Publication | Closed Access
IP covert timing channels
449
Citations
23
References
2004
Year
Unknown Venue
Hardware SecurityEngineeringInformation SecurityInformation LeakageCovert NetworkData PrivacyInformation ForensicsSecure CommunicationTiming ChannelComputer ScienceCovert ChannelCommunicationSide-channel AttackNetwork Covert ChannelData SecurityCryptographyNetwork Security
A network covert channel can leak information across a network in violation of security policies and can be difficult to detect. The paper implements a covert network timing channel, examines design challenges, and demonstrates that its regularity can be used to detect it and to counter attacker disruptions. The authors implement the channel and use it as a testbed to evaluate detection techniques, including countermeasures against attacker‑induced irregularities. Performance data show that the channel’s regularity can be exploited to distinguish it from normal traffic, and the proposed detection methods effectively identify the channel even when attackers attempt to disrupt its timing.
A network covert channel is a mechanism that can be used to leak information across a network in violation of a security policy and in a manner that can be difficult to detect. In this paper, we describe our implementation of a covert network timing channel, discuss the subtle issues that arose in its design, and present performance data for the channel. We then use our implementation as the basis for our experiments in its detection. We show that the regularity of a timing channel can be used to differentiate it from other traffic and present two methods of doing so and measures of their efficiency. We also investigate mechanisms that attackers might use to disrupt the regularity of the timing channel, and demonstrate methods of detection that are effective against them.
| Year | Citations | |
|---|---|---|
Page 1
Page 1