Infranet: Circumventing Web Censorship and Surveillance
Proceedings of the 11th USENIX Security Symposium
Eliminating Steganography in Internet Traffic with Active Wardens
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Proceedings of the 10th ACM conference on Computer and communications security
Access for sale: a new class of worm
Proceedings of the 2003 ACM workshop on Rapid malcode
Protocol scrubbing: network security through transparent flow modification
IEEE/ACM Transactions on Networking (TON)
Web tap: detecting covert web traffic
Proceedings of the 11th ACM conference on Computer and communications security
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
Hacking a Terror Network
Tracking anonymous peer-to-peer VoIP calls on the internet
Proceedings of the 12th ACM conference on Computer and communications security
A First Course in Information Theory (Information Technology: Transmission, Processing and Storage)
A First Course in Information Theory (Information Technology: Transmission, Processing and Storage)
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Steganographic communication in ordered channels
IH'06 Proceedings of the 8th international conference on Information hiding
Malicious ICMP tunneling: defense against the vulnerability
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Model-Based Covert Timing Channels: Automated Modeling and Evasion
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Detecting co-residency with active traffic analysis techniques
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Hi-index | 0.00 |
In this paper, we propose Cloak--a new class of reliable timing channels--which is fundamentally different from other timing channels in several aspects. First, Cloak encodes a message by a unique distribution of N packets over X TCP flows. The combinatorial nature of the encoding methods increases the channel capacity largely with (N,X). Second, Cloak offers ten different encoding and decoding methods, each of which has a unique tradeoff among several important considerations, such as channel capacity and the need for packet marking. Third, the packet transmissions modulated by Cloak could be carefully crafted to mimic the normal TCP flows in a typical TCP-based application session. Although Cloak's basic idea is simple, we show in this paper how we tackle a number of challenging issues systematically. Our experiment results collected from PlanetLab nodes and a test bed suggest that Cloak is feasible under various network conditions and different round-trip delays.