Abstract
In this paper, we propose CoCo, a novel framework for establishing covert timing channels. The CoCo covert channel modulates the covert message in the inter-packet delays of the network flows, while a coding algorithm is used to ensure the robustness of the covert message to different perturbations. The CoCo covert channel is adjustable: by adjusting certain parameters one can trade off different features of the covert channel, i.e., robustness, rate, and undetectability. By simulating the CoCo covert channel using different coding algorithms we show that CoCo improves the covert robustness as compared to the previous research, while being practically undetectable.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bavier, A., Bowman, M., Chun, B., Culler, D., Karlin, S., Muir, S., Peterson, L., Roscoe, T., Spalink, T., Wawrzoniak, M.: Operating systems support for planetary-scale network services. In: Morris, R., Savage, S. (eds.) Symposium on Networked Systems Design and Implementation, pp. 253–266. USENIX (March 2004)
Berk, V., Giani, A., Cybenko, G.: Detection of covert channel encoding in network packet delays. Tech. Rep. TR2005-536, Dartmouth College, Computer Science, Hanover, NH (August 2005), http://www.cs.dartmouth.edu/reports/TR2005-536-rev1.pdf
Cabuk, Brodley, Shields: IP covert timing channels: Design and detection. In: SIGSAC: 11th ACM Conference on Computer and Communications Security. ACM SIGSAC (2004)
Cabuk, S.: Network covert channels: Design, analysis, detection, and elimination (January 2006), http://docs.lib.purdue.edu/dissertations/AAI3260014
Department of Defense: DoD 5200.28-STD: Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) (1985)
Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification. Wiley, Chichester (2001), http://www.rii.ricoh.com/~stork/DHS.html
Gianvecchio, S., Wang, H.: Detecting covert timing channels: an entropy-based approach. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) ACM Conference on Computer and Communications Security, pp. 307–316. ACM, New York (2007), http://doi.acm.org/10.1145/1315245.1315284
Gianvecchio, S., Wang, H., Wijesekera, D., Jajodia, S.: Model-based covert timing channels: Automated modeling and evasion. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 211–230. Springer, Heidelberg (2008), http://dx.doi.org/10.1007/978-3-540-87403-4_12
Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert messaging through TCP timestamps. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 194–208. Springer, Heidelberg (2003)
Giles, J., Hajek, B.: An information-theoretic and game-theoretic study of timing channels. IEEE Transactions on Information Theory 48(9), 2455–2477 (2002)
Girling, C.G.: Covert channels in LAN’s. IEEE Transactions in Software Engineering SE-13(2), 292–296 (1987)
Handel, Sandford.: Hiding data in the OSI network model. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, Springer, Heidelberg (1996)
van Lint, J.H.: Introduction to Coding Theory, 3rd edn. Springer, Berlin (1998)
Liu, Y., Ghosal, D., Armknecht, F., Sadeghi, A.R., Schulz, S., Katzenbeisser, S.: Hide and seek in time — robust covert timing channels. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 120–135. Springer, Heidelberg (2009), http://dx.doi.org/10.1007/978-3-642-04444-1
Liu, Y., Ghosal, D., Armknecht, F., Sadeghi, A.R., Schulz, S., Katzenbeisser, S.: Robust and undetectable steganographic timing channels for i.i.d. Traffic. In: Böhme, R., Fong, P.W.L., Safavi-Naini, R. (eds.) IH 2010. LNCS, vol. 6387, pp. 193–207. Springer, Heidelberg (2010), http://dx.doi.org/10.1007/978-3-642-16435-4
MacKay, D.: Information Theory, Inference, and Learning Algorithms (September 2003)
Murdoch, S.J., Lewis, S.: Embedding covert channels into TCP/IP. In: Barni, M., Herrera-JoancomartÃ, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 247–261. Springer, Heidelberg (2005), http://dx.doi.org/10.1007/11558859_19
Padlipsky, M., Snow, D., Karger, P.: Limitations of end-to-end encryption in secure computer networks. Tech. Rep. ESD TR-78-158, Mitre Corporation (1978)
Rowland, C.H.: Covert channels in the TCP/IP protocol suite. First Monday 2(5) (1997), http://firstmonday.org/issues/issue2_5/rowland/index.html
Sellke, S.H., Wang, C.C., Bagchi, S., Shroff, N.B.: Tcp/ip timing channels: Theory to implementation. In: INFOCOM, pp. 2204–2212. IEEE, Los Alamitos (2009)
Shah, G., Molina, A., Blaze, M.: Keyboards and covert channels. In: Proceedings of the 15th Conference on USENIX Security Symposium, vol. 15, USENIX Association, Berkeley (2006), http://portal.acm.org/citation.cfm?id=1267336.1267341
Walsworth, C., Aben, E., Claffy, K.C., Andersen, D.: The CAIDA anonymized 2009 Internet traces—January (March 2009), http://www.caida.org/data/passive/passive_2009_dataset.xml
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Houmansadr, A., Borisov, N. (2011). CoCo: Coding-Based Covert Timing Channels for Network Flows. In: Filler, T., Pevný, T., Craver, S., Ker, A. (eds) Information Hiding. IH 2011. Lecture Notes in Computer Science, vol 6958. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24178-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-24178-9_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24177-2
Online ISBN: 978-3-642-24178-9
eBook Packages: Computer ScienceComputer Science (R0)