A note on the confinement problem
Communications of the ACM
Eliminating Steganography in Internet Traffic with Active Wardens
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
RouteBricks: exploiting parallelism to scale software routers
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Hide and seek in time: robust covert timing channels
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
PacketShader: a GPU-accelerated software router
Proceedings of the ACM SIGCOMM 2010 conference
Exact temporal characterization of 10 Gbps optical wide-area network
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Robust and undetectable steganographic timing channels for i.i.d. traffic
IH'10 Proceedings of the 12th international conference on Information hiding
Embedding covert channels into TCP/IP
IH'05 Proceedings of the 7th international conference on Information Hiding
A Survey of Covert Channels and Countermeasures in Computer Network Protocols
IEEE Communications Surveys & Tutorials
An information-theoretic and game-theoretic study of timing channels
IEEE Transactions on Information Theory
Netmap: a novel framework for fast packet I/O
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
NetSlices: scalable multi-core packet processing in user-space
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
SoNIC: precise realtime software access and control of wired networks
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
Network covert timing channels embed secret messages in legitimate packets by modulating interpacket delays. Unfortunately, such channels are normally implemented in higher network layers (layer 3 or above) and easily detected or prevented. However, access to the physical layer of a network stack allows for timing channels that are virtually invisible: Sub-microsecond modulations that are undetectable by software endhosts. Therefore, covert timing channels implemented in the physical layer can be a serious threat to the security of a system or a network. In fact, we empirically demonstrate an effective covert timing channel over nine routing hops and thousands of miles over the Internet (the National Lambda Rail). Our covert timing channel works with cross traffic, less than 10% bit error rate, which can be masked by forward error correction, and a covert rate of 81 kilobits per second. Key to our approach is access and control over every bit in the physical layer of a 10 Gigabit network stack (a bit is 100 picoseconds wide at 10 gigabit per seconds), which allows us to modulate and interpret interpacket spacings at sub-microsecond scale. We discuss when and how a timing channel in the physical layer works, how hard it is to detect such a channel, and what is required to do so.