*2.3.2 Noisy and noiseless channels*

I discussed previously that the characteristics of the covert channel are similar to any communication channel. One of these characteristics is that the channel may be

noisy. The covert channel can be noiseless if the transmitted data by the sender and received data by the receiver are the same with probability 1; otherwise, the channel is noisy. Usually, data transmitted through a covert channel is represented by bit "0" or "1." Nevertheless, if the receiver decodes every bit transmitted by the sender correctly, then the covert channel is considered noiseless. Thus, to reduce error rate, which is produced by noise, correction codes are used [6].

#### *2.3.3 Program-flow channels*

I present a new type of covert channel, which is program-flow. The program-flow covert channel depends on the flow of program execution to convey information. In our proposed covert channel, the sender tries to guess the correct delta\_mmap (encoded information) of the vulnerable server program. The server code which executes in case of successful guess differs from which executes in a failed guess. The receiver distinguishes between server code executed in successful and failed guesses.

#### **2.4 Authentication and key exchange**

Authentication process identifies entities that are attempting to access some resources. Diffie-Hellman (DH) algorithm is used as method of public key exchange.

#### *2.4.1 Authentication process*

Authentication is a process of checking whether someone or something is authorized or not to access some resources. Authentication can be computer to computer or process to process and mutual in both directions [7, 8]. Bob can authenticate Alice's identity depending on four factors [7, 9], which are:

#### *2.4.1.1 Something you know*

Alice sends a request to the server to access some resources; Bob authenticates Alice by asking her about a secret thing that she knows, such as password. If Alice issues a correct password, then Bob will accept her request for accessing some resources. Fortunately, a password is needed to login into the system and access its resources. Yet, unfortunately, the user is always asked to reuse the password when he wants to log into the system, which gives attackers opportunities to hack the password and reuse it. The solution for this problem is to use a onetime password (OTP) so that the user each time she logs into a system needs a new password.

#### *2.4.1.2 Something you have*

One of the disadvantages of the first authentication factor (something you know) is that the user may forget his password. Thus, the second authentication factor (something you have) overcomes this problem, whereby the user has an object (e.g., automatic teller machine (ATM) cards, OTP cards [7], and smart cards [9]) to access the system. Unfortunately, the objects may get stolen by attackers.

#### *2.4.1.3 Something you are*

The third authentication factor is based on the measurements of the user's physical characteristics such as the fingerprints, iris, and voice. The techniques that measure the behavioral characteristics of the user are called biometrics [7, 8]. This

**111**

*Secure Communication Using Cryptography and Covert Channel*

factor overcomes the problems of the previous factors because it does not depend

Brainard et al. [9] proposes a fourth factor of authentication that is dependent

When Alice and Bob want to exchange messages, they do not want an attacker to modify the contents of their messages. This can be achieved by using message authentication odes (MACs), where the MAC is a tag, attached to the message by Alice to Bob or vice versa. If Bob validates this tag, the request of Alice will be accepted by Bob; otherwise, it is rejected [7]. MAC that is based on cryptographic hash functions is called HMAC [10]. There are many hash functions, such as message digest 5 (MD5) and Secure Hash Algorithm 1 (SHA1). When HMAC is used with MD5, it is called Hashed Message Authentication Code-Message Digest 5 (HMAC-MD5), and when it is used with SHA1, it is called Hashed Message Authentication Code-Secure Hash Algorithm 1 (HMAC-SHA1) [7, 10, 11]. In our dissertation, we use the secure hash algorithm SHA256 with pre-shared key to form HMAC-SHA256, where the secure hash algorithm SHA256 takes a message of 512 bit blocks as input and returns a digest message with 256 bits as output [7].

Key exchange algorithms are cryptographic methods that generate cryptographic shared keys that are shared among users. After Alice and Bob agree on a shared key, they can use it in HMAC, and they can also use it in symmetric encryption algorithms to encrypt or to decrypt files. Alice encrypts file using one of the symmetric algorithms and sends it to Bob. Bob in turn uses the same symmetric algorithm to decrypt the file. Note that Alice and Bob must agree on a shared key before using symmetric algorithm. Many key agreement protocols have been proposed. The Diffie-Hellman (DH) algorithm [12] is a very popular example that introduces a key exchange protocol using the discrete logarithm problem [13]. DH algorithm enables Alice and Bob to exchange secure keys over an insecure channel. **Figure 2** shows the mechanism of DH. The values g and p are public parameters known to Alice and Bob, whereby p is a prime number and g (generator of p) is an integer less than p. This means that for all every number n between 1 and p-1, there

integer number, a and b, respectively. After that, Alice sends to Bob (gb

**Figure 3** shows that a "man-in-the-middle" (Mallory) can listen and modify the conversation messages between Alice and Bob. In so doing, she can convince Alice and Bob that they are communicating with each other while in fact both are communicating with Mallory [7]. Moreover, **Figure 3** shows that the main vulnerability in the DH protocol is that it does not have an authentication process. Several

mod p. Both Alice and Bob choose a secret random

mod p). Finally, they agree on a secret key by using this

mod p),

on emergency authenticator, and it is used when the primary authenticator is unavailable to a user. A good example for emergency system is email; thus, when a user forgets his password, he often has the option of having password reset instructions. A system called "vouching" is introduced. A voucher system permits swapping of the roles of the token and PIN to deal with the case when the user has

*DOI: http://dx.doi.org/10.5772/intechopen.82580*

forgotten his PIN but still has his token.

*2.4.3 Diffie-Hellman (DH) key exchange algorithm*

is a power k of g such that n = gk

mod p).

and Bob sends to Alice (gb

) b

formula ((ga

on a password or a token.

*2.4.1.4 Somebody you know*

*2.4.2 Message authentication*

factor overcomes the problems of the previous factors because it does not depend on a password or a token.
