Hide and Seek in Time - Robust Covert Timing Channels

Covert timing channels aim at transmitting hidden messages by controlling the time between transmissions of consecutive payload packets in overt network communication. Previous results used encoding mechanisms that are either easy to detect with statistical analysis, thus spoiling the purpose of a covert channel, and/or are highly sensitive to channel noise, rendering them useless in practice. In this paper, we introduce a novel covert timing channel which allows to balance undetectability and robustness: i) the encoded message is modulated in the inter-packet delay of the underlying overt communication channel such that the statistical properties of regular traffic can be closely approximated and ii) the underlying encoding employs spreading techniques to provide robustness. We experimentally validate the effectiveness of our approach by establishing covert channels over on-line gaming traffic. The experimental results show that our covert timing channel can achieve strong robustness and undetectability, by varying the data transmission rate.

[1]  Saurabh Bagchi,et al.  Capacity Bounds on Timing Channels with Bounded Service Times , 2007, 2007 IEEE International Symposium on Information Theory.

[2]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[3]  Johannes Färber,et al.  Traffic Modelling for Fast Action Network Games , 2004, Multimedia Tools and Applications.

[4]  Theodore G. Handel,et al.  Hiding Data in the OSI Network Model , 1996, Information Hiding.

[5]  Gaurav Shah,et al.  Keyboards and Covert Channels , 2006, USENIX Security Symposium.

[6]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[7]  Peng Ning,et al.  On the secrecy of timing-based active watermarking trace-back techniques , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[8]  J. Wolfowitz,et al.  An Introduction to the Theory of Statistics , 1951, Nature.

[9]  C.E. Shannon,et al.  Communication in the Presence of Noise , 1949, Proceedings of the IRE.

[10]  C. Brodley,et al.  Network covert channels: design, analysis, detection, and elimination , 2006 .

[11]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[12]  Bruce E. Hajek,et al.  An information-theoretic and game-theoretic study of timing channels , 2002, IEEE Trans. Inf. Theory.

[13]  Vincent H. Berk,et al.  Detection of Covert Channel Encoding in Network Packet Delays , 2005 .

[14]  Steven Gianvecchio,et al.  Detecting covert timing channels: an entropy-based approach , 2007, CCS '07.

[15]  Rachel Greenstadt,et al.  Covert Messaging through TCP Timestamps , 2002, Privacy Enhancing Technologies.

[16]  M A Padlipsky,et al.  Limitations of End-to-End Encryption in Secure Computer Networks , 1978 .

[17]  Jin Cao,et al.  On the nonstationarity of Internet traffic , 2001, SIGMETRICS '01.

[18]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[19]  Ramjee Prasad,et al.  An overview of multi-carrier CDMA , 1996, Proceedings of ISSSTA'95 International Symposium on Spread Spectrum Techniques and Applications.

[20]  Steven J. Murdoch,et al.  Embedding Covert Channels into TCP/IP , 2005, Information Hiding.

[21]  J.E. Mazo,et al.  Digital communications , 1985, Proceedings of the IEEE.

[22]  J. Wolfowitz,et al.  Introduction to the Theory of Statistics. , 1951 .