A Performance Analysis of Authentication Using Covert Timing Channels

  • Reed Newman
  • Raheem Beyah
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4982)


Authentication over a network is an important and difficult problem. Accurately determining the authenticity of a node or user is critical in maintaining the security of a network. Our proposed technique covertly embeds a watermark, or identifying tag, within a data stream. By implementing this model on a LAN and WLAN we show that this method is easily adaptable to a variety of networking technologies, and easily scalable. While our technique increases the time required for data to be transferred, we show that the throughput of the link during the brief authentication window is decreased by no more than 8% in a switched LAN and 11% in a WLAN. During our empirical analysis we were able to detect the watermark with 100% accuracy in both a LAN and WLAN environment.


Step Stone Network Throughput Covert Channel Timing Perturbation Node Authentication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
    Thumann, M., Roecher, D.: NAC@ACK: Hacking the Cisco Nac Framework. In: The Proceedings of Black Hat Europe (2007)Google Scholar
  3. 3.
    Cisco Security Response: AAA Command Authorization By-Pass. 0125-aaatcl.pdf (2006),
  4. 4.
    Pyun, Y.J., Park, Y.H., Wang, X., Reeves, D.S., Ning, P.: Tracing Traffic through Intermediate Hosts that Repacketize Flows. In: INFOCOM 2007. 26th IEEE International Conference on Computer Communications (2007)Google Scholar
  5. 5.
    Wang, X., Reeves, D.S.: Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Manipulation of Interpacket Delays. In: Proc. of the 10th ACM conference on Computer and Communications Security (CCS), October 2003, pp. 20–29 (2003)Google Scholar
  6. 6.
    Wang, X., Chen, S., Jajodia, S.: Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet. In: Proc. of the 12th ACM conference on Computer and Communications Security (CCS), November 2005, pp. 81–91 (2005)Google Scholar
  7. 7.
    Peng, P., Ning, P., Reeve, D.S., Wang, X.: Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets. In: Proc. Of the 2nd International Workshop on Security in Distributed Computing Systems (SDCS), June 2005, pp. 107–113 (2005)Google Scholar
  8. 8.
    Want, X., Reeves, D.S., Ning, P., Feng, F.: Robust Network-Based Attack Attribution through Probabilistic Watermarking of Packet Flows. Technical Report TR-2005-10, Department of Computer Science, NC State Univ. (2005)Google Scholar
  9. 9.
    Peng, P., Ning, P., Reeves, D.S.: On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques. In: Proc. of the 2006 IEEE Symposium on Security and Privacy (S&P), May 2006, pp. 334–349 (2006)Google Scholar
  10. 10.
    Zhang, Y., Paxson, V.: Detecting Stepping Stones. In: Proc. of the 9th USENIX Security Symposium, August 2000, pp. 171–184 (2000)Google Scholar
  11. 11.
    Blum, A., Song, D.X., Venkataraman, S.: Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds. In: Proc. of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID), Octeber 2004, pp. 258–277 (2004)Google Scholar
  12. 12.
    Donoho, D.L., Flesia, A.G., Shankar, U., Paxson, V., Coit, J., Staniford, S.: Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay. In: Proc. of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID), October 2002, pp. 17–35 (2002)Google Scholar
  13. 13.
    Zhang, L., Persaud, A., Johnson, A., Guan, Y.: Stepping Stone Attack Attribution in Non-Cooperative IP Networks. Iowa State University, Tech. Rep. TR-2005-02-1 (February 2005)Google Scholar
  14. 14.
    Takahashi, T., Lee, W.: An Assessment of VoIP Covert Channel Threats. In: Proc. of SecureComm 2007, 3rd International Conference on Security and Privacy in Communication Networks (2007)Google Scholar
  15. 15.
    Fu, X., Zhu, Y., Graham, B., Bettati, R., Zhao, W.: On Flow Marking Attacks in Wireless Anonymous Communication Networks. In: Proceedings of the 25th International Conference on Distributed Computing Systems (ICDCS) (2005)Google Scholar
  16. 16.
    Cabuk, S., Brodley, C., Shields, C.: IP Covert Timing Channels: Design and Detection. In: the Proceedings of the 11th ACM conference on Computer and Communications Security (October 2004)Google Scholar
  17. 17.
    Lampson, B.W.: A Note on the Confinement Problem. Communications of the ACM 16, 613–615 (1973)CrossRefGoogle Scholar
  18. 18.
    Rowland, C.H.: Covert Channels in the TCP/IP Protocol Suite. First Monday 2.5 (May 1997)Google Scholar
  19. 19.
    Fisk, G., Fisk, M., Papadopoulos, C., Neil, J.: Eliminating Stenagraphy in Internet Traffic with Active Wardens. In: Information Hiding 2002, pp. 18–35. Springer, Heidelberg (2002)Google Scholar
  20. 20.
    Rutkowska, J.: The Implementation of Passive Covert Channels in the Linux Kernel. In: Chaos Communication Congress, Chaos Computer Club e.V. (2004)Google Scholar
  21. 21.
    route, alhambra. Project Loki. Phrack  7(49) (November 1996)Google Scholar
  22. 22.
    Moore, K.: On the Use of HTTP as a Substrate. Tech. Rep. In: Ternet Engineering Task Force, RFC 3205 (February 2002)Google Scholar
  23. 23.
  24. 24.
    Covert Channels Definition,
  25. 25.
  26. 26.
    Netfilter / IPTables,
  27. 27.

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Reed Newman
    • 1
  • Raheem Beyah
    • 1
  1. 1.Communications Assurance and Performance Group, Computer Science DepartmentGeorgia State UniversityAtlantaUSA

Personalised recommendations