A Covert Data Transport Protocol
This addresses the need for secure and untraceable data transmission in applications like data forensics and botnet removal, though it is incremental as it builds on existing encryption and domain generation techniques.
The paper tackles the problem of identifying data sources in network forensics by developing a covert data transport protocol that encodes AES-encrypted data into domain names using a domain generation algorithm, which current tools cannot reliably distinguish from legitimate domain names, making it undetectable by Deep Packet Inspection.
Both enterprise and national firewalls filter network connections. For data forensics and botnet removal applications, it is important to establish the information source. In this paper, we describe a data transport layer which allows a client to transfer encrypted data that provides no discernible information regarding the data source. We use a domain generation algorithm (DGA) to encode AES encrypted data into domain names that current tools are unable to reliably differentiate from valid domain names. The domain names are registered using (free) dynamic DNS services. The data transmission format is not vulnerable to Deep Packet Inspection (DPI).