(NTT) / Takeo Tatsumi(NRI-Secure) / Junji Shikata(Fukuoka Inst. of Tech.) / Shinsaku Kiyomoto(AIST) |
| Assistant | Makoto Takita(Univer. of Hyogo) / Yusuke Kaneko(Japan Research Institute) / Hiroki Okada(KDDI Research) |
| Paper Information | |
| Registration To | Technical Committee on Life Intelligence and Office Information Systems / Technical Committee on Social Implications of Technology and Information Ethics / Technical Committee on Information Security |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | NTP Tunneling Threat Model Verification and Countermeasure |
| Sub Title (in English) | |
| Keyword(1) | Network Time Protocol |
| Keyword(2) | Covert Communication Methods |
| Keyword(3) | Network Security |
| 1st Author's Name | Shinjisangeru Sugasawa |
| 1st Author's Affiliation | Chiba Institute of Technology(CIT) |
| 2nd Author's Name | Hisayoshi Kunimune |
| 2nd Author's Affiliation | Chiba Institute of Technology(CIT) |
| 3rd Author's Name | Shigeaki Tanimoto |
| 3rd Author's Affiliation | Chiba Institute of Technology(CIT) |
| Date | 2023-11-10 |
| Paper # | ISEC2023-64,SITE2023-58,LOIS2023-22 |
| Volume (vol) | vol.123 |
| Number (no) | ISEC-245,SITE-246,LOIS-247 |
| Page | pp.pp.66-71(ISEC), pp.66-71(SITE), pp.66-71(LOIS), |
| #Pages | 6 |
| Date of Issue | 2023-11-02 (ISEC, SITE, LOIS) |