Skip to main content
SpringerLink
Log in

The Capacity of Undetectable On/Off Covert Channel

  • Conference paper
  • First Online:
Information Science and Applications (ICISA) 2016

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 376))

Abstract

Almost all modern computer networks are based on TCP/IP protocol suite. However, structure features of IP allow constructing covert channels with high capacity using modification of inter-packets delays, packets’ header fields and packets lengths. A technique to eliminate such channels is traffic normalization which means sending packets with equal lengths and fixed header fields with equal inter-packets delays that leads to significant decreasing of efficient communication channels capacity and missing of functional capabilities of network protocols. Another way to counteract covert channel is to detect an active channel. Nevertheless, an attacker can reduce the covert channel capacity purposely to make it undetectable. We investigate on/off covert channel and give recommendations to choose the parameters of ε-similarity detection method with specified threshold values of covert channels capacity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lampson, B.W.: A Note on the Confinement Problem. Communications of the ACM, 613–615 (1973)

    Google Scholar 

  2. Department of defense trusted computer system evaluation criteria. Department of defense standard (1985)

    Google Scholar 

  3. Padlipsky, M.A., Snow, D.W., Karger, P.A.: Limitations of end-to-end encryption in secure computer networks: Technical report ESD-TR-78-158. The MITRE Corporation, Massachusetts (1978)

    Google Scholar 

  4. Handel, T., Sandford, M.: Hiding data in the OSI network model. In: Proceedings of the First International Workshop on Information Hiding, pp. 23–38 (1996)

    Google Scholar 

  5. Zander, S., Armitage, G., Branch, P.: Covert channels in the IP time to live field. In: Proceedings of the 2006 Australian Telecommunication Networks and Applications Conference, pp. 298–302 (2006)

    Google Scholar 

  6. Zander, S., Armitage, G., Branch, P.: A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys and Tutorials 9(3), 44–57 (2007)

    Article  Google Scholar 

  7. Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert messaging through TCP timestamps. Workshop on Privacy Enhancing Technologies 2482, 194–208 (2002)

    Article  MATH  Google Scholar 

  8. Epishkina, A., Kogos, K.: A random traffic padding to limit packet size covert channels. In: Proceedings of the 2015 Federated Conference on Computer Science and Information Systems, pp. 1119–1123 (2015)

    Google Scholar 

  9. Epishkina, A., Kogos, K.: Covert channels parameters evaluation using the information theory statements. In: Proceedings of the 5th International Conference on IT convergence and security, pp. 395–399 (2015)

    Google Scholar 

  10. Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: Proceedings of the Eleventh ACM Conference on Computer And Communications Security, pp. 178–187 (2004)

    Google Scholar 

  11. Girling, C.G.: Covert channels in LAN’s. IEEE Transactions on Software Engineering 13(2), 292–296 (1987)

    Article  Google Scholar 

  12. Berk, V., Giani, A., Cybenko, G.: Detection of covert channel encoding in network packet delays: Technical report TR2005-536. Thayer school of engineering of Dartmouth College, New Hampshire (2005)

    Google Scholar 

  13. Walls, R.J., Kothari, K., Wright, M.: Liquid: A detection-resistant covert timing channel based on IPD shaping. Computer networks 55(6), 1217–1228 (2011)

    Article  Google Scholar 

  14. Padlipsky, M.A., Snow, D.W., Karger, P.A.: Limitations of end-to-end encryption in secure computer networks: Technical report ESD-TR-78-158. The MITRE Corporation, Massachusetts (1978)

    Google Scholar 

  15. Yao, L., Zi, X., Pan, L., Li, J.: A study of on/off timing channel based on packet delay distribution. Computers and security 28(8), 785–794 (2009)

    Article  Google Scholar 

  16. IBM Knowledge Center. http://www-01.ibm.com/support/knowledgecenter

Download references

Author information

Authors and Affiliations

  1. Cybernetics and Information Security Department, National Research Nuclear University MEPhI (Moscow Engineering Physics Institute), Moscow, Russian Federation

    Anna Epishkina, Mikhail Finoshin & Konstantin Kogos

Authors
  1. Anna Epishkina
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mikhail Finoshin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Konstantin Kogos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anna Epishkina .

Editor information

Editors and Affiliations

  1. Kyonggi University, iCatse Kyonggi University, Seongnam-si, Kyonggi-do, Korea (Republic of)

    Kuinam J. Kim

  2. Chair of IEEE CS STCOS, IBM T.J.Watson Research Center Chair of IEEE CS STCOS, Yorktown Heights, New York, USA

    Nikolai Joukov

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer Science+Business Media Singapore

About this paper

Cite this paper

Epishkina, A., Finoshin, M., Kogos, K. (2016). The Capacity of Undetectable On/Off Covert Channel. In: Kim, K., Joukov, N. (eds) Information Science and Applications (ICISA) 2016. Lecture Notes in Electrical Engineering, vol 376. Springer, Singapore. https://doi.org/10.1007/978-981-10-0557-2_63

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-0557-2_63

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-0556-5

  • Online ISBN: 978-981-10-0557-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation