A Detection-Resistant Covert Timing Channel Based on Geometric Huffman Coding

Network covert timing channel is a communication mechanism that transfers secret messages by modulating the timing characteristics of network traffic. It is targeted for secret information transmission on networks which can ensure security and confidentiality. However, most proposed covert timing channels can be detected by several detection methods such as regularity testing, distribution shape testing, entropy-based testing and recent machine learning based methods. In this paper, we design and implement a novel covert timing channel by leveraging Geometric Huffman Coding (GHC) to realize covert and overt channel matching. In network experiments and simulations, it is demonstrated that the proposed channel is undetectable against not only the traditional detection methods but also the latest machine learning based methods. Meanwhile, it maintains a reasonable transmission capacity of 2.25 bits/packet much higher than binary channels.

[1]  Gaurav Shah,et al.  Keyboards and Covert Channels , 2006, USENIX Security Symposium.

[2]  Ira S. Moskowitz,et al.  The Pump: a decade of covert fun , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[3]  Giuseppe Baselli,et al.  Measuring regularity by means of a corrected conditional entropy in sympathetic outflow , 1998, Biological Cybernetics.

[4]  Hamid Sharif,et al.  A Support Vector Machine-Based Framework for Detection of Covert Timing Channels , 2016, IEEE Transactions on Dependable and Secure Computing.

[5]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[6]  C. Brodley,et al.  Network covert channels: design, analysis, detection, and elimination , 2006 .

[7]  Dipak Ghosal,et al.  A comparative analysis of detection metrics for covert timing channels , 2014, Comput. Secur..

[8]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[9]  Dipak Ghosal,et al.  A Covert Timing Channel Based on Fountain Codes , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[10]  Rudolf Mathar,et al.  Matching Dyadic Distributions to Channels , 2010, 2011 Data Compression Conference.

[11]  Rudolf Mathar,et al.  Capacity achieving probabilistic shaping for noisy and noiseless channels , 2012 .

[12]  Steven Gianvecchio,et al.  Detecting covert timing channels: an entropy-based approach , 2007, CCS '07.

[13]  Saurabh Bagchi,et al.  TCP/IP Timing Channels: Theory to Implementation , 2009, IEEE INFOCOM 2009.

[14]  David Martins,et al.  Attacks with Steganography in PHY and MAC Layers of 802.15.4 Protocol , 2010, 2010 Fifth International Conference on Systems and Networks Communications.

[15]  Matthew K. Wright,et al.  Liquid: A detection-resistant covert timing channel based on IPD shaping , 2011, Comput. Networks.

[16]  Yuewei Dai,et al.  Network covert timing channel with distribution matching , 2012, Telecommun. Syst..

[17]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[18]  Stefan Katzenbeisser,et al.  Hide and Seek in Time - Robust Covert Timing Channels , 2009, ESORICS.