Stealthier inter-packet timing covert channels

Authors:
Sebastian Zander;Grenville Armitage;Philip Branch
Affiliations:
Centre for Advanced Internet Architectures (CAIA), Swinburne University of Technology, Melbourne Australia;Centre for Advanced Internet Architectures (CAIA), Swinburne University of Technology, Melbourne Australia;Centre for Advanced Internet Architectures (CAIA), Swinburne University of Technology, Melbourne Australia
Venue:
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
Year:
2011

Citing 12
Cited 1

Elements of information theory

Elements of information theory
End-to-end internet packet dynamics

IEEE/ACM Transactions on Networking (TON)
A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification

ACM SIGCOMM Computer Communication Review
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)

Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Keyboards and covert channels

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Detecting covert timing channels: an entropy-based approach

Proceedings of the 14th ACM conference on Computer and communications security
Cauchy Distribution for Jitter in IP Networks

CONIELECOMP '08 Proceedings of the 18th International Conference on Electronics, Communications and Computers (conielecomp 2008)
Model-Based Covert Timing Channels: Automated Modeling and Evasion

RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Empirical Evaluation of Hash Functions for PacketID Generation in Sampled Multipoint Measurements

PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Rapid identification of Skype traffic flows

Proceedings of the 18th international workshop on Network and operating systems support for digital audio and video
Hide and seek in time: robust covert timing channels

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A Survey of Covert Channels and Countermeasures in Computer Network Protocols

IEEE Communications Surveys & Tutorials

Cirripede: circumvention infrastructure using router redirection with plausible deniability

Proceedings of the 18th ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Covert channels aimto hide the existence of communication. Recently proposed packet-timing channels encode covert data in inter-packet times, based on models of inter-packet times of normal traffic. These channels are detectable if normal inter-packet times are not independent identically-distributed, which we demonstrate is the case for several network applications. We show that ∼80% of channels are detected with a false positive rate of 0.5%. We then propose an improved channel that is much harder to detect. Only ∼9% of our new channels are detected at a false positive rate of 0.5%. Our new channel uses packet content for synchronisation and works with UDP and TCP traffic. The channel capacity reaches over hundred bits per second depending on overt traffic and network jitter.