Covert Messaging through TCP Timestamps
نویسندگان
چکیده
We present a protocol for sending data over a common class of low-bandwidth covert channels. Covert channels exist in most communications systems and allow individuals to communicate truly undetectably. However, covert channels are seldom used due to their complexity. Our protocol is both practical and secure against attack by powerful adversaries. We implement our protocol on a standard platform (Linux) exploiting a channel in a common communications system (TCP timestamps).
منابع مشابه
Hiding out in plaintext : covert messaging with bitwise summations
vi CHAPTER 1. GENERAL INTRODUCTION 1 1.1 Problem Statement 1 1.2 Thesis Organization 1 1.3 Overview of Network Covert Channels 2 1.4 Overview of Information Hiding in TCP/IP 3 1.5 Network Layer 5 1.5.1 Do not Fragment Bit 5 1.5.2 IP Identification Field 6 1.5.3 IP Header Checksum 6 1.5.4 ICMP Data 6 1.6 Transport Layer 7 1.6.1 TCP Time Stamps 7 1.6.2 Sequence and Acknowledgment Fields 9 1.7 Act...
متن کاملRObust Header Compression (ROHC): A Profile for TCP/IP (ROHC-TCP)
This document specifies a ROHC (Robust Header Compression) profile for compression of TCP/IP packets. The profile, called ROHC-TCP, provides efficient and robust compression of TCP headers, including frequently used TCP options such as SACK (Selective Acknowledgments) and Timestamps. ROHC-TCP works well when used over links with significant error rates and long round-trip times. For many bandwi...
متن کاملRFC 3522 The Eifel Detection Algorithm
The Eifel detection algorithm allows a TCP sender to detect a posteriori whether it has entered loss recovery unnecessarily. It requires that the TCP Timestamps option defined in RFC 1323 be enabled for a connection. The Eifel detection algorithm makes use of the fact that the TCP Timestamps option eliminates the retransmission ambiguity in TCP. Based on the timestamp of the first acceptable AC...
متن کاملNetwork Working Group Robust Header Compression (rohc): a Profile for Tcp/ip (rohc-tcp)
This document specifies a ROHC (Robust Header Compression) profile for compression of TCP/IP packets. The profile, called ROHC-TCP, provides efficient and robust compression of TCP headers, including frequently used TCP options such as SACK (Selective Acknowledgments) and Timestamps. ROHC-TCP works well when used over links with significant error rates and long round-trip times. For many bandwi...
متن کاملRFC 3522 The Eifel Detection Algorithm for TCP
The Eifel detection algorithm allows a TCP sender to detect a posteriori whether it has entered loss recovery unnecessarily. It requires that the TCP Timestamps option defined in RFC 1323 be enabled for a connection. The Eifel detection algorithm makes use of the fact that the TCP Timestamps option eliminates the retransmission ambiguity in TCP. Based on the timestamp of the first acceptable AC...
متن کامل