Advertisement

Covert Messaging through TCP Timestamps

  • John Giffin
  • Rachel Greenstadt
  • Peter Litwack
  • Richard Tibbetts
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2482)

Abstract

Covert channels exist in most communications systems and allow individuals to communicate truly undectably. However, covert channels are seldom used due to their complexity. A protocol for sending data over a common class of low-bandwidth covert channels has been developed. The protocol is secure against attack by powerful adversaries. The design of a practical system implementing the protocol on a standard platform (Linux) exploiting a channel in a common communications system (TCP timestamps) is presented. A partial implementation of this system has been accomplished.

Keywords

Hash Function Transmission Control Protocol Shared Secret Occupation Number Packet Header 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aba01.
    C. Abad. Ip checksum covert channels and selected hash collision. http://www.gravitino.net/~aempirei/papers/pccc.pdf, 2001.
  2. AP98.
    R. Anderson and F. A. Petitcolas. On the limits of steganography. IEEE Journal on Selected Areas in Communications, 16:474–481, 1998.CrossRefGoogle Scholar
  3. Bel89.
    S. Bellovin. Security problems in the tcp/ip protocol suite. Computer Communication Review, 19(2):32–48, 1989.CrossRefGoogle Scholar
  4. Cac98.
    C. Cachin. An information-theoretic model for steganography. In D. Aucsmith, editor, Information Hiding, 2nd International Workshop, volume 1525 of Lecture Notes in Computer Science, pages 306–318. Springer, 1998. Revised version, March 2001, available as Cryptology ePrint Archive, Report 2000/028, http://eprint.iacr.org/.CrossRefGoogle Scholar
  5. DJ01.
    r. D. Eastlake and P. Jones. Us secure hash algorithm 1 (sha1). Rfc, Network Working Group, 2001. http://www.ietf.org/rfc/rfc3174.txt.
  6. FAP99.
    M. G. K. Fabian A.P. Petitcolas, Ross J. Anderson. Information hiding-a survey. In Proceedings of the IEEE. 1999.Google Scholar
  7. III.
    J. W. G. III. Countermeasures and tradeoffs for a class of covert timing channels.Google Scholar
  8. McH95.
    J. McHugh. Covert Channel Analysis. Portland State University, 1995.Google Scholar
  9. MK94.
    I. Moskowitz and M. Kang. Covert channels-here to stay? In COMPASS’ 94, pages 235–243. 1994.Google Scholar
  10. MM94.
    I. S. Moskowitz and A. R. Miller. Simple timing channels. In IEEE Computer Society Symposium on Research in Security and Privacy, pages 56–61. IEEE Press, 1994.Google Scholar
  11. Pos81.
    J. Postel. Transmission control protocol. RFC 793, Information Sciences Institute, University of Southern California, 4676 Admiralty Way, Marina del Rey, California 90291, 1981. http://www.ietf.org/rfc/rfc0793.txt.Google Scholar
  12. Row96.
    C. H. Rowland. Covert channels in the tcp/ip protocol suite. First Monday, http://www.firstmonday.dk/issues/issue25/rowland/, 1996.
  13. Sim84.
    G. Simmons. The prisoners’ problem and the subliminal channel. In CRYPTO’ 83, pages 51–67. Plenum Press, 1984.Google Scholar
  14. Sim93.
    G. J. Simmons. The subliminal channels in the u.s. digital signature algorithm (dsa). In W. Wolfowicz, editor, 3rd Symposium on: State and Progress of Research in Cryptography, pages 35–54. Rome, Italy, 1993.Google Scholar
  15. Sim94.
    G. J. Simmons. Subliminal channels: Past and present. In European Trans, on Telecommunications, 4(4), pages 459–473. 1994.MathSciNetGoogle Scholar
  16. Sim98.
    G. J. Simmons. Results concerning the bandwidth of subliminal channels. IEEE J. on Selected Areas in Communications, 16(4), pages 463–473, 1998.CrossRefGoogle Scholar
  17. SM.
    e. a. Steve McCanne. libpcap, the packet capture library. http://www.tcpdump.org.
  18. UCD99.
    Uc davis denial of service (dos) project meeting notes. http://seclab. cs.ucdavis.edu/projects/denial-service/meetings/01-27-99m.html, 1999.

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • John Giffin
    • 1
  • Rachel Greenstadt
    • 1
  • Peter Litwack
    • 1
  • Richard Tibbetts
    • 1
  1. 1.Massachusetts Institute of TechnologyUSA

Personalised recommendations