Embedding a Covert Channel in Active Network Connections

Covert timing channels exploit varying packet rates between synchronized sending and receiving hosts to transmit hidden information. The overhead in synchronizing covert timing channels and their inherent dependence on network conditions are their main drawbacks. In this paper, we propose a covert channel using multiple active connections that does not depend on the timing differences between consecutive packets. Our proposed approach uses multiple network connections between a pair of communicating hosts to transmit covert data. Hence this covert channel is unaffected by underlying unpredictable network conditions. The concealed data is embedded in the order and sequence of connections to/from which regular (cover) packets of data are sent/received. Our experimental results show that, in addition to higher channel capacity, our proposed channel is undetectable using contemporary timing channel detection approaches.

[1]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[2]  Hilarie Orman,et al.  Covert Channel Elimination Protocols , 1996 .

[3]  Matthias Bauer New covert channels in HTTP: adding unwitting Web browsers to anonymity sets , 2003, WPES '03.

[4]  Qiong Li,et al.  The Research on Information Hiding Based on Command Sequence of FTP Protocol , 2005, KES.

[5]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[6]  Wojciech Mazurczyk,et al.  New VoIP Traffic Security Scheme with Digital Watermarking , 2006, SAFECOMP.

[7]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[8]  Steven J. Murdoch,et al.  Embedding Covert Channels into TCP/IP , 2005, Information Hiding.

[9]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[10]  Rachel Greenstadt,et al.  Covert Messaging through TCP Timestamps , 2002, Privacy Enhancing Technologies.

[11]  Mark Handley,et al.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics , 2001, USENIX Security Symposium.

[12]  Norka B. Lucena,et al.  Syntax and Semantics-Preserving Application-Layer Protocol Steganography , 2004, Information Hiding.

[13]  Deepa Kundur,et al.  Practical Data Hiding in TCP/IP , 2002 .

[14]  Vincent H. Berk,et al.  Detection of Covert Channel Encoding in Network Packet Delays , 2005 .

[15]  M A Padlipsky,et al.  Limitations of End-to-End Encryption in Secure Computer Networks , 1978 .

[16]  Theodore G. Handel,et al.  Hiding Data in the OSI Network Model , 1996, Information Hiding.

[17]  Mike Fisk,et al.  Eliminating Steganography in Internet Traffic with Active Wardens , 2002, Information Hiding.

[18]  Manfred Wolf Covert Channels in LAN Protocols , 1989, LANSEC.

[19]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[20]  Bruce E. Hajek,et al.  An information-theoretic and game-theoretic study of timing channels , 2002, IEEE Trans. Inf. Theory.

[21]  Gustavus J. Simmons,et al.  The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.