Analysis and monitoring of hidden TCP traffic based on an open-source covert timing channel

Many contexts dealing with sensitive information require high-robustness and high-assurance certified security systems that should not be affected by known vulnerabilities. Covert channels are illicit paths that could be exploited by attackers to convey illicit data flows that contravene the security policies. Many implementations of the so-called Covert Storage Channels exist, whereas no implementation of Covert Timing Channels is available. In this paper, we first discuss an Open-Source Covert Timing Channel implementation, describing in detail our innovative approach. Then, we analyze real TCP traffic in the presence of our covert channel for three scenarios of interest, varying the number of hops and round trip time of the connections. The results, from real network traffic monitoring, confirm the validity of our open-source covert timing channel implementation for hidden TCP traffic analysis, in different environmental and operating network conditions.