Hide and Seek in Time — Robust Covert Timing Channels

  • Yali Liu
  • Dipak Ghosal
  • Frederik Armknecht
  • Ahmad-Reza Sadeghi
  • Steffen Schulz
  • Stefan Katzenbeisser
Conference paper

DOI: 10.1007/978-3-642-04444-1_8

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)
Cite this paper as:
Liu Y., Ghosal D., Armknecht F., Sadeghi AR., Schulz S., Katzenbeisser S. (2009) Hide and Seek in Time — Robust Covert Timing Channels. In: Backes M., Ning P. (eds) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, vol 5789. Springer, Berlin, Heidelberg

Abstract

Covert timing channels aim at transmitting hidden messages by controlling the time between transmissions of consecutive payload packets in overt network communication. Previous results used encoding mechanisms that are either easy to detect with statistical analysis, thus spoiling the purpose of a covert channel, and/or are highly sensitive to channel noise, rendering them useless in practice. In this paper, we introduce a novel covert timing channel which allows to balance undetectability and robustness: i) the encoded message is modulated in the inter-packet delay of the underlying overt communication channel such that the statistical properties of regular traffic can be closely approximated and ii) the underlying encoding employs spreading techniques to provide robustness. We experimentally validate the effectiveness of our approach by establishing covert channels over on-line gaming traffic. The experimental results show that our covert timing channel can achieve strong robustness and undetectability, by varying the data transmission rate.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Yali Liu
    • 1
  • Dipak Ghosal
    • 2
  • Frederik Armknecht
    • 3
  • Ahmad-Reza Sadeghi
    • 3
  • Steffen Schulz
    • 3
  • Stefan Katzenbeisser
    • 4
  1. 1.Department of Electrical and Computer EngineeringUniversity of CaliforniaDavisUSA
  2. 2.Department of Computer ScienceUniversity of CaliforniaDavisUSA
  3. 3.Horst-Görtz Institute for IT-Security (HGI)Ruhr-University BochumGermany
  4. 4.Department of Computer ScienceTechnische Universität DarmstadtGermany

Personalised recommendations