A typical noisy covert channel in the IP protocol

Previous studies have exploited a number of noiseless covert channels in the IPv4 protocol by using some fields in the IP header including the identification, the header checksum and the padding fields. These channels can transmit covert information correctly between two Internet nodes, but will be eliminated after the adoption of the IPv6 protocol. To construct a covert channel which can survive in the IPv6 protocol, a noisy covert channel is designed by using the TTL field in the IPv4 header. The channel can be exploited in the IPv6 protocol because the TTL field will be substituted by the Hop Limit field with a similar function. Two methods are presented including one-bit-per-packet method and TTL partition method. The maximal attainable bandwidth of the channel is discussed and a formula is given to calculate the maximal attainable bandwidth. The maximal attainable bandwidth is inversely proportional to the expectation and variance of the distribution of the average hop number between two communication nodes. The correlation between the maximal attainable bandwidth and the selection of the code error rate is also analyzed. Some statistics data from real networks are collected to estimate the bandwidth of the channel in practice. The result shows that the covert channel is effective in most situations.