CoCo: Coding-Based Covert Timing Channels for Network Flows

  • Amir Houmansadr
  • Nikita Borisov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6958)

Abstract

In this paper, we propose CoCo, a novel framework for establishing covert timing channels. The CoCo covert channel modulates the covert message in the inter-packet delays of the network flows, while a coding algorithm is used to ensure the robustness of the covert message to different perturbations. The CoCo covert channel is adjustable: by adjusting certain parameters one can trade off different features of the covert channel, i.e., robustness, rate, and undetectability. By simulating the CoCo covert channel using different coding algorithms we show that CoCo improves the covert robustness as compared to the previous research, while being practically undetectable.

Keywords

Turbo Code Convolutional Code Channel Noise Covert Channel Golay Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bavier, A., Bowman, M., Chun, B., Culler, D., Karlin, S., Muir, S., Peterson, L., Roscoe, T., Spalink, T., Wawrzoniak, M.: Operating systems support for planetary-scale network services. In: Morris, R., Savage, S. (eds.) Symposium on Networked Systems Design and Implementation, pp. 253–266. USENIX (March 2004)Google Scholar
  2. 2.
    Berk, V., Giani, A., Cybenko, G.: Detection of covert channel encoding in network packet delays. Tech. Rep. TR2005-536, Dartmouth College, Computer Science, Hanover, NH (August 2005), http://www.cs.dartmouth.edu/reports/TR2005-536-rev1.pdf
  3. 3.
    Cabuk, Brodley, Shields: IP covert timing channels: Design and detection. In: SIGSAC: 11th ACM Conference on Computer and Communications Security. ACM SIGSAC (2004)Google Scholar
  4. 4.
    Cabuk, S.: Network covert channels: Design, analysis, detection, and elimination (January 2006), http://docs.lib.purdue.edu/dissertations/AAI3260014
  5. 5.
    Department of Defense: DoD 5200.28-STD: Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) (1985)Google Scholar
  6. 6.
    Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification. Wiley, Chichester (2001), http://www.rii.ricoh.com/~stork/DHS.html MATHGoogle Scholar
  7. 7.
    Gianvecchio, S., Wang, H.: Detecting covert timing channels: an entropy-based approach. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) ACM Conference on Computer and Communications Security, pp. 307–316. ACM, New York (2007), http://doi.acm.org/10.1145/1315245.1315284 Google Scholar
  8. 8.
    Gianvecchio, S., Wang, H., Wijesekera, D., Jajodia, S.: Model-based covert timing channels: Automated modeling and evasion. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 211–230. Springer, Heidelberg (2008), http://dx.doi.org/10.1007/978-3-540-87403-4_12 CrossRefGoogle Scholar
  9. 9.
    Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert messaging through TCP timestamps. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 194–208. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Giles, J., Hajek, B.: An information-theoretic and game-theoretic study of timing channels. IEEE Transactions on Information Theory 48(9), 2455–2477 (2002)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Girling, C.G.: Covert channels in LAN’s. IEEE Transactions in Software Engineering SE-13(2), 292–296 (1987)CrossRefGoogle Scholar
  12. 12.
    Handel, Sandford.: Hiding data in the OSI network model. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, Springer, Heidelberg (1996)CrossRefGoogle Scholar
  13. 13.
    van Lint, J.H.: Introduction to Coding Theory, 3rd edn. Springer, Berlin (1998)MATHGoogle Scholar
  14. 14.
    Liu, Y., Ghosal, D., Armknecht, F., Sadeghi, A.R., Schulz, S., Katzenbeisser, S.: Hide and seek in time — robust covert timing channels. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 120–135. Springer, Heidelberg (2009), http://dx.doi.org/10.1007/978-3-642-04444-1 CrossRefGoogle Scholar
  15. 15.
    Liu, Y., Ghosal, D., Armknecht, F., Sadeghi, A.R., Schulz, S., Katzenbeisser, S.: Robust and undetectable steganographic timing channels for i.i.d. Traffic. In: Böhme, R., Fong, P.W.L., Safavi-Naini, R. (eds.) IH 2010. LNCS, vol. 6387, pp. 193–207. Springer, Heidelberg (2010), http://dx.doi.org/10.1007/978-3-642-16435-4 CrossRefGoogle Scholar
  16. 16.
    MacKay, D.: Information Theory, Inference, and Learning Algorithms (September 2003)Google Scholar
  17. 17.
    Murdoch, S.J., Lewis, S.: Embedding covert channels into TCP/IP. In: Barni, M., Herrera-Joancomartí, J., Katzenbeisser, S., Pérez-González, F. (eds.) IH 2005. LNCS, vol. 3727, pp. 247–261. Springer, Heidelberg (2005), http://dx.doi.org/10.1007/11558859_19 CrossRefGoogle Scholar
  18. 18.
    Padlipsky, M., Snow, D., Karger, P.: Limitations of end-to-end encryption in secure computer networks. Tech. Rep. ESD TR-78-158, Mitre Corporation (1978)Google Scholar
  19. 19.
    Rowland, C.H.: Covert channels in the TCP/IP protocol suite. First Monday 2(5) (1997), http://firstmonday.org/issues/issue2_5/rowland/index.html
  20. 20.
    Sellke, S.H., Wang, C.C., Bagchi, S., Shroff, N.B.: Tcp/ip timing channels: Theory to implementation. In: INFOCOM, pp. 2204–2212. IEEE, Los Alamitos (2009)Google Scholar
  21. 21.
    Shah, G., Molina, A., Blaze, M.: Keyboards and covert channels. In: Proceedings of the 15th Conference on USENIX Security Symposium, vol. 15, USENIX Association, Berkeley (2006), http://portal.acm.org/citation.cfm?id=1267336.1267341 Google Scholar
  22. 22.
    Walsworth, C., Aben, E., Claffy, K.C., Andersen, D.: The CAIDA anonymized 2009 Internet traces—January (March 2009), http://www.caida.org/data/passive/passive_2009_dataset.xml

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Amir Houmansadr
    • 1
  • Nikita Borisov
    • 1
  1. 1.Department of Electrical and Computer EngineeringUniversity of Illinois at Urbana-ChampaignUSA

Personalised recommendations