HTML5 Zero Configuration Covert Channels: Security Risks and Challenges
Refereed Original Article
In recent months, a significant number of secure, cloudless file transfer services have emerged. The aim of these services is to facilitate the secure transfer of files in a peer-to-peer (P2P) fashion over the Internet without the need for centralised authentication or storage. These services can take the form of client installed applications or entirely web browser based interfaces. Due to their P2P nature, there is generally no limit to the file sizes involved or to the volume of data transmitted – these limitations will purely be reliant on the capacities of either end of the transfer. By default, many of these services provide seamless, point-to-point encryption to their users. The cyberforensic consequences of the potential criminal use of such services are significant. The ability to easily transfer encrypted data over the Internet opens up a range of opportunities for illegal use to cybercriminals requiring minimal technical know-how. This paper explores a number of these services and provides an analysis of the risks they pose to corporate and governmental security. A number of methods for the forensic investigation of such transfers are discussed.
Digital Object Identifer (DOI):
Date Accepted for Publication:
Saturday, 22 August, 2015
National University of Ireland, Dublin (UCD)
Open access repository: