Error probability analysis of IP Time To Live covert channels

Communication is not necessarily made secure by the use of encryption alone. The mere existence of communication is often enough to raise suspicion and trigger investigative actions. Covert channels aim to hide the very existence of the communication. The huge amount of data and vast number of different protocols in the Internet makes it ideal as a high-bandwidth vehicle for covert communications. A number of researchers have proposed different techniques to encode covert information into the IP time to live (TTL) field. This is a noisy covert channel since the TTL field is modified between covert sender and receiver. For computing the channel capacity it is necessary to know the probability of channel errors. In this paper we derive analytical solutions for the error probabilities of the different encoding schemes. We simulate the different encoding schemes and compare the simulation results with the analytical error probabilities. Finally, we compare the performance of the different encoding schemes for an idealised error distribution and an empirical TTL error distribution obtained from real Internet traffic.