CLACK: A network covert channel based on partial acknowledgment encoding

Xiapu Luo, Edmond W.W. Chan, Kow Chuen Chang

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

13 Citations (Scopus)


The ability of setting up a covert channel, which allows any two nodes with Internet connections to engage in secretive communication, clearly causes a very serious security concern. A number of recent studies have indeed shown that setting up such covert channels is possible by exploiting the protocol fields in the IP, TCP, or application layer. However, the quality of these covert channels is susceptible to unpredictable network condition and active wardens. In this paper, we propose CLACK, a new covert channel which encodes covert messages into the TCP acknowledgments (ACKs). Since the message encoding is performed in a TCP data channel, CLACK is reliable and resilience to adverse network conditions. Moreover, CLACK is very difficult to detect in practice, because the TCK ACKs encoded by CLACK cannot be easily distinguished from the normal ACKs. We have implemented and tested CLACK in a test-bed to validate its correctness.
Original languageEnglish
Title of host publicationProceedings - 2009 IEEE International Conference on Communications, ICC 2009
Publication statusPublished - 19 Nov 2009
Event2009 IEEE International Conference on Communications, ICC 2009 - Dresden, Germany
Duration: 14 Jun 200918 Jun 2009


Conference2009 IEEE International Conference on Communications, ICC 2009

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this