Abstract
IP covert timing channel (IPCTC) is an unconventional communication channel which attaches time information to the packets of an overt channel as messages carriers, e.g., using different inter-packet delays to transmit messages in a packet-switched network. Although the IPCTCs have many different communication methods, based on the concept of time, we categorized the base communication model of the IPCTCs into three types and then utilized the signal processing theory to build their mathematical models. As a result, the basic characteristics of the IPCTCs’ base model were formally derived. Hence, the characteristics of any IPCTC can be derived from the base models that consist of the IPCTC. Furthermore, a set of approaches was devised to implement the base model of the IPCTCs in a TCP/IP network. Experimental results show the correctness of the proposed base model of the IPCTCs in this paper.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Lampson B. A note on the confinement problem. ACM Communication, 1973, 16(10): 613–615
Cabuk S, Brodley C, Shields C. IP covert channel detection. ACM Transations on Information and System Security, 2009, 12(4): 1–29
Costich O, Moskowitz I. Analysis of a storage channel in the two phase commit protocol. In: Proceedings of Computer Security Foundations Workshop IV. 1991, 201–208
Cabuk S, Brodley C, Shields C. IP covert timing channels: design and detection. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, 2004, 178–187
Trabelsi Z, Sayed H, Frikha L, Rabie T. A novel covert channel based on the IP header record route option. International Journal of Advanced Media Communication, 2007, 1(4): 328–350
Zander S, Armitage G, Branch P. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys and Tutorials, 2007, 9(3): 44–57
Yao L, Zi X, Pan L, Li J. A study of on/off timing channel based on packet delay distribution. Computers and Security, 2009, 28(8): 785–794
Houmansadr A, Kiyavash N, Borisov N. Rainbow: a robust and invisible non-blind watermark for network flows. In: Proceedings of the Network and Distributed Sytem Security Symposium. 2009
Houmansadr A, Borisov N. Swirl: a scalable watermark to detect correlated network flows. In: Proceedings of the Network and Distributed System Security Symposium. 2011
Shah G, Molina A, Blaze M. Keyboards and covert channels. In: Proceedings of the 15th USENIX Security Symposium. 2006, 59–75
Berk V, Giani A, Cybenko G. Detection of Covert Channel Encoding in Network Packet Delays. Technical Report. 2005
El-Atawy A, Al-Shaer E. Building covert channels over the packet reordering phenomenon. In: Proceedings of the IEEE INFOCOM. 2009, 2186–2194
Luo X P, Chan E, Zhou P, Chang R. Robust network covert communications based on TCP and enumerative combinatorics. IEEE Transactions on Dependable and Secure Computing, 2012, 9(6): 890–902
Luo X, Zhou P, Zhang J, Perdisci R, Lee W, Chang R. Exposing invisible timing-based traffic watermarks with backlit. In: Proceedings of the 27th Annual Computer Security Applications Conference. 2011, 197–206
Sellke S, Wang C, Bagchi S. Camouflaging Timing Channels in Web Traffic. Technical Report. 2009
Stillman R. Detecting IP covert timing channels by correlating packet timing with memory content. In: Proceedings of the IEEE Southeastcon. 2008, 204–209
Changda W, Xingxing G, Zhiguo L, Zhaojun B. New robust network covert channel. Application Research of Computers, 2012, 29(7): 2650–2653
Wang C D, Bo Z J, Guan X X, Li Z G. Anti-detection technology of IP covert timing channel. Application Research of Computers, 2012, 29(7): 2657–2659, 2664 (in Chinese)
Wang C D, Li Z G, Guan X X, Bo Z J. Communication protocol of IP covert timing channels. Application Research of Computers, 2012, 29(7): 2654–2656 (in Chinese)
Ross S. Introduction to Probability Models. Academic Press, 2007.
Proakis J, Salehi M. Fundamentals of Communication Systems. Pearson Education, 2007
Author information
Authors and Affiliations
Corresponding author
Additional information
Changda Wang is a professor in School of Computer Science and Communication Engineering, Jiangsu University, China. He is a member of CCF and serves in the Network and Data Communication Committee. His main research interests include security, network communication and cloud computing.
Yulin Yuan is a master student in School of Computer Science and Communication Engineering, Jiangsu University, China. Her main research interest is network security.
Lei Huang is a master student in School of Computer Science and Communication Engineering, Jiangsu University, China. His main research interest is network security.
Electronic supplementary material
Rights and permissions
About this article
Cite this article
Wang, C., Yuan, Y. & Huang, L. Base communication model of IP covert timing channels. Front. Comput. Sci. 10, 1130–1141 (2016). https://doi.org/10.1007/s11704-016-5089-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11704-016-5089-2