Stealthier Inter-packet Timing Covert Channels
نویسندگان
چکیده
Covert channels aim to hide the existence of communication. Recently proposed packet-timing channels encode covert data in inter-packet times, based on models of inter-packet times of normal traffic. These channels are detectable if normal inter-packet times are not independent identically-distributed, which we demonstrate is the case for several network applications. We show that ~80% of channels are detected with a false positive rate of 0.5%. We then propose an improved channel that is much harder to detect. Only ~9% of our new channels are detected at a false positive rate of 0.5%. Our new channel uses packet content for synchronisation and works with UDP and TCP traffic. The channel capacity reaches over hundred bits per second depending on overt traffic and network jitter.
منابع مشابه
طراحی و ارزیابی روش کدگذاری ترکیبی برای کانال پوششی زمانبندیدار در شبکه اینترنت
Covert channel means communicating information through covering of overt and authorized channel in a manner that existence of channel to be hidden. In network covert timing channels that use timing features of transmission packets to modulating covert information, the appropriate encoding schema is very important. In this paper, a hybrid encoding schema proposed through combining "the inter-pac...
متن کاملMethods of IPD normalization to counteract IP timing covert channels
Covert channels are used for information transmission in a manner that is not intended for communication and is difficult to detect. We propose a technique to prevent the information leakage via IP covert timing channels by inter-packet delays normalization in the process of packets sending. Recommendations for using the counteraction methods and choosing parameters were given. The advantage of...
متن کاملCoCo: Coding-Based Covert Timing Channels for Network Flows
In this paper, we propose CoCo, a novel framework for establishing covert timing channels. The CoCo covert channel modulates the covert message in the inter-packet delays of the network flows, while a coding algorithm is used to ensure the robustness of the covert message to different perturbations. The CoCo covert channel is adjustable: by adjusting certain parameters one can trade off differe...
متن کاملA Covert Timing Channel Based on DCT Domain of Inter Packet Delay Sequence
The existing covert timing channels are always designed in time domain. Although they have high security, they are sensitive to the jitters in the network. In this paper, a new covert timing channel based on frequency domain is proposed to increase its robustness while maintaining the security. The proposed method first transforms the inter packet delay sequence (IPDs) into 1-D DCT domain and e...
متن کاملRobust and Undetectable Covert Timing Channels for i.i.d. Traffic
Covert timing channels exploit inter-packet delays in network traffic to transmit secret messages. The two most important design goals are undetectability (the covert channel has to remain hidden to a potential adversary that is monitoring the inter-packet delay pattern) and robustness (messages can be decoded correctly even in presence of (maliciously) injected noise). In previous proposals un...
متن کامل