Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels
IEEE Transactions on Software Engineering
Application of sampling methodologies to network traffic characterization
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
Analyzing stability in wide-area network performance
SIGMETRICS '97 Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
An introduction to Kolmogorov complexity and its applications (2nd ed.)
An introduction to Kolmogorov complexity and its applications (2nd ed.)
Shared resource matrix methodology: an approach to identifying storage and timing channels
ACM Transactions on Computer Systems (TOCS)
A lattice model of secure information flow
Communications of the ACM
SODA '03 Proceedings of the fourteenth annual ACM-SIAM symposium on Discrete algorithms
Hiding Data in the OSI Network Model
Proceedings of the First International Workshop on Information Hiding
Covert Information Transmission through the Use of Standard Collision Resolution Algorithms
IH '99 Proceedings of the Third International Workshop on Information Hiding
DNA Sequence Classification Using Compression-Based Induction
DNA Sequence Classification Using Compression-Based Induction
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
New covert channels in HTTP: adding unwitting Web browsers to anonymity sets
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Towards parameter-free data mining
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
Error Correction Coding: Mathematical Methods and Algorithms
Error Correction Coding: Mathematical Methods and Algorithms
Algorithmic Clustering of Music Based on String Compression
Computer Music Journal
Program confinement in KVM/370
ACM '77 Proceedings of the 1977 annual conference
Compression and Machine Learning: A New Perspective on Feature Space Vectors
DCC '06 Proceedings of the Data Compression Conference
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Covert messaging through TCP timestamps
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Embedding covert channels into TCP/IP
IH'05 Proceedings of the 7th international conference on Information Hiding
An information-theoretic and game-theoretic study of timing channels
IEEE Transactions on Information Theory
IEEE Transactions on Information Theory
An approach towards anomaly based detection and profiling covert TCP/IP channels
ICICS'09 Proceedings of the 7th international conference on Information, communications and signal processing
Strengthening forensic investigations of child pornography on P2P networks
Proceedings of the 6th International COnference
Robust and undetectable steganographic timing channels for i.i.d. traffic
IH'10 Proceedings of the 12th international conference on Information hiding
Evaluating the transmission rate of covert timing channels in a network
Computer Networks: The International Journal of Computer and Telecommunications Networking
Network covert channels on the Android platform
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Steganography in streaming multimedia over networks
Transactions on Data Hiding and Multimedia Security VII
Covertness analysis of subliminal channels in legitimate communication
ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
Detecting co-residency with active traffic analysis techniques
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
An approach for network information flow analysis for systems of embedded components
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Mimic: An active covert channel that evades regularity-based detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.02 |
A covert channel can occur when an attacker finds and exploits a shared resource that is not designed to be a communication mechanism. A network covert channel operates by altering the timing of otherwise legitimate network traffic so that the arrival times of packets encode confidential data that an attacker wants to exfiltrate from a secure area from which she has no other means of communication. In this article, we present the first public implementation of an IP covert channel, discuss the subtle issues that arose in its design, and present a discussion on its efficacy. We then show that an IP covert channel can be differentiated from legitimate channels and present new detection measures that provide detection rates over 95%. We next take the simple step an attacker would of adding noise to the channel to attempt to conceal the covert communication. For these noisy IP covert timing channels, we show that our online detection measures can fail to identify the covert channel for noise levels higher than 10%. We then provide effective offline search mechanisms that identify the noisy channels.