CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University
Center for Education and Research in Information Assurance and Security

Network Covert Channels: Design, Analysis, Detection, and Elimination

Download

Download PDF Document
PDF

Author

Serdar Cabuk

Tech report number

CERIAS TR 2006-53

Entry type

phdthesis

Abstract

Indirect communication channels have been effectively employed in the communications world to bypass mechanisms that do not permit direct communication between unauthorized parties. Such covert channels emerge as a threat to information-sensitive systems in which leakage to unauthorized parties may be unacceptable (e.g., military systems). In this dissertation, we show that traffic analysis can counter traditional event-based covert channels, which do not employ any additional scheme to obfuscate the channel further. For these channels, we introduce effective noiseless and noisy covert channel detection mechanisms that capture the anomalous traffic patterns. However, because a motivated user can potentially hide the channel further, we introduce a new family of covert channels that do not produce such anomaly. These IP time-replay covert channels transmit covert messages by adjusting packet timings consistent with inter-arrival time sequences that are extracts from recently recorded normal sequences. Under certain assumptions and lowered data rates, these channels generate output sequences that are equal in distribution to normal sequences allowing them to by-pass traffic anomaly detection schemes that are based on distribution analysis. Additionally, we illustrate that these channels can potentially survive channel elimination schemes such as jammers and network data pumps with lowered data rates. Thus, we discuss two types of transformations on packet inter-arrival times to increase the efficacy of existing elimination schemes.

Download

PDF

Date

2006 – 12 – 16

Key alpha

Covert Communication Channels

School

Purdue University

Affiliation

Electrical and Computer Engineering

Publication Date

2006-12-16

Contents

1 INTRODUCTION 2 BACKGROUND AND RELATED WORK 3 SIMPLE NETWORK COVERT CHANNELS 4 TIME-REPLAY NETWORK COVERT CHANNELS 5 CONCLUSIONS AND FUTURE DIRECTIONS LIST OF REFERENCES A IP SCC SCENARIOS

Keywords

Network Covert Channels, Creation, Detection, Analysis

Language

English

Subject

Analysis of Network Covert Communication Channels

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.