Affiliation:
1. Hewlett-Packard Laboratories
2. Tufts University
3. Georgetown University
Abstract
A covert channel can occur when an attacker finds and exploits a shared resource that is not designed to be a communication mechanism. A network covert channel operates by altering the timing of otherwise legitimate network traffic so that the arrival times of packets encode confidential data that an attacker wants to exfiltrate from a secure area from which she has no other means of communication. In this article, we present the first public implementation of an IP covert channel, discuss the subtle issues that arose in its design, and present a discussion on its efficacy. We then show that an IP covert channel can be differentiated from legitimate channels and present new detection measures that provide detection rates over 95%. We next take the simple step an attacker would of adding noise to the channel to attempt to conceal the covert communication. For these noisy IP covert timing channels, we show that our online detection measures can fail to identify the covert channel for noise levels higher than 10%. We then provide effective offline search mechanisms that identify the noisy channels.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference58 articles.
1. Abad C. 2001. IP checksum covert channels and selected hash collision. Tech. rep. University of California. Abad C. 2001. IP checksum covert channels and selected hash collision. Tech. rep. University of California.
2. Ahsan K. 2000. Covert channel analysis and data hiding in TCP/IP. M.S. thesis University of Toronto. Ahsan K. 2000. Covert channel analysis and data hiding in TCP/IP. M.S. thesis University of Toronto.
3. Analyzing stability in wide-area network performance
4. New covert channels in HTTP
Cited by
80 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Weaknesses of Popular and Recent Covert Channel Detection Methods and a Remedy;IEEE Transactions on Dependable and Secure Computing;2023-11
2. Reversible Network Covert Channel by Payload Modulation in Streams of Decimal Sensor Values;2023 IEEE 19th International Conference on e-Science (e-Science);2023-10-09
3. A Long-Term Perspective of the Internet Susceptibility to Covert Channels;IEEE Communications Magazine;2023-10
4. Detecting covert channel attacks on cyber‐physical systems;IET Cyber-Physical Systems: Theory & Applications;2023-09-20
5. Network Covert Channels in Routing Protocols;Proceedings of the 18th International Conference on Availability, Reliability and Security;2023-08-29