A High Throughput Covert Overlay Network within a MANET

We present a method of establishing an obfuscated overlay network on an existing mobile ad hoc network (MANET). This overlay network is created and operated covertly, makes use of the AODV routing protocol, and utilizes a wide-band side-channel. The side-channel is manipulated so that its traffic appears as errors to the primary network, which uses the OLSR routing protocol. Only nodes privy to the knowledge that side-channel frames have been intentionally corrupted will refrain from dropping the frames as errors and are capable of processing their content. Because the overlay network uses a different routing protocol, it frequently establishes different routes than the primary network, effectively implementing dispersity routing. We then demonstrate that the obfuscated traffic of the overlay network cannot be readily discovered despite using a powerful detection method. We introduce a detection method that assumes the existence of an ´oracle´ to perform traffic analysis and extract side-channel signatures in both time and frequency domains. The oracular traffic analysis assumes a priori knowledge of all covert traffic. Using signatures produced by an oracular detector, a non-oracular observer can attempt to detect the covert-channel. To evade this form of detection, we reduce the efficacy of the signatures by a traffic shaping technique that adds random delays to the scheduled transmission time of the side-traffic. We show that the signature reduction is most effective when the delays are statistically similar to the packet arrival time of the background traffic. With our proposed traffic shaping technique we reduce the potential discovery of the overlay network.