Robust and Undetectable Steganographic Timing Channels for i.i.d. Traffic

  • Yali Liu
  • Dipak Ghosal
  • Frederik Armknecht
  • Ahmad-Reza Sadeghi
  • Steffen Schulz
  • Stefan Katzenbeisser
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6387)


Steganographic timing channels exploit inter-packet delays in network traffic to transmit secret messages. The two most important design goals are undetectability and robustness. In previous proposals undetectability has been validated only against a set of known statistical methods, leaving the resistance against possible future attacks unclear. Moreover, many existing schemes do not provide any robustness at all. In this paper, we introduce a steganographic timing channel that is both robust and provably undetectable for network traffic with independent and identically distributed (i.i.d.) inter-packet delays. I.i.d. traffic models are very useful because they are simple to analyze, and constitute essential elements of many advanced network traffic models. In contrast to previous work on i.i.d. traffic we do not rely on any strong assumptions, e.g., bounded jitter, but require only the existence of a cryptographically secure pseudorandom generator. We verify the effectiveness of our approach by conducting a series of experiments on Telnet traffic and discuss the trade off between various encoding and modulation parameters.


Transmission Rate Encode Scheme Secret Message Code Word Spreading Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Zander, S., Armitage, G., Branch, P.: A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys & Tutorials 9(3), 44–57 (2007)CrossRefGoogle Scholar
  2. 2.
    Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security, New York, pp. 178–187 (2004)Google Scholar
  3. 3.
    Shah, G., Molina, A., Blaze, M.: Keyboards and covert channels. In: USENIX-SS 2006: Proceedings of the 15th Conference on USENIX Security Symposium, pp. 59–75 (2006)Google Scholar
  4. 4.
    Berk, V., Giant, A., Cybenko, G.: Detection of covert channel encoding in network packet delays. Technical Report. Darthmouth College (2005)Google Scholar
  5. 5.
    Gianvecchio, S., Wang, H.: Detecting covert timing channels: An entropy-based approach. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 307–316 (2007)Google Scholar
  6. 6.
    Sellke, S.H., Wang, C., Bagchi, S., Shroff, N.: TCP/IP timing channels: Theory to implementation. In: INFOCOM 2009: IEEE Conference on Computer Communications, pp. 2204–2212 (April 2009)Google Scholar
  7. 7.
    Gianvecchio, S., Wang, H., Wijesekera, D., Jajodia, S.: Model-based covert timing channels: Automated modeling and evasion. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 211–230. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Liu, Y., Ghosal, D., Armknecht, F., Sadeghi, A., Schulz, S., Katzenbeisser, S.: Hide and seek in time - robust covert timing channels. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 120–135. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Kleinrock, L.: Queueing Systems. Wiley, New York (1976)zbMATHGoogle Scholar
  10. 10.
    Paxson, V., Floyd, S.: Wide area traffic: the failure of poisson modeling. IEEE/ACM Transactions on Networking 3(3), 226–244 (1995)CrossRefGoogle Scholar
  11. 11.
    Heffes, H., Lucantoni, D.: A markov modulated characterization of packetized voice and data traffic and related statistical multiplexer performance. IEEE Journal on Selected Areas in Communications 4, 856–868 (1986)CrossRefGoogle Scholar
  12. 12.
    Li, W., Fretwell, R.J., Kouvatsos, D.D.: Analysis of correlated traffic by batch renewal process. In: EBISS 2009: International Conference on E-Business and Information System Security, pp. 1–5 (June 2009)Google Scholar
  13. 13.
    Padlipsky, M.A., Snow, D.W., Karger, P.A.: Limitations of end-to-end encryption in secure computer networks. Technical Report ESD TR-78-158, Mitre Corporation (1978)Google Scholar
  14. 14.
    Cabuk, S., Brodley, C.E., Shields, C.: IP covert channel detection. ACM Transaction of Information Systerm and Security 12(4), 1–29 (2009)CrossRefGoogle Scholar
  15. 15.
    Cabuk, S.: Network covert channels: Design, analysis, detection, and elimination. PhD thesis, Purdue University (2006)Google Scholar
  16. 16.
    Giles, J., Hajek, B.: An information-theoretic and game-theoretic study of timing channels. IEEE Transactions on Information Theory 48(9), 2455–2477 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Anantharam, V., Verdu, S.: Bits through queues. IEEE Transactions on Information Theory 42, 4–18 (1996)CrossRefzbMATHGoogle Scholar
  18. 18.
    Coleman, T.P., Kiyavash, N.: Practical codes for queueing channels: An algebraic, state-space, message-passing approach. In: IEEE Information Theory Workshop on Networking and Information Theory, pp. 318–322 (May 2008)Google Scholar
  19. 19.
    Kiyavash, N., Coleman, T.: Covert timing channels codes for communication over interactive traffic. In: IEEE International Conference on Acoustics, Speech, and Signal Processing, pp. 1485–1488 (2009)Google Scholar
  20. 20.
    Dunn, B.P., Bloch, M., Laneman, J.N.: Secure bits through queues. In: IEEE Information Theory Workshop on Networking and Information Theory, pp. 37–41 (June 2009)Google Scholar
  21. 21.
    Proakis, J.: Digital Communications. McGraw Hill, Singapore (1995)zbMATHGoogle Scholar
  22. 22.
    Devroye, L.: Non-Uniform Random Variate Generation. Springer, New York (1986)CrossRefzbMATHGoogle Scholar
  23. 23.
    Mawi working group traffic archive,
  24. 24.
    Sellke, S.H., Wang, C., Shroff, N., Bagchi, S.: Capacity bounds on timing channels with bounded service times. In: IEEE International Symposium on Information Theory, pp. 981–985 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Yali Liu
    • 1
  • Dipak Ghosal
    • 2
  • Frederik Armknecht
    • 3
  • Ahmad-Reza Sadeghi
    • 3
  • Steffen Schulz
    • 3
  • Stefan Katzenbeisser
    • 4
  1. 1.Department of Electrical and Computer EngineeringUCDavisUSA
  2. 2.Department of Computer ScienceUniversity of CaliforniaDavisUSA
  3. 3.Horst-Görtz Institute for IT-Security (HGI)Ruhr-University BochumGermany
  4. 4.Department of Computer ScienceTechnische Universität DarmstadtGermany

Personalised recommendations