Robust and Undetectable Steganographic Timing Channels for i.i.d. Traffic
Steganographic timing channels exploit inter-packet delays in network traffic to transmit secret messages. The two most important design goals are undetectability and robustness. In previous proposals undetectability has been validated only against a set of known statistical methods, leaving the resistance against possible future attacks unclear. Moreover, many existing schemes do not provide any robustness at all. In this paper, we introduce a steganographic timing channel that is both robust and provably undetectable for network traffic with independent and identically distributed (i.i.d.) inter-packet delays. I.i.d. traffic models are very useful because they are simple to analyze, and constitute essential elements of many advanced network traffic models. In contrast to previous work on i.i.d. traffic we do not rely on any strong assumptions, e.g., bounded jitter, but require only the existence of a cryptographically secure pseudorandom generator. We verify the effectiveness of our approach by conducting a series of experiments on Telnet traffic and discuss the trade off between various encoding and modulation parameters.
Unable to display preview. Download preview PDF.
- 2.Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security, New York, pp. 178–187 (2004)Google Scholar
- 3.Shah, G., Molina, A., Blaze, M.: Keyboards and covert channels. In: USENIX-SS 2006: Proceedings of the 15th Conference on USENIX Security Symposium, pp. 59–75 (2006)Google Scholar
- 4.Berk, V., Giant, A., Cybenko, G.: Detection of covert channel encoding in network packet delays. Technical Report. Darthmouth College (2005)Google Scholar
- 5.Gianvecchio, S., Wang, H.: Detecting covert timing channels: An entropy-based approach. In: CCS 2007: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 307–316 (2007)Google Scholar
- 6.Sellke, S.H., Wang, C., Bagchi, S., Shroff, N.: TCP/IP timing channels: Theory to implementation. In: INFOCOM 2009: IEEE Conference on Computer Communications, pp. 2204–2212 (April 2009)Google Scholar
- 12.Li, W., Fretwell, R.J., Kouvatsos, D.D.: Analysis of correlated traffic by batch renewal process. In: EBISS 2009: International Conference on E-Business and Information System Security, pp. 1–5 (June 2009)Google Scholar
- 13.Padlipsky, M.A., Snow, D.W., Karger, P.A.: Limitations of end-to-end encryption in secure computer networks. Technical Report ESD TR-78-158, Mitre Corporation (1978)Google Scholar
- 15.Cabuk, S.: Network covert channels: Design, analysis, detection, and elimination. PhD thesis, Purdue University (2006)Google Scholar
- 18.Coleman, T.P., Kiyavash, N.: Practical codes for queueing channels: An algebraic, state-space, message-passing approach. In: IEEE Information Theory Workshop on Networking and Information Theory, pp. 318–322 (May 2008)Google Scholar
- 19.Kiyavash, N., Coleman, T.: Covert timing channels codes for communication over interactive traffic. In: IEEE International Conference on Acoustics, Speech, and Signal Processing, pp. 1485–1488 (2009)Google Scholar
- 20.Dunn, B.P., Bloch, M., Laneman, J.N.: Secure bits through queues. In: IEEE Information Theory Workshop on Networking and Information Theory, pp. 37–41 (June 2009)Google Scholar
- 23.Mawi working group traffic archive, http://tracer.csl.sony.co.jp/mawi/
- 24.Sellke, S.H., Wang, C., Shroff, N., Bagchi, S.: Capacity bounds on timing channels with bounded service times. In: IEEE International Symposium on Information Theory, pp. 981–985 (2007)Google Scholar