Skip to main content

Covert Messaging through TCP Timestamps

Part of the Lecture Notes in Computer Science book series (LNCS,volume 2482)


Covert channels exist in most communications systems and allow individuals to communicate truly undectably. However, covert channels are seldom used due to their complexity. A protocol for sending data over a common class of low-bandwidth covert channels has been developed. The protocol is secure against attack by powerful adversaries. The design of a practical system implementing the protocol on a standard platform (Linux) exploiting a channel in a common communications system (TCP timestamps) is presented. A partial implementation of this system has been accomplished.


These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, log in via an institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. C. Abad. Ip checksum covert channels and selected hash collision., 2001.

  2. R. Anderson and F. A. Petitcolas. On the limits of steganography. IEEE Journal on Selected Areas in Communications, 16:474–481, 1998.

    Article  Google Scholar 

  3. S. Bellovin. Security problems in the tcp/ip protocol suite. Computer Communication Review, 19(2):32–48, 1989.

    Article  Google Scholar 

  4. C. Cachin. An information-theoretic model for steganography. In D. Aucsmith, editor, Information Hiding, 2nd International Workshop, volume 1525 of Lecture Notes in Computer Science, pages 306–318. Springer, 1998. Revised version, March 2001, available as Cryptology ePrint Archive, Report 2000/028,

    Chapter  Google Scholar 

  5. r. D. Eastlake and P. Jones. Us secure hash algorithm 1 (sha1). Rfc, Network Working Group, 2001.

  6. M. G. K. Fabian A.P. Petitcolas, Ross J. Anderson. Information hiding-a survey. In Proceedings of the IEEE. 1999.

    Google Scholar 

  7. J. W. G. III. Countermeasures and tradeoffs for a class of covert timing channels.

    Google Scholar 

  8. J. McHugh. Covert Channel Analysis. Portland State University, 1995.

    Google Scholar 

  9. I. Moskowitz and M. Kang. Covert channels-here to stay? In COMPASS’ 94, pages 235–243. 1994.

    Google Scholar 

  10. I. S. Moskowitz and A. R. Miller. Simple timing channels. In IEEE Computer Society Symposium on Research in Security and Privacy, pages 56–61. IEEE Press, 1994.

    Google Scholar 

  11. J. Postel. Transmission control protocol. RFC 793, Information Sciences Institute, University of Southern California, 4676 Admiralty Way, Marina del Rey, California 90291, 1981.

    Google Scholar 

  12. C. H. Rowland. Covert channels in the tcp/ip protocol suite. First Monday, , 1996.

  13. G. Simmons. The prisoners’ problem and the subliminal channel. In CRYPTO’ 83, pages 51–67. Plenum Press, 1984.

    Google Scholar 

  14. G. J. Simmons. The subliminal channels in the u.s. digital signature algorithm (dsa). In W. Wolfowicz, editor, 3rd Symposium on: State and Progress of Research in Cryptography, pages 35–54. Rome, Italy, 1993.

    Google Scholar 

  15. G. J. Simmons. Subliminal channels: Past and present. In European Trans, on Telecommunications, 4(4), pages 459–473. 1994.

    MathSciNet  Google Scholar 

  16. G. J. Simmons. Results concerning the bandwidth of subliminal channels. IEEE J. on Selected Areas in Communications, 16(4), pages 463–473, 1998.

    Article  Google Scholar 

  17. e. a. Steve McCanne. libpcap, the packet capture library.

  18. Uc davis denial of service (dos) project meeting notes. http://seclab., 1999.

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R. (2003). Covert Messaging through TCP Timestamps. In: Dingledine, R., Syverson, P. (eds) Privacy Enhancing Technologies. PET 2002. Lecture Notes in Computer Science, vol 2482. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00565-0

  • Online ISBN: 978-3-540-36467-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics