Covert Messaging through TCP Timestamps

  title={Covert Messaging through TCP Timestamps},
  author={John Giffin and Rachel Greenstadt and Peter Litwack and Richard Tibbetts},
  booktitle={Privacy Enhancing Technologies},
Covert channels exist in most communications systems and allow individuals to communicate truly undectably. However, covert channels are seldom used due to their complexity. A protocol for sending data over a common class of low-bandwidth covert channels has been developed. The protocol is secure against attack by powerful adversaries. The design of a practical system implementing the protocol on a standard platform (Linux) exploiting a channel in a common communications system (TCP timestamps… 

Covert Channel over Network Time Protocol

A way through which covert messages are sent and received using the Network Time Protocol (NTP), which is not easily detected since NTP should be present in most environment to synchronize the clock between clients and servers using at least one time server is scrutinized.

HIDE_DHCP: Covert Communications through Network Configuration Messages

This work analyzes a protocol extensively used today, the Dynamic Host Configuration Protocol (DHCP), in search of new forms of covert communication, and observes several features that can be effectively exploited for subliminal data transmission.

Covert Channels in IPv6

This paper introduces and analyze 22 different covert channels in the Internet Protocol version 6 (IPv6), and defines three types of active wardens, stateless, stateful, and network-aware, who differ in complexity and ability to block the analyzed covert channels.

Covert Channel using the IP Timestamp Option of an IPv4 Packet

A novel covert channel utilizing the IP timestamp option inside an IPv4 packet header to exchange a secret message with another party is proposed.

Communication over the Internet using Covert Channels

Two types of covert channels are described: covert storage channel and covert timing channel and it is shown how two parties can communicate over the internet using these channels without being detected by the modern security tools.

A Protocol for Building Secure and Reliable Covert Channel

It is demonstrated that it is possible to transmit large amounts of data covertly with sophisticated support such as security and reliability through moderate bandwidth covert channels.

Covert Channels in Internet Protocols: A Survey

A brief overview of covert channels in communication networks is given, and a brief survey of some recent and relevant papers on the use of secret channels in the common Internet protocols are presented.

A survey of covert channels and countermeasures in computer network protocols

A survey of the existing techniques for creating covert channels in widely deployed network and application protocols and an overview of common methods for their detection, elimination, and capacity limitation, required to improve security in future computer networks are given.

Covert communications through network configuration messages

Reference Model Storage Covert Channel for Secure Communications

The proposed model is to enhance the bandwidth of covert communication using TCP sequence number header field and IP identification field header using combination of 32-bit sequence number and 16-bit identification number.



Covert Channels in the TCP/IP Protocol Suite

This paper attempts to illustrate the weaknesses in the TCP/IP protocol suite in both theoretical and practical examples.

Security problems in the TCP/IP protocol suite

A variety of attacks based on a number of serious security flaws inherent in the TCP/IP protocols are described, including sequence number spoofed, routing attacks, source address spoofing, and authentication attacks.

Covert channels-here to stay?

  • I. MoskowitzM. Kang
  • Computer Science
    Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance
  • 1994
It is shown how trade-offs can be made to reduce the threat of covert channels and why a capacity analysis alone is not sufficient to evaluate the vulnerability and a new metric is introduced referred to as the "small message criterion".

Subliminal channels; past and present

The setting for the discovery of subliminal channels is described and the nature and shortcomings of the subliminals channels in the El Gamal digital signature scheme - to which the DSS is closely related - are described, to make clear what a remarkable coincidence this can all be overcome in channels realized in the D SS.

Results concerning the bandwidth of subliminal channels

The fundamental questions of the bandwidth available for subliminal communication as a function of the trust the transmitter has in theSubliminal receiver and of a logically sound interpretation of the term "subliminal-free" are reexamines.

Simple timing channels

The thrust of the paper is the analysis of timing channels that are discrete, memoryless, and noiseless, and called a simple timing channel (STC).

On the limits of steganography

It is shown that public key information hiding systems exist, and are not necessarily constrained to the case where the warden is passive, and the use of parity checks to amplify covertness and provide public key steganography.

Information hiding-a survey

An overview of the information-hiding techniques field is given, of what the authors know, what works, what does not, and what are the interesting topics for research.

Countermeasures and tradeoffs for a class of covert timing channels

The authors' analysis provides the only known upper bound on the capacity of the bus contention channel under fuzzy time and obtains precise tradeoffs between covert channel capacity and other desirable system properties.