Title :
TCP covert timing channels: Design and detection
Author :
Luo, Xiapu ; Chan, Edmond W W ; Chang, Rocky K C
Author_Institution :
Dept. of Comput., Hong Kong Polytech. Univ., Hong Kong
Abstract :
Exploiting packetspsila timing information for covert communication in the Internet has been explored by several network timing channels and watermarking schemes. Several of them embed covert information in the inter-packet delay. These channels, however, can be detected based on the perturbed traffic pattern, and their decoding accuracy could be degraded by jitter, packet loss and packet reordering events. In this paper, we propose a novel TCP-based timing channel, named TCPScript to address these shortcomings. TCPScript embeds messages in ldquonormalrdquo TCP data bursts and exploits TCPpsilas feedback and reliability service to increase the decoding accuracy. Our theoretical capacity analysis and extensive experiments have shown that TCPScript offers much higher channel capacity and decoding accuracy than an IP timing channel and JitterBug. On the countermeasure, we have proposed three new metrics to detect aggressive TCPScript channels.
Keywords :
IP networks; Internet; channel capacity; computer network reliability; decoding; feedback; transport protocols; IP timing channel; Internet; JitterBug; TCP covert timing channels; TCPScript channels; channel capacity; covert communication; decoding accuracy; feedback; interpacket delay; jitter; packet loss; packet reordering; reliability; theoretical capacity analysis; watermarking schemes; Decoding; Degradation; Delay; Event detection; IP networks; Jitter; TCPIP; Telecommunication traffic; Timing; Watermarking;
Conference_Titel :
Dependable Systems and Networks With FTCS and DCC, 2008. DSN 2008. IEEE International Conference on
Conference_Location :
Anchorage, AK
Print_ISBN :
978-1-4244-2397-2
Electronic_ISBN :
978-1-4244-2398-9
DOI :
10.1109/DSN.2008.4630112
