Chapter 3 Time-to-live Covert Channels - CAIA
Chapter 3 Time-to-live Covert Channels - CAIA
Chapter 3 Time-to-live Covert Channels - CAIA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CHAPTER 3. TIME-TO-LIVE COVERT CHANNELS<br />
˜pR = pR<br />
(︂<br />
1 − pL<br />
2<br />
3.4 Reliable data transport<br />
)︂<br />
+ pL<br />
2 (1 − pR) . (3.15)<br />
The maximum transmission rates based on the channel capacity can only be achieved with<br />
optimal encoding schemes. Here we first discuss encoding strategies and then present two<br />
schemes for reliable data transmission. Our motivation is <strong>to</strong> demonstrate and evaluate a<br />
reliable data transport over the TTL channel, which has a complex non-stationary bit error<br />
distribution (see Section 3.5). Many previous results for error correction schemes capable<br />
of handling deletions assumed a simple stationary uniform random error distribution.<br />
We develop two different schemes: one for channels with deletions due <strong>to</strong> overt packet<br />
loss and one for channels without deletions. No deletions occur if there is no packet loss<br />
or if packet loss can be detected by the receiver, for example by using TCP sequence<br />
numbers. Our schemes are not limited <strong>to</strong> the TTL channel. As we show in <strong>Chapter</strong> 4,<br />
they can be used for other noisy covert channels as well.<br />
3.4.1 Channel coding techniques<br />
In general there are two types of techniques available for providing reliable data transport.<br />
In Forward Error Correction (FEC) schemes the sender adds redundancy that is used by<br />
the receiver <strong>to</strong> detect and correct errors. In Au<strong>to</strong>matic Repeat Request (ARQ) schemes<br />
the sender retransmits data that the receiver has not received correctly previously. ARQ<br />
schemes require bidirectional communication since the receiver has <strong>to</strong> inform the sender<br />
about the corrupted or lost data. Hybrid approaches are also possible.<br />
ARQ schemes require a sequence number and a checksum for each data block, so that<br />
the receiver can detect corrupted or lost blocks and inform the sender. FEC schemes add<br />
error correction information <strong>to</strong> each block. If the FEC decoder can determine reliably if<br />
a block has been decoded correctly an additional checksum is not needed, but sequence<br />
numbers are still required <strong>to</strong> identify undecodable blocks.<br />
The efficiency of different techniques can be compared based on the code rate, which<br />
states the fraction of the transmitted payload data that is non-redundant. The code rate of<br />
a selective repeat ARQ scheme is:<br />
(N − H)<br />
N<br />
1<br />
T (︀ pE, ˆpB, N )︀ , (3.16)<br />
52