Implementing a passive network covert timing channel

The paper concerns passive network covert timing channels, in which the channel senders reside in intermediate nodes (e.g. router, gateway) and forward the passing-by packets in a carefully planned manner to covertly transmit the information. In this study, we focus on constructing and testing a kind of passive network covert timing channel, in which the information is hidden in the transmission interval between two adjacent packets. We first introduce three channel states to cope with the fluctuation in the traffic used as carrier, and explore how to select suitable values for the channel parameters to obtain high communication performance. We then implement an actual channel using Video On Demand (VOD) traffic as carrier, and obtain the communication characteristics of the channel. Finally, we investigate an information transmission scheme over the channel, including frame design, frame synchronization and error correction.

[1]  C. Pandu Rangan,et al.  Steganographic Communication in Ordered Channels , 2006, Information Hiding.

[2]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[3]  Taeshik Shon,et al.  A Study on the Covert Channel Detection of TCP/IP Header Using Support Vector Machine , 2003, ICICS.

[4]  Colin Allison,et al.  Covert Channels in Internet Protocols: A Survey , 2005 .

[5]  C. Brodley,et al.  Network covert channels: design, analysis, detection, and elimination , 2006 .

[6]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[7]  Enrico Tronci,et al.  Automatic Analysis of the NRL Pump , 2004, Electron. Notes Theor. Comput. Sci..

[8]  Mike Fisk,et al.  Eliminating Steganography in Internet Traffic with Active Wardens , 2002, Information Hiding.

[9]  Carla E. Brodley,et al.  IP Covert Channel Detection , 2009, TSEC.

[10]  Bruce E. Hajek,et al.  An information-theoretic and game-theoretic study of timing channels , 2002, IEEE Trans. Inf. Theory.

[11]  Abhishek Singh Eraser: An Exploit - Specific Monitor to Prevent Malicious Communication Channel , 2004 .

[12]  Qing Zhang,et al.  Glavlit: Preventing Exfiltration at Wire Speed , 2006, HotNets.

[13]  Sriram Vishwanath,et al.  Communication Through Jamming Over a Slotted ALOHA Channel , 2008, IEEE Transactions on Information Theory.

[14]  Mark Handley,et al.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics , 2001, USENIX Security Symposium.

[15]  Vincent H. Berk,et al.  Detection of Covert Channel Encoding in Network Packet Delays , 2005 .

[16]  David L. Mills,et al.  Jitter-based delay-boundary prediction of wide-area networks , 2001, TNET.

[17]  Steven Gianvecchio,et al.  Detecting covert timing channels: an entropy-based approach , 2007, CCS '07.

[18]  Rachel Greenstadt,et al.  Covert Messaging through TCP Timestamps , 2002, Privacy Enhancing Technologies.

[19]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[20]  Ashish Patel,et al.  Covert Channel Forensics on the Internet: Issues, Approaches, and Experiences , 2007, Int. J. Netw. Secur..

[21]  Xiapu Luo,et al.  TCP covert timing channels: Design and detection , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[22]  Maxim Anikeev,et al.  Network Based Detection of Passive Covert Channels in TCP/IP , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[23]  Jianhua Li,et al.  A study of on/off timing channel based on packet delay distribution , 2009, Comput. Secur..

[24]  Sebastian Zander,et al.  An Empirical Evaluation of IP Time To Live Covert Channels , 2007, 2007 15th IEEE International Conference on Networks.

[25]  William J Buchanan Covert Channel Analysis and Detection with Reverse Proxy Servers using Microsoft Windows , 2004 .

[26]  Taeshik Shon,et al.  Support Vector Machine Based ICMP Covert Channel Attack Detection , 2003, MMM-ACNS.

[27]  Der-Chyuan Lou,et al.  Steganographic Method for Secure Communications , 2002, Comput. Secur..

[28]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.