research-article

Protection from binary and multi-symbol packet length covert channels

Authors:

Anna Epishkina,

Konstantin KogosAuthors Info & Claims

SIN '15: Proceedings of the 8th International Conference on Security of Information and Networks

Pages 196 - 202

https://doi.org/10.1145/2799979.2799994

Published: 08 September 2015 Publication History

Abstract

In this paper, we describe binary and multi-symbol packet length covert channels. Then we design a technique to estimate and limit their capacity. The method to choose parameters of counteraction tools is given, it takes into account an allowable value of covert channel capacity and error level. The novelty of the investigation undertaken is that the covert channel capacity is limited preliminary, whereas state of the art methods focus on detecting active IP covert channels.

References

[1]

B. W. Lampson. A note on the confinement problem. Communications of the ACM, pages 613--615, 1973, DOI=http://dx.doi.org/10.1145/362375.362389.

Digital Library

[2]

S. Zander, G. Armitage, and P. Branch. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications surveys and tutorial, 9(3): 44--57, 2007, DOI=http://dx.doi.org/10.1109/COMST.2007.4317620.

Digital Library

[3]

Department of defense trusted computer system evaluation criteria. Department of defense standard, 1985.

[4]

S. Zander, G. Armitage, and P. Branch. Covert channels in the ip time to live field. In Proceedings of the 2006 Australian telecommunication networks and applications conference, pages 298--302, 2006.

[5]

K. Ahsan and D. Kundur. Practical data hiding in tcp/ip. In Proceedings of the 2002 ACM Multimedia and security workshop, pages 298--302, 2002.

[6]

T. Handel and M. Sandford. Hiding data in the osi network model. In Proceedings of the first International workshop on information hiding, pages 23--38, 2007, DOI=http://dx.doi.org/10.1007/3-540-61996-8-29.

[7]

V. Berk, A. Giani, and G. Cybenko. Detection of covert channel encoding in network packet delays: Technical report tr2005-536. 2005.

[8]

S. H. Sellke, C.-C. Wang, S. Bagchi, and N. B. Shroff. Covert tcp/ip timing channels: theory to implementation. In Proceedings of the 28th Conference on computer communications, pages 2204--2212, 2009.

[9]

G. Shah, A. Molina, and M. Blaze. Keyboards and covert channelsn. In Proceedings of the 15th USENIX Security symposium, pages 59--75, 2009.

Digital Library

[10]

L. Yao, X. Zi, L. Pan, and J. Li. A study of on/off timing channel based on packet delay distribution. Computers and security, 28(8): 785--794, 2009, DOI= http://dx.doi.org/10.1016/j.cose.2009.05.006.

Digital Library

[11]

D. Kundur and K. Ahsan. Practical internet steganography: data hiding in ip. In Proceedings of the 2003 Texas workshop on security of information systems.

[12]

C. J. Bovy, H. T. Mertodimedjo, G. Hooghiemstra, H. Uijterwaal, Mieghem, and P. Van. Analysis of end-to-end delay measurements in internet. In Proceedings of the 2002 ACM Conference Passive and Active Measurements.

[13]

A. A. Grusho. Hidden channels and information security in computer systems. Discrete mathematics and applications, 10(1): 3--9.

[14]

A. A. Grusho. On the existence of hidden channels. Discrete mathematics and applications, 11(1): 24--28, 1999.

[15]

M. A. Padlipsky, D. W. Snow, and P. A. Karger. Limitations of end-to-end encryption in secure computer networks: Technical report esd-tr-78-158. Discrete mathematics and applications, 1978.

[16]

C. G. Girling. Covert channels in lan's. IEEE Transactions on software engineering, 13(2): 292--296, 1987.

Digital Library

[17]

Q. Yao and P. Zhang. Coverting channel based on packet length. Computer engineering, 34(3): 183--185, 2008.

[18]

L. Ji, W. Jiang, B. Dai, and X. Niu. A novel covert channel based on length of messages. In Proceedings of the 2009 Symposium on information engineering and electronic commerce, pages 551--554, 2009, DOI= http://dx.doi.org/10.1109/IEEC.2009.122.

Digital Library

[19]

L. Ji, W. Jiang, Y. Song, and X. Niu. A normal-traffic network covert channel. In Proceedings of the 2009 International conference on computational intelligence and security, pages 499--503, 2009, DOI= http://dx.doi.org/10.1109/CIS.2009.156.

Digital Library

[20]

Hussain, Mehdi, and M. Hussain. A high bandwidth covert channel in network protocol. In Proceedings of the 2011 International conference on information and communication technologies, pages 1--6, 2011, DOI= http://dx.doi.org/10.1109/ICICT.2011.5983562.

[21]

S. Edekar and R. Goudar. Capacity boost with data security in network protocol covert channel. Computer engineering and intelligent systems, 4(5): 55--59, 2013.

[22]

C. Kiraly, S. Teofili, G. Bianchi, R. Cigno, Lo, M. Nardelli, and E. Delzeri. Traffic flow confidentiality in ipsec: protocol and implementation. The International federation for information processing, 262: 311--324, 2008, DOI= http://dx.doi.org/10.1007/978-0-387-79026-8-22.

[23]

G. Fisk, M. Fisk, C. Papadopoulos, and J. Neil. Eliminating steganography in internet traffic with active wardens. In Proceedings of the fifth International workshop on information hiding, pages 18--35, 2002, DOI= http://dx.doi.org/10.1007/3-540-36415-3-2.

[24]

S. Cabuk, C. E. Brodley, and C. Shields. Ip covert timing channels: design and detection. Proceedings of the eleventh ACM conference on computer and communications security, pages 178--187, 2004, DOI= http://dx.doi.org/10.1145/1030083.1030108.

Digital Library

[25]

J. K. Millen. Covert channel capacity. In Proceedings of the IEEE Symposium on Security and Privacy, pages 60--66, 1987, DOI= http://dx.doi.org/10.1109/SP.1987.10013.

[26]

B. R. Venkatraman and R. E. Newman-Wolfe. Capacity estimation and auditability of network covert channels. In Proceedings of the IEEE Symposium on Security and Privacy, pages 186--198, 1995, DOI= http://dx.doi.org/10.1109/SECPRI.1995.398932.

Cited By

Wang CChen RGu L(2023)Improving Performance of Virtual Machine Covert Timing Channel Through Optimized Run-Length EncodingJournal of Computer Science and Technology10.1007/s11390-021-1189-z38:4(793-806)Online publication date: 31-Jul-2023
https://doi.org/10.1007/s11390-021-1189-z

Index Terms

Protection from binary and multi-symbol packet length covert channels
1. Security and privacy
  1. Network security

Recommendations

A Technique to Limit Packet Length Covert Channels
IC3K 2015: Proceedings of the International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management

We designed the technique to estimate and limit the capacity of the covert channel based on traffic padding and random increase of packets lengths. It was applied to two types of packet size covert channels namely binary and multi-symbol channels. The ...
A Traffic Padding to Limit Packet Size Covert Channels
FICLOUD '15: Proceedings of the 2015 3rd International Conference on Future Internet of Things and Cloud

Nowadays applications for big data are widely spread since IP networks connect milliards of different devices. On the other hand, there are numerous accidents of information leakage using IP covert channels worldwide. Covert channels based on packet ...
Out-of-Band Covert Channels—A Survey

A novel class of covert channel, out-of-band covert channels, is presented by extending Simmons’ prisoners’ problem. This new class of covert channel is established by surveying the existing covert channel, device-pairing, and side-channel research. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SIN '15: Proceedings of the 8th International Conference on Security of Information and Networks

September 2015

350 pages

ISBN:9781450334532

DOI:10.1145/2799979

Conference Chairs:
Oleg Makarevich
Southern Federal University, Russia
,
Ron Poet
University of Glasgow, UK
,
Atilla Elçi
Aksaray University, Turkey
,
Manoj Singh Gaur
Malaviya National Institute of Technology, India
,
Mehmet Orgun
Macquarie University, Australia
,
Program Chairs:
Ludmila Babenko
Southern Federal University, Russia
,
Sadek Ferdous
University of Glasgow, UK
,
Anthony T. S. Ho
University of Surrey, UK
,
Vijay Laxmi
Malaviya National Institute of Technology, India
,
Josef Pieprzyk
Queensland University of Technology, Australia

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 September 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIN '15

SIN '15: The 8th International Conference on Security of Information and Networks

September 8 - 10, 2015

Sochi, Russia

Acceptance Rates

SIN '15 Paper Acceptance Rate 34 of 92 submissions, 37%;

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
66
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang CChen RGu L(2023)Improving Performance of Virtual Machine Covert Timing Channel Through Optimized Run-Length EncodingJournal of Computer Science and Technology10.1007/s11390-021-1189-z38:4(793-806)Online publication date: 31-Jul-2023
https://doi.org/10.1007/s11390-021-1189-z

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten