Cloak: a ten-fold way for reliable covert communications

Authors:
Xiapu Luo;Edmond W. W. Chan;Rocky K. C. Chang
Affiliations:
Department of Computing, The Hong Kong Polytechnic University;Department of Computing, The Hong Kong Polytechnic University;Department of Computing, The Hong Kong Polytechnic University
Venue:
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Year:
2007

Citing 14
Cited 2

Infranet: Circumventing Web Censorship and Surveillance

Proceedings of the 11th USENIX Security Symposium
Eliminating Steganography in Internet Traffic with Active Wardens

IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays

Proceedings of the 10th ACM conference on Computer and communications security
Access for sale: a new class of worm

Proceedings of the 2003 ACM workshop on Rapid malcode
Protocol scrubbing: network security through transparent flow modification

IEEE/ACM Transactions on Networking (TON)
Web tap: detecting covert web traffic

Proceedings of the 11th ACM conference on Computer and communications security
IP covert timing channels: design and detection

Proceedings of the 11th ACM conference on Computer and communications security
Hacking a Terror Network

Hacking a Terror Network
Tracking anonymous peer-to-peer VoIP calls on the internet

Proceedings of the 12th ACM conference on Computer and communications security
A First Course in Information Theory (Information Technology: Transmission, Processing and Storage)

A First Course in Information Theory (Information Technology: Transmission, Processing and Storage)
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Keyboards and covert channels

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Steganographic communication in ordered channels

IH'06 Proceedings of the 8th international conference on Information hiding
Malicious ICMP tunneling: defense against the vulnerability

ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy

Model-Based Covert Timing Channels: Automated Modeling and Evasion

RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Detecting co-residency with active traffic analysis techniques

Proceedings of the 2012 ACM Workshop on Cloud computing security workshop

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we propose Cloak--a new class of reliable timing channels--which is fundamentally different from other timing channels in several aspects. First, Cloak encodes a message by a unique distribution of N packets over X TCP flows. The combinatorial nature of the encoding methods increases the channel capacity largely with (N,X). Second, Cloak offers ten different encoding and decoding methods, each of which has a unique tradeoff among several important considerations, such as channel capacity and the need for packet marking. Third, the packet transmissions modulated by Cloak could be carefully crafted to mimic the normal TCP flows in a typical TCP-based application session. Although Cloak's basic idea is simple, we show in this paper how we tackle a number of challenging issues systematically. Our experiment results collected from PlanetLab nodes and a test bed suggest that Cloak is feasible under various network conditions and different round-trip delays.