skip to main content
10.1145/3058060.3058082acmotherconferencesArticle/Chapter ViewAbstractPublication PagesiccspConference Proceedingsconference-collections
research-article

Covert Channel over Network Time Protocol

Published: 17 March 2017 Publication History

Abstract

In this paper, we scrutinize a way through which covert messages are sent and received using the Network Time Protocol (NTP), which is not easily detected since NTP should be present in most environment to synchronize the clock between clients and servers using at least one time server. We also present a proof of concept and investigate the throughput and robustness of this covert channel. This channel will use the 32 bits of fraction of seconds in timestamp to send the covert message. It also uses "Peer Clock Precision" field to track the messages between sender and receiver.

References

[1]
Lampson, B. W. A Note on the Confinement Problem, Communications of the ACM, vol. 16, no. 10, pp. 613--615, October 1973.
[2]
Newman. R. C. Covert computer and network communications, in Proceedings of the 4th annual conference on Information security curriculum development - InfoSecCD 07, Kennesaw, Georgia, 2007, p. 1.
[3]
Girling, C. G. Covert Channels in LANs, IEEE Transactions on Software Engineering, vol. 13, no. 2, pp. 292--296, Feb. 1987.
[4]
Giffin, J. Covert Messaging Through TCP Timestamps, Privacy Enhancing Workshop, April 2002
[5]
Mazurczyk. W. and Szczypiorski. K. Covert Channels in SIP for VoIP signalling, in Global E-Security, Springer, 2008, pp. 6572.
[6]
Lucena. N. B., Lewandowski. G., and Chapin. S. J. Covert channels in IPv6, in International Workshop on Privacy Enhancing Technologies, 2005, pp. 147166.
[7]
"RFC 5905 - Network Time Protocol Version 4: Protocol and Algorithms Specification; http://www.ietf.org/rfc/rfc5905.txt"
[8]
Fisk, G., Fisk, M., Papadopoulos, C., Neil, J.: Eliminating steganography in Internet traffic with active wardens. In Petitcolas, F., ed.: Information Hiding. Volume 2578 of Lecture Notes in Computer Science., Springer-Verlag (2002) 18--35
[9]
T.N.N.T. Server. NTP server capacity testing. Spectracom Corp, 2012.
[10]
Handley, M., Paxson, V., Kreibich, C.: Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In: 10th Usenix Security Symposium. (2001)
[11]
Trabelsi, Z., El-Sayed, H., Frikkha, L., and Rabie, T. "Traceroute Based IP Channel for Sending Hidden Short Messages," Advances in Information and Computer Security, vol. 4266/2006, pp. 421--436, 2006.

Cited By

View all
  • (2023)Study of Methods and Techniques for Manipulating the Time Synchronization Component of NTP Servers in Computer NetworksInternational conference KNOWLEDGE-BASED ORGANIZATION10.2478/kbo-2023-007829:3(71-77)Online publication date: 19-Jul-2023
  • (2023)Improving Performance of Virtual Machine Covert Timing Channel Through Optimized Run-Length EncodingJournal of Computer Science and Technology10.1007/s11390-021-1189-z38:4(793-806)Online publication date: 31-Jul-2023
  • (2022)Covert Channels in Network Time SecurityProceedings of the 2022 ACM Workshop on Information Hiding and Multimedia Security10.1145/3531536.3532947(69-79)Online publication date: 23-Jun-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ICCSP '17: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy
March 2017
153 pages
ISBN:9781450348676
DOI:10.1145/3058060
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

  • Wuhan Univ.: Wuhan University, China

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 March 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Covert Channel
  2. NTP
  3. Storage channel
  4. Time channel

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ICCSP '17

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)8
  • Downloads (Last 6 weeks)0
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Study of Methods and Techniques for Manipulating the Time Synchronization Component of NTP Servers in Computer NetworksInternational conference KNOWLEDGE-BASED ORGANIZATION10.2478/kbo-2023-007829:3(71-77)Online publication date: 19-Jul-2023
  • (2023)Improving Performance of Virtual Machine Covert Timing Channel Through Optimized Run-Length EncodingJournal of Computer Science and Technology10.1007/s11390-021-1189-z38:4(793-806)Online publication date: 31-Jul-2023
  • (2022)Covert Channels in Network Time SecurityProceedings of the 2022 ACM Workshop on Information Hiding and Multimedia Security10.1145/3531536.3532947(69-79)Online publication date: 23-Jun-2022
  • (2022)Blockchain Meets Covert Communication: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2022.320428124:4(2163-2192)Online publication date: Dec-2023
  • (2021)Cognitive Covert Traffic Synthesis Method Based on Generative Adversarial NetworkWireless Communications and Mobile Computing10.1155/2021/99823512021(1-14)Online publication date: 9-Jun-2021
  • (2021)A Systematic Analysis of Covert Channels in the Network Time ProtocolProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3470075(1-11)Online publication date: 17-Aug-2021
  • (2019)Covert Channels-Based Stealth Attacks in Industry 4.0IEEE Systems Journal10.1109/JSYST.2019.291230813:4(3980-3988)Online publication date: Dec-2019

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media