Abstract
Network covert timing channel is a communication mechanism that transfers secret messages by modulating the timing characteristics of network traffic. It is targeted for secret information transmission on networks which can ensure security and confidentiality. However, most proposed covert timing channels can be detected by several detection methods such as regularity testing, distribution shape testing, entropy-based testing and recent machine learning based methods. In this paper, we design and implement a novel covert timing channel by leveraging Geometric Huffman Coding (GHC) to realize covert and overt channel matching. In network experiments and simulations, it is demonstrated that the proposed channel is undetectable against not only the traditional detection methods but also the latest machine learning based methods. Meanwhile, it maintains a reasonable transmission capacity of 2.25 bits/packet much higher than binary channels.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Archibald, R., Ghosal, D.: A covert timing channel based on fountain codes. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 970–977. IEEE (2012)
Archibald, R., Ghosal, D.: A comparative analysis of detection metrics for covert timing channels. Comput. Secur. 45, 284–292 (2014)
Bocherer, G., Mathar, R.: Matching dyadic distributions to channels. In: 2011 Data Compression Conference (DCC), pp. 23–32. IEEE (2011)
Böcherer, G.: Capacity-achieving probabilistic shaping for noisy and noiseless channels. Ph.D. thesis, Hochschulbibliothek der Rheinisch-Westfälischen Technischen Hochschule Aachen (2012)
Cabuk, S.: Network covert channels: design, analysis, detection, and elimination (2006)
Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 178–187. ACM (2004)
Gianvecchio, S., Wang, H.: Detecting covert timing channels: an entropy-based approach. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 307–316. ACM (2007)
Kang, M.H., Moskowitz, I.S., Chincheck, S.: The pump: a decade of covert fun. In: 21st Annual Computer Security Applications Conference, pp. 7–pp. IEEE (2005)
Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)
Liu, G., Zhai, J., Dai, Y.: Network covert timing channel with distribution matching. Telecommun. Syst. 49(2), 199–205 (2012)
Liu, Y., Ghosal, D., Armknecht, F., Sadeghi, A.-R., Schulz, S., Katzenbeisser, S.: Hide and seek in time—robust covert timing channels. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 120–135. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_8
Lou, J., Zhang, M., Fu, P.: Design of network covert transmission scheme based on TCP. Netinfo. Secur. 34–39 (2016)
Martins, D., Guyennet, H.: Attacks with steganography in PHY and MAC layers of 802.15.4 protocol. In: Fifth International Conference on Systems and Networks Communications, pp. 31–36 (2010)
Porta, A., Baselli, G., Liberati, D., Montano, N., Cogliati, C., Gnecchi-Ruscone, T., Malliani, A., Cerutti, S.: Measuring regularity by means of a corrected conditional entropy in sympathetic outflow. Biol. Cybern. 78(1), 71–78 (1998)
Sellke, S.H., Wang, C.-C., Bagchi, S., Shroff, N.: TCP/IP timing channels: theory to implementation. In: 2009 IEEE INFOCOM, pp. 2204–2212. IEEE (2009)
Shah, G., Molina, A., Blaze, M.: Keyboards and covert channels. In: Conference on Usenix Security Symposium, p. 5 (2006)
Shrestha, P.L., Hempel, M., Rezaei, F., Sharif, H.: A support vector machine-based framework for detection of covert timing channels. IEEE Trans. Dependable Secur. Comput. 13(2), 274–283 (2016)
Walls, R.J., Kothari, K., Wright, M.: Liquid: a detection-resistant covert timing channel based on IPD shaping. Comput. Netw. 55(6), 1217–1228 (2011)
Zander, S., Armitage, G., Branch, P.: A survey of covert channels and countermeasures in computer network protocols. IEEE Commun. Surv. Tutor. 9(3), 44–57 (2007)
Acknowledgments
This work was supported by the National Natural Science Foundation of China (Nos. 61572456, 61672487), the Anhui Province Guidance Funds for Quantum Communication and Quantum Computers and the Natural Science Foundation of Jiangsu Province of China (No. BK20151241).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Liu, J., Yang, W., Huang, L., Chen, W. (2018). A Detection-Resistant Covert Timing Channel Based on Geometric Huffman Coding. In: Chellappan, S., Cheng, W., Li, W. (eds) Wireless Algorithms, Systems, and Applications. WASA 2018. Lecture Notes in Computer Science(), vol 10874. Springer, Cham. https://doi.org/10.1007/978-3-319-94268-1_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-94268-1_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94267-4
Online ISBN: 978-3-319-94268-1
eBook Packages: Computer ScienceComputer Science (R0)