Predictable Design of Network-Based Covert Communication Systems

This paper presents a predictable and quantifiable approach to designing a covert communication system capable of effectively exploiting covert channels found in the various layers of network protocols. Two metrics are developed that characterize the overall system. A measure of probability of detection is derived using statistical inference techniques. A measure of reliability is developed as the bit error rate of the combined noisy channel and an appropriate error-correcting code. To support reliable communication, a family of error-correcting codes are developed that handle the high symbol insertion rates found in these covert channels. The system metrics are each shown to be a function of the covert channel signal-to-noise ratio, and as such the two can be used to perform system level design trade-offs. Validation of the system design methodology is provided by means of an experiment using real network traffic data.

[1]  Gaurav Shah,et al.  Keyboards and Covert Channels , 2006, USENIX Security Symposium.

[2]  Drew Hintz,et al.  Covert Channels in TCP and IP headers , 2009 .

[3]  Shu Lin,et al.  Error control coding : fundamentals and applications , 1983 .

[4]  Lloyd S. Nelson,et al.  Modern Methods for Quality Control and Improvement , 1989 .

[5]  Paul Syverson,et al.  Quasi-Anonymous Channels , 2003 .

[6]  Virgil D. Gligor,et al.  A guide to understanding covert channel analysis of trusted systems , 1993 .

[7]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[8]  Manfred Wolf Covert Channels in LAN Protocols , 1989, LANSEC.

[9]  Theodore G. Handel,et al.  Hiding Data in the OSI Network Model , 1996, Information Hiding.

[10]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[11]  Ira S. Moskowitz,et al.  A network version of the Pump , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[12]  Hendrik C. Ferreira,et al.  A note on double insertion/deletion correcting codes , 2003, IEEE Trans. Inf. Theory.

[13]  Christian Cachin,et al.  An information-theoretic model for steganography , 1998, Inf. Comput..

[14]  Yin Zhang,et al.  On the constancy of internet path properties , 2001, IMW '01.

[15]  Vern Paxson,et al.  End-to-end Internet packet dynamics , 1997, SIGCOMM '97.

[16]  Martin Vetterli,et al.  Communication using phantoms: covert channels in the Internet , 2001, Proceedings. 2001 IEEE International Symposium on Information Theory (IEEE Cat. No.01CH37252).

[17]  Ira S. Moskowitz,et al.  Covert channels and anonymizing networks , 2003, WPES '03.

[18]  Michael Backes,et al.  Reliable broadcast in a computational hybrid model with Byzantine faults, crashes, and recoveries , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[19]  Vladimir I. Levenshtein,et al.  Binary codes capable of correcting deletions, insertions, and reversals , 1965 .

[20]  Jonathan K. Millen 20 years of covert channel modeling and analysis , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[21]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[22]  C.J.S. deSilva,et al.  Fundamentals of Information Theory and Coding Design , 2003 .

[23]  Edward A. Ratzer Marker codes for channels with insertions and deletions , 2005, Ann. des Télécommunications.

[24]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[25]  Andrew J. Viterbi,et al.  Principles of Digital Communication and Coding , 1979 .

[26]  David J. C. MacKay,et al.  Codes for Channels with Insertions, Deletions and Substitutions , 2000 .

[27]  Rachel Greenstadt,et al.  Covert Messaging through TCP Timestamps , 2002, Privacy Enhancing Technologies.

[28]  Douglas S. Reeves,et al.  Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework , 2001, SEC.

[29]  I. S. Moskowitz,et al.  Covert channels-here to stay? , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.

[30]  David J. C. MacKay,et al.  Reliable communication over channels with insertions, deletions, and substitutions , 2001, IEEE Trans. Inf. Theory.

[31]  Vern Paxson,et al.  On estimating end-to-end network path properties , 2001, SIGCOMM LA '01.

[32]  Kamran Ahsan,et al.  Covert Channel Analysis and Data Hiding in TCP/IP , 2002 .