Abstract
Covert timing channels aim at transmitting hidden messages by controlling the time between transmissions of consecutive payload packets in overt network communication. Previous results used encoding mechanisms that are either easy to detect with statistical analysis, thus spoiling the purpose of a covert channel, and/or are highly sensitive to channel noise, rendering them useless in practice. In this paper, we introduce a novel covert timing channel which allows to balance undetectability and robustness: i) the encoded message is modulated in the inter-packet delay of the underlying overt communication channel such that the statistical properties of regular traffic can be closely approximated and ii) the underlying encoding employs spreading techniques to provide robustness. We experimentally validate the effectiveness of our approach by establishing covert channels over on-line gaming traffic. The experimental results show that our covert timing channel can achieve strong robustness and undetectability, by varying the data transmission rate.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Deparment of Defense Standard: Trusted computer system evaluation criteria. Tech. Rep. DOD 5200.28-STD (1985)
Handel, T.G., Sandford, M.T.: Hiding data in the OSI network model. In: Proceedings of the First International Workshop on Information Hiding, London, UK, pp. 23–38 (1996)
Rowland, C.H.: Covert channels in the TCP/IP protocol suite. Tech. Rep. 5, First Monday, Peer Reviewed Journal on the Internet (1997)
Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert messaging through TCP timestamps. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 194–208. Springer, Heidelberg (2003)
Murdoch, S.J., Lewis, S.: Embedding covert channels into TCP/IP. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 247–261. Springer, Heidelberg (2005)
Padlipsky, M., Snow, D., Karger, P.: Limitations of end-to-end encryption in secure computer networks. Tech. Rep. ESD TR-78-158, Mitre Corporation (1978)
Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security, New York, pp. 178–187 (2004)
Shah, G., Molina, A., Blaze, M.: Keyboards and covert channels. In: USENIX-SS 2006: Proceedings of the 15th Conference on USENIX Security Symposium, pp. 59–75 (2006)
Berk, V., Giant, A., Cybenko, G.: Detection of covert channel encoding in network packet delays. Tech. Rep. Darthmouth College (2005)
Girling, C.G.: Covert Channels in LAN’s. IEEE Transactions on Software Engineering 13(2), 292–296 (1987)
Cabuk, S.: Network covert channels: Design, analysis, detection, and elimination. PhD thesis (2006)
Giles, J., Hajek, B.: An information-theoretic and game-theoretic study of timing channels. IEEE Transactions on Information Theory 48(9), 2455–2477 (2002)
Peng, P., Ning, P., Reeves, D.S.: On the secrecy of timing-based active watermarking trace-back techniques. In: SP 2006: Proceedings of the 2006 IEEE Symposium on Security and Privacy, Washington, DC, pp. 334–349 (2006)
Gianvecchio, S., Wang, H.: Detecting covert timing channels: an entropy-based approach. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, Virginia, USA, pp. 307–316 (2007)
Prasad, R., Hara, S.: An overview of multi-carrier CDMA. In: IEEE 4th International Symposium on Spread Spectrum Techniques and Applications Proceedings, vol. 1, pp. 107–114 (1996)
Proakis, J.: Digital Communications (1995)
Shannon, C.E.: Communication in the presence of noise. Proceedings of the IEEE 72(9), 1192–1201 (1984)
Cao, J., Cleveland, W.S., Lin, D., Sun, D.X.: On the nonstationarity of internet traffic. In: SIGMETRICS 2001: Proceedings of the International Conference on Measurement and Modeling of Computer Systems, Cambridge, Massachusetts, United States, pp. 102–112 (2001)
Färber, J.: Traffic modelling for fast action network games. Multimedia Tools and Applications 23(1), 31–46 (2004)
Sellke, S.H., Wang, C., Shroff, N., Bagchi, S.: Capacity bounds on timing channels with bounded service times. In: IEEE International Symposium on Information Theory, pp. 981–985 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, Y., Ghosal, D., Armknecht, F., Sadeghi, AR., Schulz, S., Katzenbeisser, S. (2009). Hide and Seek in Time — Robust Covert Timing Channels. In: Backes, M., Ning, P. (eds) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, vol 5789. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04444-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-04444-1_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04443-4
Online ISBN: 978-3-642-04444-1
eBook Packages: Computer ScienceComputer Science (R0)