A novel high-speed IP-timing covert channel: Design and evaluation

Covert channel is a classical threat to cyber security because it aims to transfer data between entities that are not allowed to exchange information. To enhance the security of cyber systems, many covert channels have been identified and investigated, in which IP-timing covert channel is one of the important risks because IP is the dominating communication protocol for computer networks. However, despite the potential risks, existing IP-timing covert channels seem to be less significant because most of them carry information by arbitrary inter-packet delays, which leads to low transmission rates and can be easily detected. In this paper, we identify a novel IP-timing covert channel that can significantly increase the transmission rate. Specifically, we propose a new framework for IP-timing covert channel, where the main idea is to use the routes to carry information. Based on the framework, we present the detailed designs for IP-timing covert channels based on TCP and UDP, in which we develop new technique to reduce the channel error rate. To evaluate the performance of the proposed covert channels, we also implement them in realistic systems and conduct extensive experiments. The experimental results show that the proposed IP-timing covert channel achieves 15 times higher rate than existing channels with less than 0.54% error rate. This study shows that the risk of IP-timing channel can be more serious than expected, which requires more sophisticated countermeasures.