Abstract
Covert timing channel is a mechanism that can be exploited by an attacker to conceal secrets in timing intervals of transmitted packets. With the development of detection techniques against such channel, it has become increasingly difficult to exploit a practical covert timing channel that is both detection-resistant and of high capacity. In this paper, we introduce a new type of covert timing channel. Our novel encoding technique uses mimic functions as the basis to accomplish the mimicry of legitimate traffic behaviors. We also design and implement a mimicry framework for automatically creating this new type of covert timing channel. In the end, we utilize the state-of-the-art detection tests to validate the effectiveness of our mimicry approach. The experimental results show that the created covert timing channel can successfully evade the detection tests while achieving a considerable channel capacity.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Atallah, M.J., Raskin, V., Hempelmann, C.F., Karahan, M., Sion, R., Topkara, U., Triezenberg, K.E.: Natural language watermarking and tamperproofing. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 196–212. Springer, Heidelberg (2003)
Cabuk, S., Brodley, C., Shields, C.: IP covert timing channels: Design and detection. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 178–187 (2004)
Cabuk, S., Brodley, C., Shields, C.: IP covert channel detection. ACM Transactions on Information and System Security (TISSEC)Â 12(4), 22 (2009)
Cover, T., Thomas, J.: Elements of information theory. Wiley-interscience (2006)
Cox, I., Miller, M., Bloom, J., Fridrich, J., Kalker, T.: Digital watermarking and steganography. Morgan Kaufmann (2007)
Dewey, G.: Relative frequency of English spellings. Teachers College Press, New York (1970)
Douglas, D.H., Peucker, T.K.: Algorithms for the reduction of the number of points required to represent a digitized line or its caricature. Cartographica: The International Journal for Geographic Information and Geovisualization 10(2), 112–122 (1973)
Gianvecchio, S., Wang, H.: Detecting covert timing channels: An entropy-based approach. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 307–316 (2007)
Gianvecchio, S., Wang, H., Wijesekera, D., Jajodia, S.: Model-based covert timing channels: Automated modeling and evasion. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, pp. 211–230 (2008)
Girling, C.: Covert channels in LAN’s. IEEE Transactions on Software Engineering, 292–296 (1987)
WAND Research Group. Waikato internet traffic storage, http://wand.net.nz/wits/nzix/2/
Henry, P.A.: Covert channels provided hackers the opportunity and the means for the current distributed denial of service attacks. CyberGuard Corporation (2000)
Houmansadr, A., Nguyen, G.T., Caesar, M., Borisov, N.: Cirripede: Circumvention infrastructure using router redirection with plausible deniability. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 187–200 (2011)
Kothari, K., Wright, M.: Mimic: An active covert channel that evades regularity-based detection. Computer Networks (2012)
Lampson, B.: A note on the confinement problem. Communications of the ACM 16(10), 613–615 (1973)
Peng, P., Ning, P., Reeves, D.: On the secrecy of timing-based active watermarking trace-back techniques. In: IEEE Symposium on Security and Privacy, pp. 334–349 (2006)
Sellke, S., Wang, C., Bagchi, S., Shroff, N.: TCP/IP timing channels: Theory to implementation. In: INFOCOM, pp. 2204–2212 (2009)
Shah, G., Molina, A., Blaze, M.: Keyboards and covert channels. In: Proceedings of the 15th Conference on USENIX Security Symposium, vol. 15 (2006)
Walls, R., Kothari, K., Wright, M.: Liquid: A detection-resistant covert timing channel based on IPD shaping. Computer Networks 55(6), 1217–1228 (2011)
Wang, X., Reeves, D.S.: Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 20–29 (2003)
Wayner, P.: Mimic functions. Cryptologia 16(3), 193–214 (1992)
Wu, Z., Gianvecchio, S., Xie, M., Wang, H.: Mimimorphism: A new approach to binary code obfuscation. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 536–546 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Wang, J., Guan, L., Liu, L., Zha, D. (2014). Implementing a Covert Timing Channel Based on Mimic Function. In: Huang, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2014. Lecture Notes in Computer Science, vol 8434. Springer, Cham. https://doi.org/10.1007/978-3-319-06320-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-06320-1_19
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-06319-5
Online ISBN: 978-3-319-06320-1
eBook Packages: Computer ScienceComputer Science (R0)