Chapter 3 Time-to-live Covert Channels - CAIA

More documents

Recommendations

Info

Packet loss (%) 3.0 2.5 2.0 1.5 1.0 0.5 0.0 CHAPTER 3. TIME-TO-LIVE COVERT CHANNELS 0.0 0.5 1.0 1.5 2.0 2.5 3.0 Reordering (%) Figure 3.15: Capacity depending on packet loss and reordering if loss can be detected Packet loss (%) 3.0 2.5 2.0 1.5 1.0 0.5 0.0 0.0 0.5 1.0 1.5 2.0 2.5 3.0 Reordering (%) Figure 3.16: Capacity depending on packet loss and reordering if loss cannot be detected Figure 3.18 plots the error rate for the MED scheme for consecutive non-overlapping windows of 100 000 bits (equivalent to 100 000 overt packets) for the two largest traces (Waikato, Leipzig). There is high short-term variation for the Leipzig trace. The Waikato trace shows smaller short-term variation combined with small long-term changes. For the other traces the error rate is also changing, although usually not as dramatically as in the Leipzig trace (see Appendix B.5). Larger changes of the error rate mean a non-adaptive error correction code would either have too much overhead most of the time or the remaining error rate is higher than in the case of uniformly distributed errors. Optimally, the sender should adapt the error correction code over time based on the estimated error rate. For bidirectional channels the error rate estimate could be based on feedback from the receiver. 63
Proportion ≤ x 1.0 0.8 0.6 0.4 0.2 0.0 0e+00 2e+05 4e+05 6e+05 Distance between errors (bits) CHAPTER 3. TIME-TO-LIVE COVERT CHANNELS Trace AMI Unif AMI Trace MED Unif MED Proportion ≤ x 1.0 0.8 0.6 0.4 0.2 0.0 0 500 1000 1500 Distance between errors (bits) Trace AMI Unif AMI Trace MED Unif MED Figure 3.17: Distance between bit errors in bits for the CAIA trace (left) and the Leipzig trace (right) Error rate 0.014 0.012 0.010 0.008 0.006 0.004 0.002 0.000 0 200 400 600 800 1000 1200 Window Error rate 0.14 0.12 0.10 0.08 0.06 0.04 0.02 0.00 0 500 1000 1500 2000 2500 Window Figure 3.18: Error rate for the MED modulation scheme over consecutive windows of 100 000 bits for the Waikato trace (left) and the Leipzig trace (right) 3.5.5 Throughput – trace file analysis We measured the throughput of the channel using the proposed techniques for reliable transport and large traffic aggregates with real TTL noise as overt traffic. We simulated packet loss and reordering since it cannot be deduced from the trace files. We only used the DED, MED, MED0 and AMI encoding schemes because they perform equal or better than the other schemes. Previous studies showed that although some paths experience high loss rates, packet loss in the Internet is typically ≤ 1% over wired paths [181, 182, 183, 184]. Previous studies on packet reordering found that it is largely flow and path dependent [182, 185, 186]. For example, Iannacone et al. found that while 1–2% of all packets in the Sprint backbone were reordered, only 5% of the flows experienced reordering [185]. 64
Page 1 and 2: Chapter 3 CHAPTER 3. TIME-TO-LIVE C
Page 3 and 4: CHAPTER 3. TIME-TO-LIVE COVERT CHAN
Page 5 and 6: Proportion ≤≤ x 1.0 0.8 0.6 0.4
Page 11 and 12: Capacity (bits/packet) 1.00 0.95 0.
Page 13 and 14: 0 1 1-p L 1-p L p L p L CHAPTER 3.
Page 21 and 22: Algorithm 3.3 Block decoding algori
Page 23 and 24: Error rate 1e−02 1e−04 1e−06
Page 25: CHAPTER 3. TIME-TO-LIVE COVERT CHAN
Page 29 and 30: Block corruption rate Block corrupt
Page 31 and 32: Throughput (bits/s) 60 50 40 30 20
Page 33 and 34: Throughput (bits/s) 200 150 100 50

Chapter 3 Time-to-live Covert Channels - CAIA

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?