An 802.11 MAC layer covert channel

For extremely sensitive applications, it may be advantageous for users to transmit certain types of data covertly over the network. This provides an additional layer of security to that provided by the different layers of the protocol stack. In this paper we present a covert side channel that uses the 802.11 MAC rate switching protocol. The covert channel provides a general method to hide communications within currently deployed 802.11 LANs. The technique uses a one-time password (OTP) algorithm to ensure high-entropy randomness of the covert messages. We investigate how the covert side channel affects network throughput under various rate-switching conditions with UDP-based and TCP-based application traffic. We also investigate the covertness of the covert side channel using standardized entropy. The theoretical analysis shows that the maximum covert channel bandwidth is 60 bps. The simulation results show that the impact on network throughput is minimal and increases slightly as the covert channel bandwidth increases. We further show that the channel has 100% accuracy with minimal impact on rate switching entropy for scenarios where rate switching normally occurs. Finally, we present two applications for the covert channel: covert authentication and covert WiFi botnets. Copyright © 2010 John Wiley & Sons, Ltd.