Journal article
Stealthier Inter-packet timing covert channels
NETWORKING 2011, Vol.6640, pp.458-470
2011
Abstract
Covert channels aim to hide the existence of communication. Recently proposed packet-timing channels encode covert data in inter-packet times, based on models of inter-packet times of normal traffic. These channels are detectable if normal inter-packet times are not independent identically-distributed, which we demonstrate is the case for several network applications. We show that ~80% of channels are detected with a false positive rate of 0.5%. We then propose an improved channel that is much harder to detect. Only ~9% of our new channels are detected at a false positive rate of 0.5%. Our new channel uses packet content for synchronisation and works with UDP and TCP traffic. The channel capacity reaches over hundred bits per second depending on overt traffic and network jitter.
Details
- Title
- Stealthier Inter-packet timing covert channels
- Authors/Creators
- S. Zander (Author/Creator)G. Armitage (Author/Creator)P. Branch (Author/Creator)
- Publication Details
- NETWORKING 2011, Vol.6640, pp.458-470
- Publisher
- Springer Verlag
- Identifiers
- 991005543159007891
- Copyright
- © 2011 IFIP International Federation for Information Processing
- Murdoch Affiliation
- Murdoch University
- Language
- English
- Resource Type
- Journal article
- Additional Information
- Conference title: NETWORKING 2011 10th International IFIP TC 6 Networking Conference, Valencia, Spain, May 9-13, 2011
Metrics
408 File views/ downloads
67 Record Views