TY - GEN
T1 - Cloak: A ten-fold way for reliable covert communications
AU - Luo, Xiapu
AU - Chan, Edmond W.W.
AU - Chang, Kow Chuen
PY - 2007/12/1
Y1 - 2007/12/1
N2 - In this paper, we propose Cloak-a new class of reliable timing channels-which is fundamentally different from other timing channels in several aspects. First, Cloak encodes a message by a unique distribution of N packets over X TCP flows. The combinatorial nature of the encoding methods increases the channel capacity largely with (N, X). Second, Cloak offers ten different encoding and decoding methods, each of which has a unique tradeoff among several important considerations, such as channel capacity and the need for packet marking. Third, the packet transmissions modulated by Cloak could be carefully crafted to mimic the normal TCP flows in a typical TCP-based application session. Although Cloak's basic idea is simple, we show in this paper how we tackle a number of challenging issues systematically. Our experiment results collected from PlanetLab nodes and a test bed suggest that Cloak is feasible under various network conditions and different round-trip delays.
AB - In this paper, we propose Cloak-a new class of reliable timing channels-which is fundamentally different from other timing channels in several aspects. First, Cloak encodes a message by a unique distribution of N packets over X TCP flows. The combinatorial nature of the encoding methods increases the channel capacity largely with (N, X). Second, Cloak offers ten different encoding and decoding methods, each of which has a unique tradeoff among several important considerations, such as channel capacity and the need for packet marking. Third, the packet transmissions modulated by Cloak could be carefully crafted to mimic the normal TCP flows in a typical TCP-based application session. Although Cloak's basic idea is simple, we show in this paper how we tackle a number of challenging issues systematically. Our experiment results collected from PlanetLab nodes and a test bed suggest that Cloak is feasible under various network conditions and different round-trip delays.
KW - Attack models
KW - Covert channel analysis
KW - Network security
UR - http://www.scopus.com/inward/record.url?scp=38049094594&partnerID=8YFLogxK
M3 - Conference article published in proceeding or book
SN - 9783540748342
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 283
EP - 298
BT - Computer Security - ESORICS 2007 - 12th European Symposium on Research in Computer Security, Proceedings
T2 - 12th European Symposium on Research in Computer Security, ESORICS 2007
Y2 - 24 September 2007 through 26 September 2007
ER -