Abstract
Exploiting packets' timing information for covert communication in the Internet has been explored by several network timing channels and watermarking schemes. Several of them embed covert information in the inter-packet delay. These channels, however, can be detected based on the perturbed traffic pattern, and their decoding accuracy could be degraded by jitter, packet loss and packet reordering events. In this paper, we propose a novel TCP-based timing channel, named TCP-Script to address these shortcomings. TCPScript embeds messages in "normal" TCP data bursts and exploits TCP's feedback and reliability service to increase the decoding accuracy. Our theoretical capacity analysis and extensive experiments have shown that TCPScript offers much higher channel capacity and decoding accuracy than an IP timing channel and JitterBug. On the countermeasure, we have proposed three new metrics to detect aggressive TCPScript channels.
Original language | English |
---|---|
Title of host publication | Proceedings of the International Conference on Dependable Systems and Networks |
Pages | 420-429 |
Number of pages | 10 |
DOIs | |
Publication status | Published - 13 Oct 2008 |
Event | 2008 International Conference on Dependable Systems and Networks, DSN-2008 - Anchorage, AK, United States Duration: 24 Jun 2008 → 27 Jun 2008 |
Conference
Conference | 2008 International Conference on Dependable Systems and Networks, DSN-2008 |
---|---|
Country/Territory | United States |
City | Anchorage, AK |
Period | 24/06/08 → 27/06/08 |
ASJC Scopus subject areas
- Software
- Hardware and Architecture
- Computer Networks and Communications