Base communication model of IP covert timing channels

Changda WANG; Yulin YUAN; Lei HUANG

doi:10.1007/s11704-016-5089-2

PDF(476 KB)

Front. Comput. Sci. ›› 2016, Vol. 10 ›› Issue (6) : 1130-1141. DOI: 10.1007/s11704-016-5089-2

RESEARCH ARTICLE

Base communication model of IP covert timing channels

Author information +

History +

Abstract

IP covert timing channel (IPCTC) is an unconventional communication channel which attaches time information to the packets of an overt channel as messages carriers, e.g., using different inter-packet delays to transmit messages in a packet-switched network. Although the IPCTCs have many different communication methods, based on the concept of time, we categorized the base communication model of the IPCTCs into three types and then utilized the signal processing theory to build their mathematical models. As a result, the basic characteristics of the IPCTCs’ base model were formally derived. Hence, the characteristics of any IPCTC can be derived from the base models that consist of the IPCTC. Furthermore, a set of approaches was devised to implement the base model of the IPCTCs in a TCP/IP network. Experimental results show the correctness of the proposed base model of the IPCTCs in this paper.

Keywords

network timing channel / base communication model / bandwidth / error rate / stealthiness

Cite this article

EndNote

Ris (Procite)

Bibtex

Download citation ▾

Changda WANG, Yulin YUAN, Lei HUANG. Base communication model of IP covert timing channels. Front. Comput. Sci., 2016, 10(6): 1130‒1141 https://doi.org/10.1007/s11704-016-5089-2

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	Lampson B. A note on the confinement problem. ACM Communication, 1973, 16(10): 613–615 CrossRef Google scholar

[2]	Cabuk S, Brodley C, Shields C. IP covert channel detection. ACM Transations on Information and System Security, 2009, 12(4): 1–29 CrossRef Google scholar

[3]	Costich O, Moskowitz I. Analysis of a storage channel in the two phase commit protocol. In: Proceedings of Computer Security Foundations Workshop IV. 1991, 201–208 CrossRef Google scholar

[4]	Cabuk S, Brodley C, Shields C. IP covert timing channels: design and detection. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, 2004, 178–187 CrossRef Google scholar

[5]	Trabelsi Z, Sayed H, Frikha L, Rabie T. A novel covert channel based on the IP header record route option. International Journal of Advanced Media Communication, 2007, 1(4): 328–350 CrossRef Google scholar

[6]	Zander S, Armitage G, Branch P. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys and Tutorials, 2007, 9(3): 44–57 CrossRef Google scholar

[7]	Yao L, Zi X, Pan L, Li J. A study of on/off timing channel based on packet delay distribution. Computers and Security, 2009, 28(8): 785–794 CrossRef Google scholar

[8]	Houmansadr A, Kiyavash N, Borisov N. Rainbow: a robust and invisible non-blind watermark for network flows. In: Proceedings of the Network and Distributed Sytem Security Symposium. 2009

[9]	Houmansadr A, Borisov N. Swirl: a scalable watermark to detect correlated network flows. In: Proceedings of the Network and Distributed System Security Symposium. 2011

[10]	Shah G, Molina A, Blaze M. Keyboards and covert channels. In: Proceedings of the 15th USENIX Security Symposium. 2006, 59–75

[11]	Berk V, Giani A, Cybenko G. Detection of Covert Channel Encoding in Network Packet Delays. Technical Report. 2005

[12]	El-Atawy A, Al-Shaer E. Building covert channels over the packet reordering phenomenon. In: Proceedings of the IEEE INFOCOM. 2009, 2186–2194 CrossRef Google scholar

[13]	Luo X P, Chan E, Zhou P, Chang R. Robust network covert communications based on TCP and enumerative combinatorics. IEEE Transactions on Dependable and Secure Computing, 2012, 9(6): 890–902 CrossRef Google scholar

[14]	Luo X, Zhou P, Zhang J, Perdisci R, Lee W, Chang R. Exposing invisible timing-based traffic watermarks with backlit. In: Proceedings of the 27th Annual Computer Security Applications Conference. 2011, 197–206 CrossRef Google scholar

[15]	Sellke S, Wang C, Bagchi S. Camouflaging Timing Channels in Web Traffic. Technical Report. 2009

[16]	Stillman R. Detecting IP covert timing channels by correlating packet timing with memory content. In: Proceedings of the IEEE Southeastcon. 2008, 204–209 CrossRef Google scholar

[17]	Changda W, Xingxing G, Zhiguo L, Zhaojun B. New robust network covert channel. Application Research of Computers, 2012, 29(7): 2650–2653

[18]	Wang C D, Bo Z J, Guan X X, Li Z G. Anti-detection technology of IP covert timing channel. Application Research of Computers, 2012, 29(7): 2657–2659, 2664 (in Chinese)

[19]	Wang C D, Li Z G, Guan X X, Bo Z J. Communication protocol of IP covert timing channels. Application Research of Computers, 2012, 29(7): 2654–2656 (in Chinese)

[20]	Ross S. Introduction to Probability Models. Academic Press, 2007.

[21]	Proakis J, Salehi M. Fundamentals of Communication Systems. Pearson Education, 2007

RIGHTS & PERMISSIONS

2016 Higher Education Press and Springer-Verlag Berlin Heidelberg

AI Summary AI Mindmap

PDF(476 KB)

Accesses

Citations

Detail

Sections

Recommended

Received	Accepted	Published
08 Mar 2015	01 Dec 2015	11 Oct 2016
Just Accepted Date	Online First Date	Issue Date
08 Dec 2015	25 Jul 2016	11 Oct 2016

About the journal

Aims & scope

Description

Editorial board

Abstracting / Indexing

Contact us

Browse

Just accepted

Online first

Latest issue

All volumes and issues

Collections

Featured articles

Most accessed

Most cited

Collections

Multimedia collections

Authors & reviewers

Online submisson

Call for papers

Guidelines for authors

Download templates