Embedding a covert channel in active network connections

Authors:
Hassan Khan;Yousra Javed;Fauzan Mirza;Syed Ali Khayam
Affiliations:
National University of Sciences & Technology, Islamabad, Pakistan;National University of Sciences & Technology, Islamabad, Pakistan;National University of Sciences & Technology, Islamabad, Pakistan;National University of Sciences & Technology, Islamabad, Pakistan
Venue:
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Year:
2009

Citing 16
Cited 0

The 1999 DARPA off-line intrusion detection evaluation

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A note on the confinement problem

Communications of the ACM
Covert Channels in LAN Protocols

LANSEC '89 Proceedings on the Workshop for European Institute for System Security on Local Area Network Security
Hiding Data in the OSI Network Model

Proceedings of the First International Workshop on Information Hiding
Eliminating Steganography in Internet Traffic with Active Wardens

IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Covert Channel Elimination Protocols

Covert Channel Elimination Protocols
New covert channels in HTTP: adding unwitting Web browsers to anonymity sets

Proceedings of the 2003 ACM workshop on Privacy in the electronic society
IP covert timing channels: design and detection

Proceedings of the 11th ACM conference on Computer and communications security
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Covert Channels in LAN's

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Covert messaging through TCP timestamps

PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
New VoIP traffic security scheme with digital watermarking

SAFECOMP'06 Proceedings of the 25th international conference on Computer Safety, Reliability, and Security
Syntax and semantics-preserving application-layer protocol steganography

IH'04 Proceedings of the 6th international conference on Information Hiding
The research on information hiding based on command sequence of FTP protocol

KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part III
Embedding covert channels into TCP/IP

IH'05 Proceedings of the 7th international conference on Information Hiding
An information-theoretic and game-theoretic study of timing channels

IEEE Transactions on Information Theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

Covert timing channels exploit varying packet rates between synchronized sending and receiving hosts to transmit hidden information. The overhead in synchronizing covert timing channels and their inherent dependence on network conditions are their main drawbacks. In this paper, we propose a covert channel using multiple active connections that does not depend on the timing differences between consecutive packets. Our proposed approach uses multiple network connections between a pair of communicating hosts to transmit covert data. Hence this covert channel is unaffected by underlying unpredictable network conditions. The concealed data is embedded in the order and sequence of connections to/from which regular (cover) packets of data are sent/received. Our experimental results show that, in addition to higher channel capacity, our proposed channel is undetectable using contemporary timing channel detection approaches.