Chapter 3 Time-to-live Covert Channels - CAIA
Chapter 3 Time-to-live Covert Channels - CAIA
Chapter 3 Time-to-live Covert Channels - CAIA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CHAPTER 3. TIME-TO-LIVE COVERT CHANNELS<br />
Digital Subscriber Line (DSL) and WiMax as well as on CDs, DVDs, and blue-ray discs.<br />
Furthermore, RS codes are suitable for channels with bursty errors.<br />
RS codes are block codes. A (N,K) RS code has blocks of N symbols, with N − K RS<br />
symbols appended <strong>to</strong> every K payload symbols. The maximum N depends on the size of<br />
the symbols in bits M (N ≤ 2 M − 1). An RS decoder can correct 2E + S ≤ N − K errors<br />
where E are erasures (symbols with bit errors of known position) and S are substitutions<br />
(symbols with bit errors of unknown position).<br />
The sender divides the covert data in<strong>to</strong> blocks. Each block has a header with an 8-bit<br />
sequence number, which enables the receiver <strong>to</strong> identify blocks lost due <strong>to</strong> corruption.<br />
The header also contains a 32-bit CRC (CRC32) checksum computed over the header<br />
fields and data, because the RS decoder we use [177] is not able <strong>to</strong> reliably indicate if all<br />
errors were corrected in a received block. The RS encoder computes the error correction<br />
data over the sequence number, checksum and covert data, and appends it <strong>to</strong> the block.<br />
The receiver decodes blocks from the received bit stream as follows. For every new<br />
bit received it checks if N symbols are in the buffer already. If that is the case it attempts<br />
<strong>to</strong> decode a block using the RS decoder, and computes the CRC32 checksum over the<br />
corrected header and covert data. If the checksum matches the sender’s checksum the<br />
received block is valid. Otherwise the receiver removes the oldest bit from the buffer and<br />
waits for the next bit.<br />
Our pro<strong>to</strong>col does not require synchronisation at the start. Any blocks sent by Alice<br />
before Bob started receiving are obviously lost, but Bob will start receiving data once the<br />
first complete block has been received.<br />
We chose CRC32 as checksum because it provides better or equal error detection than<br />
other existing 32-bit checksums [178]. At very high error rates CRC32 may be <strong>to</strong>o weak,<br />
but we assume that typically our scheme is used with lower error rates. Otherwise better<br />
checksums could be used at the expense of more computational or header overhead.<br />
3.4.3 Deletion channels<br />
A simple error-correction code is insufficient for channels with deletions because every<br />
deletion causes possible substitution errors in all following bits. Thus a decoder first has<br />
<strong>to</strong> identify where the deletions occurred and insert dummy bits. Then an existing error<br />
correcting code can be used <strong>to</strong> correct the errors caused by substitutions and dummy bits.<br />
Ratzer developed an encoding scheme based on marker codes and Low Density Parity<br />
Check (LDPC) codes [179]. Marker codes insert sequences of known bits, so-called<br />
markers, at regular positions in<strong>to</strong> the stream of payload bits. In Ratzer’s scheme the inner<br />
marker code is used for re-synchronisation and the remaining substitution errors are then<br />
corrected by the outer LDPC code. He proposed probabilistic re-synchronisation (also<br />
referred <strong>to</strong> as sum-product algorithm).<br />
54