Issue No. 06 - Nov.-Dec. (2012 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.64
Xiapu Luo , The Hong Kong Polytechnic University, Hong Kong
Edmond W.W. Chan , The Hong Kong Polytechnic University, Hong Kong
Peng Zhou , The Hong Kong Polytechnic University, Hong Kong
Rocky K.C. Chang , The Hong Kong Polytechnic University, Hong Kong
The problem of communicating covertly over the Internet has recently received considerable attention from both industry and academic communities. However, the previously proposed network covert channels are plagued by their unreliability and very low data rate. In this paper, we show through a new class of timing channels coined as Cloak that it is possible to devise a 100 percent reliable covert channel and yet offer a much higher data rate (up to an order of magnitude) than the existing timing channels. Cloak is novel in several aspects. First, Cloak uses the different combinations of N packets sent over X flows in each round to represent a message. The combinatorial nature of the encoding methods increases the channel capacity largely with (N,X). Second, based on the well-known 12-fold Way, Cloak offers 10 different encoding and decoding methods, each of which has a unique tradeoff among several important considerations, such as channel capacity and camouflage capability. Third, the packet transmissions modulated by Cloak can be carefully crafted to mimic normal TCP flows for evading detection. We have implemented Cloak and evaluated it in the PlanetLab and a controlled testbed. The results show that it is not uncommon for Cloak to have an order of channel goodput improvement over the IP Timing channel and JitterBug. Moreover, Cloak does not suffer from any message loss under various loss and reordering scenarios.
Timing, Decoding, Encoding, Watermarking, Channel capacity, Internet, covert channel detection, Network covert channel, timing channel, Enumerative Combinatorics, TCP
P. Zhou, R. K. Chang, E. W. Chan and X. Luo, "Robust Network Covert Communications Based on TCP and Enumerative Combinatorics," in IEEE Transactions on Dependable and Secure Computing, vol. 9, no. , pp. 890-902, 2012.