Abstract
We show that Alice and Bob can communicate covertly and anonymously, despite Eve having access to the traffic data of most machines on the Internet. Our protocols take advantage of small amounts of shared state that exist in many TCP/IP stacks, and use them to construct a covert channel. Techniques inspired from Direct Sequence Spread Spectrum (DSSS) are used to make sure that the communication is covert and resistant to noise. We implement a prototype based on ICMP Echo (ping) to illustrate the practicality of our approach and discuss how a more complex protocol would modulate information through the use of TCP features to make communication detection very difficult. The feasibility of covert communications despite stringent traffic data retention, has far reaching policy consequences.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Postel, J.: Transmission Control Protocol. RFC 793 (Standard) (1981) Updated by RFC 3168
Postel, J.: Internet Protocol. RFC 791 (Standard) (1981) Updated by RFC 1349
Anderson, R.: Security engineering. Wiley, Chichester (2001)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)
Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: IEEE Symposium on Security and Privacy, Berkeley, CA (2003)
Moeller, U., Cottrell, L., Palfrader, P., Sassaman, L.: Mixmaster protocol version 2. Technical report, Network Working Group (2004) (Internet-Draft)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (2004)
Freedman, M.J., Morris, R.: Tarzan: A peer-to-peer anonymizing network layer. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security (CCS 2002), pp. 193–206. ACM, Washington, DC (2002)
Rennhard, M., Plattner, B.: Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. In: Workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, USA (2002)
Anderson, R.J.: Stretching the limits of steganography. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 39–48. Springer, Heidelberg (1996)
Sparrow, M.K.: The application of network analysis to criminal intelligence: An assessment of the prospects. Social Networks (13) (1991)
Klerks, P.: The network paradigm applied to criminal organisations. Connections 24(3) (2001)
Center, E.P.I.: Data retention (2006), http://www.epic.org/privacy/intl/data_retention.html
International, P.: Data retention (2006), http://www.privacyinternational.org/category/free-tags/data-retention
Observatory, S.: The surveillance of telecommunications in the eu (2006), http://www.statewatch.org/eu-data-retention.htm
Directive on privacy and electronic communications (2002/58/EC). Official Journal of the European Communities (2002)
Final data retention directive (COM(2005) 438 Final). Commission of the European Communities (2005)
Data protection directive (1995/46/EC). Official Journal of the European Communities (1995)
The data protection telecommunications directive (1997/66/EC). Official Journal of the European Communities (1997)
Bellovin, S.M.: A technique for counting natted hosts. In: Internet Measurement Workshop, pp. 267–272. ACM, New York (2002)
“antirez” Sanfilippo, S.: Dumbscan. Personal communication (1998), http://www.kyuzz.org/antirez/papers/dumbscan.html
Fyodor: (Nmap – free security scanner for network exploitation and security audit.), http://www.insecure.org/nmap/
“antirez” Sanfilippo, S.: about the ip header id. Personal communication (1998), http://www.kyuzz.org/antirez/papers/ipid.html
“antirez” Sanfilippo, S.: How to learn firewalling relations using the ip id increment. Personal communication (1999), http://www.kyuzz.org/antirez/papers/moreipid.html
Paxson, V.: About the ip header id. Personal communication (1998), http://www.kyuzz.org/antirez/papers/ipid.html
Postel, J.: Internet Control Message Protocol. RFC 792 (Standard) (1981) Updated by RFC 950
team, S.: (Snort) http://www.snort.org/
Braden, R.: Requirements for Internet Hosts - Communication Layers. RFC 1122 (Standard) (1989) Updated by RFC 1349
Floyd, S., Henderson, T.: The NewReno Modification to TCP’s Fast Recovery Algorithm. RFC 2582 (Experimental) (1999) Obsoleted by RFC 3782
Sudaharan, S., Dhammalapati, S., Rai, S., Wijesekera, D.: Honeynet clusters as an early warning system for production networks. In: Fernández-Medina, E., Hernández, J.C., García, L.J. (eds.) WOSIS, pp. 77–83. INSTICC Press (2005)
Feamster, N., Balazinska, M., Harfst, G., Balakrishnan, H., Karger, D.: Infranet: Circumventing web censorship and surveillance. In: Proceedings of the 11th USENIX Security Symposium (2002)
Köpsell, S., Hilling, U.: How to achieve blocking resistance for existing systems enabling anonymous web surfing. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2004), Washington, DC, USA (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Danezis, G. (2011). Covert Communications Despite Traffic Data Retention. In: Christianson, B., Malcolm, J.A., Matyas, V., Roe, M. (eds) Security Protocols XVI. Security Protocols 2008. Lecture Notes in Computer Science, vol 6615. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22137-8_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-22137-8_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22136-1
Online ISBN: 978-3-642-22137-8
eBook Packages: Computer ScienceComputer Science (R0)