Abstract
Almost all modern computer networks are based on TCP/IP protocol suite. However, structure features of IP allow constructing covert channels with high capacity using modification of inter-packets delays, packets’ header fields and packets lengths. A technique to eliminate such channels is traffic normalization which means sending packets with equal lengths and fixed header fields with equal inter-packets delays that leads to significant decreasing of efficient communication channels capacity and missing of functional capabilities of network protocols. Another way to counteract covert channel is to detect an active channel. Nevertheless, an attacker can reduce the covert channel capacity purposely to make it undetectable. We investigate on/off covert channel and give recommendations to choose the parameters of ε-similarity detection method with specified threshold values of covert channels capacity.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lampson, B.W.: A Note on the Confinement Problem. Communications of the ACM, 613–615 (1973)
Department of defense trusted computer system evaluation criteria. Department of defense standard (1985)
Padlipsky, M.A., Snow, D.W., Karger, P.A.: Limitations of end-to-end encryption in secure computer networks: Technical report ESD-TR-78-158. The MITRE Corporation, Massachusetts (1978)
Handel, T., Sandford, M.: Hiding data in the OSI network model. In: Proceedings of the First International Workshop on Information Hiding, pp. 23–38 (1996)
Zander, S., Armitage, G., Branch, P.: Covert channels in the IP time to live field. In: Proceedings of the 2006 Australian Telecommunication Networks and Applications Conference, pp. 298–302 (2006)
Zander, S., Armitage, G., Branch, P.: A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys and Tutorials 9(3), 44–57 (2007)
Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert messaging through TCP timestamps. Workshop on Privacy Enhancing Technologies 2482, 194–208 (2002)
Epishkina, A., Kogos, K.: A random traffic padding to limit packet size covert channels. In: Proceedings of the 2015 Federated Conference on Computer Science and Information Systems, pp. 1119–1123 (2015)
Epishkina, A., Kogos, K.: Covert channels parameters evaluation using the information theory statements. In: Proceedings of the 5th International Conference on IT convergence and security, pp. 395–399 (2015)
Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: Proceedings of the Eleventh ACM Conference on Computer And Communications Security, pp. 178–187 (2004)
Girling, C.G.: Covert channels in LAN’s. IEEE Transactions on Software Engineering 13(2), 292–296 (1987)
Berk, V., Giani, A., Cybenko, G.: Detection of covert channel encoding in network packet delays: Technical report TR2005-536. Thayer school of engineering of Dartmouth College, New Hampshire (2005)
Walls, R.J., Kothari, K., Wright, M.: Liquid: A detection-resistant covert timing channel based on IPD shaping. Computer networks 55(6), 1217–1228 (2011)
Padlipsky, M.A., Snow, D.W., Karger, P.A.: Limitations of end-to-end encryption in secure computer networks: Technical report ESD-TR-78-158. The MITRE Corporation, Massachusetts (1978)
Yao, L., Zi, X., Pan, L., Li, J.: A study of on/off timing channel based on packet delay distribution. Computers and security 28(8), 785–794 (2009)
IBM Knowledge Center. http://www-01.ibm.com/support/knowledgecenter
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media Singapore
About this paper
Cite this paper
Epishkina, A., Finoshin, M., Kogos, K. (2016). The Capacity of Undetectable On/Off Covert Channel. In: Kim, K., Joukov, N. (eds) Information Science and Applications (ICISA) 2016. Lecture Notes in Electrical Engineering, vol 376. Springer, Singapore. https://doi.org/10.1007/978-981-10-0557-2_63
Download citation
DOI: https://doi.org/10.1007/978-981-10-0557-2_63
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-0556-5
Online ISBN: 978-981-10-0557-2
eBook Packages: EngineeringEngineering (R0)