Stealthier Inter-packet Timing Covert Channels

  • Sebastian Zander
  • Grenville Armitage
  • Philip Branch
Conference paper

DOI: 10.1007/978-3-642-20757-0_36

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6640)
Cite this paper as:
Zander S., Armitage G., Branch P. (2011) Stealthier Inter-packet Timing Covert Channels. In: Domingo-Pascual J., Manzoni P., Palazzo S., Pont A., Scoglio C. (eds) NETWORKING 2011. NETWORKING 2011. Lecture Notes in Computer Science, vol 6640. Springer, Berlin, Heidelberg

Abstract

Covert channels aim to hide the existence of communication. Recently proposed packet-timing channels encode covert data in inter-packet times, based on models of inter-packet times of normal traffic. These channels are detectable if normal inter-packet times are not independent identically-distributed, which we demonstrate is the case for several network applications. We show that ~80% of channels are detected with a false positive rate of 0.5%. We then propose an improved channel that is much harder to detect. Only ~9% of our new channels are detected at a false positive rate of 0.5%. Our new channel uses packet content for synchronisation and works with UDP and TCP traffic. The channel capacity reaches over hundred bits per second depending on overt traffic and network jitter.

Keywords

Covert Channels Steganography Inter-packet Times 
Download to read the full conference paper text

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Sebastian Zander
    • 1
  • Grenville Armitage
    • 1
  • Philip Branch
    • 1
  1. 1.Centre for Advanced Internet Architectures (CAIA)Swinburne University of TechnologyMelbourneAustralia

Personalised recommendations