Application of sampling methodologies to network traffic characterization
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
Analyzing stability in wide-area network performance
SIGMETRICS '97 Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
The String-to-String Correction Problem
Journal of the ACM (JACM)
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Eliminating Steganography in Internet Traffic with Active Wardens
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Covert messaging through TCP timestamps
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
An information-theoretic and game-theoretic study of timing channels
IEEE Transactions on Information Theory
The Journal of Machine Learning Research
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Proceedings of the 9th workshop on Multimedia & security
Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
Anti-jamming timing channels for wireless networks
WiSec '08 Proceedings of the first ACM conference on Wireless network security
A security domain model to assess software for exploitable covert channels
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Model-Based Covert Timing Channels: Automated Modeling and Evasion
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Towards quantification of network-based information leaks via HTTP
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
ACM Transactions on Information and System Security (TISSEC)
A new cell counter based attack against tor
Proceedings of the 16th ACM conference on Computer and communications security
The role of network trace anonymization under attack
ACM SIGCOMM Computer Communication Review
Analyzing network-aware active wardens in IPv6
IH'06 Proceedings of the 8th international conference on Information hiding
A performance analysis of authentication using covert timing channels
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
Embedding a covert channel in active network connections
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Hide and seek in time: robust covert timing channels
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
CLACK: a network covert channel based on partial acknowledgment encoding
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
An approach towards anomaly based detection and profiling covert TCP/IP channels
ICICS'09 Proceedings of the 7th international conference on Information, communications and signal processing
IPv6 stateless address autoconfiguration considered harmful
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Robust and undetectable steganographic timing channels for i.i.d. traffic
IH'10 Proceedings of the 12th international conference on Information hiding
Summary-invisible networking: techniques and defenses
ISC'10 Proceedings of the 13th international conference on Information security
Covert channels in multiple access protocols
Proceedings of the ACM SIGCOMM 2011 conference
Dark clouds on the horizon: using cloud storage as attack vector and online slack space
SEC'11 Proceedings of the 20th USENIX conference on Security
CoCo: coding-based covert timing channels for network flows
IH'11 Proceedings of the 13th international conference on Information hiding
Low-attention forwarding for mobile network covert channels
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
An exploration of L2 cache covert channels in virtualized environments
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Cirripede: circumvention infrastructure using router redirection with plausible deniability
Proceedings of the 18th ACM conference on Computer and communications security
A new method for authentication based on covert channel
NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
An asynchronous covert channel using spam
Computers & Mathematics with Applications
Network covert channels on the Android platform
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies
Leaving timing-channel fingerprints in hidden service log files
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Whispers in the hyper-space: high-speed covert channel attacks in the cloud
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Detecting co-residency with active traffic analysis techniques
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Cloak: a ten-fold way for reliable covert communications
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Mimic: An active covert channel that evades regularity-based detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
SoNIC: precise realtime software access and control of wired networks
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Moving steganography and steganalysis from the laboratory into the real world
Proceedings of the first ACM workshop on Information hiding and multimedia security
Horizon extender: long-term preservation of data leakage evidence in web traffic
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Practical comprehensive bounds on surreptitious communication over DNS
SEC'13 Proceedings of the 22nd USENIX conference on Security
PHY covert channels: can you see the idles?
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
A network covert channel is a mechanism that can be used to leak information across a network in violation of a security policy and in a manner that can be difficult to detect. In this paper, we describe our implementation of a covert network timing channel, discuss the subtle issues that arose in its design, and present performance data for the channel. We then use our implementation as the basis for our experiments in its detection. We show that the regularity of a timing channel can be used to differentiate it from other traffic and present two methods of doing so and measures of their efficiency. We also investigate mechanisms that attackers might use to disrupt the regularity of the timing channel, and demonstrate methods of detection that are effective against them.