Principal Investigator: Saurabh Bagchi
The Orange Book defines a covert channel to be ―any communication channel that can be exploited by a process to transfer information in a manner that violates the system’s security policy. A covert timing channel is a type of covert channel in which sensitive information is transmitted by the timing of events. In a networked environment, a covert timing channel can be used by a program that has access to sensitive information to leak the information through packet inter-transmission times. From a positive standpoint, such a covert communication channel can be used by people living under oppressive regimes to communicate safely. Designing and implementing timing channels over a shared network between two distant computers is challenging. Network timing channels are inherently noisy due to the delay and jitter in networks, which distort the timing information from the sender when it reaches the receiver. In prior work, a simple IP covert timing channel was implemented using an on-off coding scheme, where the reception or absence of a packet within a time interval signals bit 1 or bit 0, respectively. This timing channel achieved a data rate of 16.67 bits/sec between two computers located at two universities with an average round trip time of 31.5 ms.
We are interested in designing covert timing channels that significantly improve the data rate. Our second goal is to design a computationally non-detectable timing channel scheme. In our design, we use packet inter-transmission times to convey information. A malicious process on the sender side manipulates the inter-transmission times and another malicious process either at the receiver or en route to the receiver can decode the privileged information by observing the inter-reception times. We encode L-bit binary strings in a sequence of n packet inter-transmission times T1, T2, • • • , Tn. We call it the ―L-bits to n-packets scheme. These n packets are transmitted in variable length time intervals. The receiver will then map the n packet inter-reception times R1, R2, • • •, Rn back to an L-bit binary string according to the code book. We analytically determine L and n, based on experimental measurements of network characteristics, such as maximum jitter. The choice makes the data rate of our scheme to be near optimal and demonstrates significant performance improvement (2 to 5 times the covert timing channel data rate) of our scheme over the prior state-of-the-art.
Our second contribution is to systematically develop a computationally non-detectable timing channel scheme under a wide variety of normal traffic patterns. Our design is based on the security of the cryptographically secure pseudo random number generators (CSPRNG). The packet intertransmission times from the proposed timing channel are devised to mimic any legitimate traffic with i.i.d. packet inter-transmission times or long range dependent (LRD) packet inter-transmission times. The latter class is important because it covers the predominant class of internet traffic today, namely web traffic.
Other PIs: Chi-Chung Wang (Purdue University)
Sarah H. Sellke, Chih-Chun Wang, Ness Shroff, and Saurabh Bagchi, "Capacity Bounds on Timing Channels with Bounded Service Times, " At the IEEE International Symposium on Information Theory (ISIT), pp. 981-985, Nice, France, June 24-29, 2007.
Sarah Sellke, Chih-Chun Wang, Saurabh Bagchi, Ness Shroff, "Covert TCP/IP Timing Channels: Theory to Implementation," At the 28th Annual IEEE Conference on Computer Communications (INFOCOM), April 19-25 2009, pp. 2204-2212, Rio de Janeiro, Brazil.
Keywords: covert channel, covert information, Privacy, timing channel