NetWarden: Mitigating Network Covert Channels while Preserving Performance

Network covert channels are an advanced threat to the security of distributed systems. Existing defenses all come at the cost of performance, so they present significant barriers to a practical deployment in high-speed networks. We propose NetWarden, a novel defense whose key design goal is to preserve TCP performance while mitigating covert channels. The use of programmable data planes makes it possible for NetWarden to adapt defenses that were only demonstrated before as proof of concept, and apply them at linespeed. Moreover, NetWarden uses a set of performance boosting techniques to temporarily increase the performance of connections that have been affected by covert channel mitigation, with the ultimate goal of neutralizing the overall performance impact. NetWarden also uses a fastpath/slowpath architecture to combine the generality of software and the efficiency of hardware for effective defense. Our evaluation shows that NetWarden works smoothly with complex applications and workloads, and that it can mitigate covert timing and storage channels with little performance disturbance.

[1]  Injong Rhee,et al.  CUBIC for Fast Long-Distance Networks , 2018, RFC.

[2]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[3]  Drew Hintz,et al.  Covert Channels in TCP and IP headers , 2009 .

[4]  Vern Paxson,et al.  Active mapping: resisting NIDS evasion without altering traffic , 2003, 2003 Symposium on Security and Privacy, 2003..

[5]  C. Brodley,et al.  Network covert channels: design, analysis, detection, and elimination , 2006 .

[6]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[7]  Mark Handley,et al.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics , 2001, USENIX Security Symposium.

[8]  Albert G. Greenberg,et al.  Data center TCP (DCTCP) , 2010, SIGCOMM '10.

[9]  Jun Bi,et al.  Control Plane Reflection Attacks in SDNs: New Attacks and Countermeasures , 2018, RAID.

[10]  Rong Pan,et al.  Let It Flow: Resilient Asymmetric Load Balancing with Flowlet Switching , 2017, NSDI.

[11]  Xiapu Luo,et al.  A combinatorial approach to network covert communications with applications in Web Leaks , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[12]  Xiapu Luo,et al.  CLACK: A Network Covert Channel Based on Partial Acknowledgment Encoding , 2009, 2009 IEEE International Conference on Communications.

[13]  Fernando Pedone,et al.  NetPaxos: consensus at network speed , 2015, SOSR.

[14]  Cristina Nita-Rotaru,et al.  Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach , 2018, NDSS.

[15]  Jean-Marc Robert,et al.  IP traceback solutions based on time to live covert channel , 2004, Proceedings. 2004 12th IEEE International Conference on Networks (ICON 2004) (IEEE Cat. No.04EX955).

[16]  Mike Fisk,et al.  Eliminating Steganography in Internet Traffic with Active Wardens , 2002, Information Hiding.

[17]  Minlan Yu,et al.  FlowRadar: A Better NetFlow for Data Centers , 2016, NSDI.

[18]  Kuo-Feng Hsu,et al.  Contra: A Programmable System for Performance-aware Routing , 2019, NSDI.

[19]  Eric Anderson,et al.  Capture, Conversion, and Analysis of an Intense NFS Workload , 2009, FAST.

[20]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[21]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[22]  Steven Gianvecchio,et al.  Detecting covert timing channels: an entropy-based approach , 2007, CCS '07.

[23]  Rachel Greenstadt,et al.  Covert Messaging through TCP Timestamps , 2002, Privacy Enhancing Technologies.

[24]  Adam J. Aviv,et al.  Scaling Hardware Accelerated Network Monitoring to Concurrent and Dynamic Queries With *Flow , 2018, USENIX ATC.

[25]  Grzegorz Lewandowski,et al.  Analyzing Network-Aware Active Wardens in IPv6 , 2006, Information Hiding.

[26]  Anna Belozubova,et al.  Random Delays to Limit Timing Covert Channel , 2016, 2016 European Intelligence and Security Informatics Conference (EISIC).

[27]  Alex C. Snoeren,et al.  Inside the Social Network's (Datacenter) Network , 2015, Comput. Commun. Rev..

[28]  Vern Paxson,et al.  TCP Congestion Control , 1999, RFC.

[29]  Sally Floyd,et al.  The NewReno Modification to TCP's Fast Recovery Algorithm , 2004, RFC.

[30]  Prashant R. Deshmukh,et al.  Active warden for TCP sequence number base covert channel , 2015, 2015 International Conference on Pervasive Computing (ICPC).

[31]  George Varghese,et al.  CONGA: distributed congestion-aware load balancing for datacenters , 2015, SIGCOMM.

[32]  Laurent Vanbever,et al.  NetHide: Secure and Practical Network Topology Obfuscation , 2018, USENIX Security Symposium.

[33]  George Varghese,et al.  Detecting evasion attacks at high speeds without reassembly , 2006, SIGCOMM.

[34]  David Watson,et al.  Transport and application protocol scrubbing , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[35]  Sushil Jajodia,et al.  Model-Based Covert Timing Channels: Automated Modeling and Evasion , 2008, RAID.

[36]  Douglas S. Reeves,et al.  Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays , 2003, CCS '03.

[37]  Larry L. Peterson,et al.  TCP Vegas: new techniques for congestion detection and avoidance , 1994 .

[38]  Weiyi Wu,et al.  Deterministically Deterring Timing Attacks in Deterland , 2015, 1504.07070.

[39]  Anirudh Sivaraman,et al.  Language-Directed Hardware Design for Network Performance Monitoring , 2017, SIGCOMM.

[40]  Minlan Yu,et al.  SilkRoad: Making Stateful Layer-4 Load Balancing Fast and Cheap Using Switching ASICs , 2017, SIGCOMM.

[41]  Peng Ning,et al.  On the secrecy of timing-based active watermarking trace-back techniques , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[42]  Hari Balakrishnan,et al.  Efficient and Robust TCP Stream Normalization , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[43]  Robert N. M. Watson,et al.  Queues Don't Matter When You Can JUMP Them! , 2015, NSDI.

[44]  Jiarong Xing,et al.  NetWarden: Mitigating Network Covert Channels without Performance Loss , 2019, HotCloud.

[45]  Graham Cormode,et al.  An improved data stream summary: the count-min sketch and its applications , 2004, J. Algorithms.

[46]  Stefan Schmid,et al.  I DPID It My Way! A Covert Timing Channel in Software-Defined Networks , 2018, 2018 IFIP Networking Conference (IFIP Networking) and Workshops.

[47]  Vincent Liu,et al.  Synchronized network snapshots , 2018, SIGCOMM.

[48]  Gaurav Shah,et al.  Keyboards and Covert Channels , 2006, USENIX Security Symposium.

[49]  John K. Ousterhout,et al.  Homa: a receiver-driven low-latency transport protocol using network priorities , 2018, SIGCOMM.

[50]  Jennifer Rexford,et al.  Dapper: Data Plane Performance Diagnosis of TCP , 2016, SOSR.

[51]  Xiapu Luo,et al.  Programmable In-Network Security for Context-aware BYOD Policies , 2019, USENIX Security Symposium.

[52]  Hakim Weatherspoon,et al.  PHY Covert Channels: Can you see the Idles? , 2014, NSDI.

[53]  Graham Cormode,et al.  An Improved Data Stream Summary: The Count-Min Sketch and Its Applications , 2004, LATIN.

[54]  Amin Vahdat,et al.  Exploiting a Natural Network Effect for Scalable, Fine-grained Clock Synchronization , 2018, NSDI.

[55]  Xiapu Luo,et al.  TCP covert timing channels: Design and detection , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[56]  Andreas Haeberlen,et al.  Detecting Covert Timing Channels with Time-Deterministic Replay , 2014, OSDI.

[57]  Keqiang He,et al.  AC/DC TCP: Virtual Congestion Control Enforcement for Datacenter Networks , 2016, SIGCOMM.

[58]  Cheng Jin,et al.  FAST TCP: Motivation, Architecture, Algorithms, Performance , 2006, IEEE/ACM Transactions on Networking.

[59]  Gabriel Montenegro,et al.  Performance Enhancing Proxies Intended to Mitigate Link-Related Degradations , 2001, RFC.

[60]  Srinivasan Seshan,et al.  Generic External Memory for Switch Data Planes , 2018, HotNets.