Traffic Controller: A Practical Approach to Block Network Covert Timing Channel

This paper discusses the network covert timing channel. This channel modulates network packet's time properties to transfer information secretly. Much work has been done in inventing and utilizing network covert timing channels, however, there is not so much work in other areas such as detecting and handling covert channels. Covert channel detection is difficult, what's more, it often needs human analysis to confirm whether a suspect is a real covert channel. However, we figured out that we can try to control covert channels without knowing whether there are covert channels in using, which means our approach does not rely on the detection of covert channels at all. A network traffic controller is proposed to undermine the network covert timing channel communication mechanism. We will show how our method works and why our traffic control strategy is especially efficient to handle network covert timing channels.

[1]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[2]  Richard A. Kemmerer,et al.  A practical approach to identifying storage and timing channels: twenty years later , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[3]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[4]  Ira S. Moskowitz,et al.  Simple timing channels , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[6]  John C. Wray An Analysis of Covert Timing Channels , 1992, J. Comput. Secur..

[7]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[8]  Ira S. Moskowitz,et al.  An analysis of the timed Z-channel , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[9]  Rachel Greenstadt,et al.  Covert Messaging through TCP Timestamps , 2002, Privacy Enhancing Technologies.

[10]  Ira S. Moskowitz,et al.  Covert channels and anonymizing networks , 2003, WPES '03.

[11]  Jonathan K. Millen 20 years of covert channel modeling and analysis , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[12]  Laurie L. Hill,et al.  The Orange Book , 2005, Nature Reviews Drug Discovery.

[13]  Vincent H. Berk,et al.  Detection of Covert Channel Encoding in Network Packet Delays , 2005 .

[14]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[15]  J. Alves-Foss,et al.  Covert Timing Channel Analysis of Rate Monotonic Real-Time Scheduling Algorithm in MLS Systems , 2006, 2006 IEEE Information Assurance Workshop.

[16]  Bruce E. Hajek,et al.  An information-theoretic and game-theoretic study of timing channels , 2002, IEEE Trans. Inf. Theory.

[17]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[18]  Wei-Ming Hu Reducing Timing Channels with Fuzzy Time , 1992, J. Comput. Secur..

[19]  Yogi Mehta Communication over the Internet using Covert Channels , 2005 .

[20]  James W. Gray On introducing noise into the bus-contention channel , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[21]  John C. Wray,et al.  An analysis of covert timing channels , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[22]  Gaurav Shah,et al.  Keyboards and Covert Channels , 2006, USENIX Security Symposium.

[23]  Mark Handley,et al.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics , 2001, USENIX Security Symposium.