Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
Hide and seek in time: robust covert timing channels
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Robust and undetectable steganographic timing channels for i.i.d. traffic
IH'10 Proceedings of the 12th international conference on Information hiding
Evaluating the transmission rate of covert timing channels in a network
Computer Networks: The International Journal of Computer and Telecommunications Networking
CoCo: coding-based covert timing channels for network flows
IH'11 Proceedings of the 13th international conference on Information hiding
A new method for authentication based on covert channel
NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
Network covert channels on the Android platform
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Mimic: An active covert channel that evades regularity-based detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.01 |
Indirect communication channels have been effectively employed in the communications world to bypass mechanisms that do not permit direct communication between unauthorized parties. Such covert channels emerge as a threat to information-sensitive systems in which leakage to unauthorized parties may be unacceptable (e.g., military systems). In this dissertation, we show that traffic analysis can counter traditional event-based covert channels, which do not employ any additional scheme to obfuscate the channel further. For these channels, we introduce effective noiseless and noisy covert channel detection mechanisms that capture the anomalous traffic patterns. However, because a motivated user can potentially hide the channel further, we introduce a new family of covert channels that do not produce such anomaly. These IP time-replay covert channels transmit covert messages by adjusting packet timings consistent with inter-arrival time sequences that are extracts from recently recorded normal sequences. Under certain assumptions and lowered data rates, these channels generate output sequences that are equal in distribution to normal sequences allowing them to by-pass traffic anomaly detection schemes that are based on distribution analysis. Additionally, we illustrate that these channels can potentially survive channel elimination schemes such as jammers and network data pumps with lowered data rates. Thus, we discuss two types of transformations on packet inter-arrival times to increase the efficacy of existing elimination schemes.