Sciweavers

DSN
2008
IEEE

TCP covert timing channels: Design and detection

14 years 7 months ago
TCP covert timing channels: Design and detection
Exploiting packets’ timing information for covert communication in the Internet has been explored by several network timing channels and watermarking schemes. Several of them embed covert information in the inter-packet delay. These channels, however, can be detected based on the perturbed traffic pattern, and their decoding accuracy could be degraded by jitter, packet loss and packet reordering events. In this paper, we propose a novel TCP-based timing channel, named TCPScript to address these shortcomings. TCPScript embeds messages in “normal” TCP data bursts and exploits TCP’s feedback and reliability service to increase the decoding accuracy. Our theoretical capacity analysis and extensive experiments have shown that TCPScript offers much higher channel capacity and decoding accuracy than an IP timing channel and JitterBug. On the countermeasure, we have proposed three new metrics to detect aggressive TCPScript channels.
Xiapu Luo, Edmond W. W. Chan, Rocky K. C. Chang
Added 29 May 2010
Updated 29 May 2010
Type Conference
Year 2008
Where DSN
Authors Xiapu Luo, Edmond W. W. Chan, Rocky K. C. Chang
Comments (0)