Chapter 3 Time-to-live Covert Channels - CAIA
08.08.2013 Views
Share Embed Flag

Chapter 3 Time-to-live Covert Channels - CAIA

Chapter 3 Time-to-live Covert Channels - CAIA

Chapter 3 Time-to-live Covert Channels - CAIA

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
caia.swin.edu.au

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

CHAPTER 3. TIME-TO-LIVE COVERT CHANNELS<br />

Table 3.5: Average transmission rates in (kilo) bits/second<br />

Dataset Direct MEI MEI0 MED MED0 DUB AMI<br />

<strong>CAIA</strong> 71(.99) 71(.99) 65(.99) 71(.99) 65(.99) 64(.98) 65(.99)<br />

Grangenet 68(.99) 68(.99) 59(.94) 68(.99) 59(.94) 61(.98) 62(.99)<br />

Twente 482(.97) 483(.99) 438(.98) 483(.99) 438(.98) 444(.99) 445(.99)<br />

Waika<strong>to</strong> 1397(.92) 1399(.97) 1096(.89) 1423(.99) 1102(.89) 1200(.97) 1204(.98)<br />

Bell 220(.89) 219(.91) 204(.89) 229(.95) 213(.94) 210(.92) 207(.91)<br />

Leipzig 11.6k(.96) 10.7k(.97) 10.2k(.92) 11.7k(.97) 10.2k(.92) 10.6k(.96) 10.5k(.95)<br />

The transmission rates depend on the capacity in bits per overt packet and the average<br />

packet rates (Equation 3.14). Table 3.5 shows the average transmission rates in bits per<br />

second for all modulation schemes and traces assuming ∆ = 1, no packet loss/reordering<br />

and hop count differences are used for MED, MED0 and AMI schemes 5 . The numbers in<br />

parenthesis denote the capacity in bits per overt packet.<br />

Overall the transmission rates depend on the available overt traffic, varying from tens<br />

of bits per second (<strong>CAIA</strong>, Grangenet), over hundreds of bits per second (Bell, Twente),<br />

<strong>to</strong> up <strong>to</strong> several kilobit per second (Leipzig, Waika<strong>to</strong>). Besides being standards-compliant<br />

and stealthier our novel schemes (MED, AMI) also have equal or higher transmission<br />

rates than the previous schemes (MEI, DUB). Overall we rank the new schemes as follows<br />

(from best <strong>to</strong> worst): MED, DED, AMI, MED0.<br />

With increasing packet loss and reordering rate the channel capacity reduces quickly.<br />

Figure 3.15 shows a con<strong>to</strong>ur plot of the capacity depending on the loss and reordering<br />

rate if packet loss can be detected (Equation 4.10). Figure 3.16 shows the capacity when<br />

packet loss cannot be detected (Equation 4.9). In both figures pN is the average error rate<br />

for MED with A = 1. For reordering we set b = 1, d = 1, and r = 1/rate − 2 (see Section<br />

3.3), where rate is the reordering rate shown on the x-axis.<br />

3.5.4 Burstiness of errors<br />

The burstiness of errors does not affect the channel capacity, but it affects the performance<br />

of techniques for reliable data transport. On the TTL channel bit errors often occur in<br />

bursts. How bursty the errors are depends on the trace and the modulation scheme.<br />

We illustrate this using results for the MED and AMI modulation schemes and the<br />

<strong>CAIA</strong> and Leipzig traces. Figure 3.17 shows CDFs of the distance between errors in bits<br />

for the measured errors and simulated uniformly distributed errors with the same probabil-<br />

ities. The empirical error distributions are clearly burstier than the uniform distributions.<br />

5 The transmission rates can be increased by encoding multiple bits per packet or packet pair. However,<br />

as explained earlier this would likely reveal the covert channel.<br />

62

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!