Undetectable Covert Communication

Research Areas: Network Security, Assured Identity and Privacy,

Principal Investigator: Saurabh Bagchi

The Orange Book defines a covert channel to be “any communication channel that can be exploited by a process to transfer information in a manner that violates the system’s security policy.” A covert timing channel is a type of covert channel in which sensitive information is transmitted by the timing of events. In a networked environment, a covert timing channel can be used by a program that has access to sensitive information to leak the information through packet inter-transmission times. From a positive standpoint, such a covert communication channel can be used by people living under oppressive regimes to communicate safely. Designing and implementing timing channels over a shared network between two distant computers is challenging. Network timing channels are inherently “noisy” due to the delay and jitter in networks, which distort the timing information from the sender when it reaches the receiver. In prior work, a simple IP covert timing channel was implemented using an on-off coding scheme, where the reception or absence of a packet within a time interval signals bit 1 or bit 0, respectively. This timing channel achieved a data rate of 16.67 bits/sec between two computers located at two universities with an average round trip time of 31.5 ms.

We are interested in designing covert timing channels that significantly improve the data rate. Our second goal is to design a computationally non-detectable timing channel scheme. In our design, we use packet inter-transmission times to convey information. A malicious process on the sender side manipulates the inter-transmission times and another malicious process either at the receiver or en route to the receiver can decode the privileged information by observing the inter-reception times. We encode L-bit binary strings in a sequence of n packet inter-transmission times T1, T2, · · · , Tn. We call it the “L-bits to n-packets” scheme. These n packets are transmitted in variable length time intervals. The receiver will then map the n packet inter-reception times R1,R2, · · ·,Rn back to an L-bit binary string according to the code book. We analytically determine L and n, based on experimental measurements of network characteristics, such as maximum jitter. The choice makes the data rate of our scheme to be near optimal and demonstrates significant performance improvement (2 to 5 times the covert timing channel data rate) of our scheme over the prior state-of-the-art.

Our second contribution is to systematically develop a computationally non-detectable timing channel scheme, assuming the packet intertransmission time is independent and identically distributed (i.i.d). Our design is based on the security of the cryptographically secure pseudo random number generators (CSPRNG). The packet intertransmission times from the proposed timing channel are devised to mimic any legitimate traffic with i.i.d. packet inter-transmission time. This allows two parties to communicate at a low data rate (e.g., 5 bits/sec) in a hostile environment such as in battlefield or law enforcement settings while avoiding detection.

In ongoing work, we are developing non-detectable timing channels for more general classes of normal traffic, such as Markov-chain and long-range dependent normal traffic. We are also exploring non-timing methods of conveying covert information, such as through changing the order in which packets are sent, such that they fall within the bounds of possible operation of commonly-used protocols such as TCP, but are usable for conveying information covertly.

Personnel

  • Sarah Sellke

Keywords: covert information, timing channel, covert channel, privacy