Improving performance of network covert timing channel through Huffman coding

Abstract Network covert channel is a mechanism used to transfer covert message violating security policies through network. Performance of a channel is crucial to an attacker. Some studies have improved the performance by advancing the coding mechanism, but few ones have taken account of the redundancy of covert message. This paper introduces Huffman coding scheme to compress the transferred data by exploiting redundancy, and investigates the performance of the network timing channel according to the channel capacity and covertness. A mathematical model of capacity is presented and the effects of the parameters are analyzed. The experiment examines how the network delays and the Huffman coding scheme affect the capacity and covertness, and the results demonstrate that the performance of the timing channel is improved.

[1]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[2]  Saurabh Bagchi,et al.  TCP/IP Timing Channels: Theory to Implementation , 2009, IEEE INFOCOM 2009.

[3]  I. S. Moskowitz,et al.  Covert channels-here to stay? , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.

[4]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[5]  Deepa Kundur,et al.  Practical Data Hiding in TCP/IP , 2002 .

[6]  Ruan Li Covert channel mitigation method for secure real-time database using capacity metric , 2008 .

[7]  Jianhua Li,et al.  A study of on/off timing channel based on packet delay distribution , 2009, Comput. Secur..

[8]  Jonathan K. Millen 20 years of covert channel modeling and analysis , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[9]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[10]  Susan V. Vrbsky,et al.  Maintaining security and timeliness in real-time database system , 2002, J. Syst. Softw..

[11]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[12]  Steven Gianvecchio,et al.  Detecting covert timing channels: an entropy-based approach , 2007, CCS '07.

[13]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[14]  Carla E. Brodley,et al.  IP Covert Channel Detection , 2009, TSEC.

[15]  Duminda Wijesekera,et al.  Status-Based Access Control , 2008, TSEC.

[16]  Theodore G. Handel,et al.  Hiding Data in the OSI Network Model , 1996, Information Hiding.

[17]  Jim Alves-Foss,et al.  A formal framework for real-time information flow analysis , 2009, Comput. Secur..

[18]  Virgil D. Gligor,et al.  A bandwidth computation model for covert storage channels and its applications , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[19]  David A. Huffman,et al.  A method for the construction of minimum-redundancy codes , 1952, Proceedings of the IRE.

[20]  Markus G. Kuhn,et al.  Information hiding-a survey , 1999, Proc. IEEE.

[21]  Suhas Diggavi,et al.  Bounds on the capacity of deletion channels , 2002, Proceedings IEEE International Symposium on Information Theory,.

[22]  Wang Yong-Ji,et al.  New Definition of Small Message Criterion and Its Application in Transaction Covert Channel Mitigating , 2009 .