Chapter 3 Time-to-live Covert Channels - CAIA

More documents

Recommendations

Info

Throughput (bits/s) 70 60 50 40 30 20 10 0 ● 0.0 0.2 0.4 0.6 0.8 1.0 Packet loss (%) ● MED0 MED CHAPTER 3. TIME-TO-LIVE COVERT CHANNELS AMI DED Throughput (kbits/s) 10 8 6 4 2 0 ● 0.0 0.2 0.4 0.6 0.8 1.0 Packet loss (%) ● MED0 MED Figure 3.22: Throughput depending on packet loss for CAIA (left) and Leipzig (right) for 0% packet reordering on average. However, a reasonably large amount is able to reduce block corruption rates to levels where ARQ is effective. Based on the block size N and the remaining block corruption probability after FEC ˜pB achieved with code rate RFEC we computed the average number of retransmissions T needed to reliably transmit all remaining corrupted blocks (see Appendix B.6). We assumed selective repeat ARQ is used with HARQ bits informing the sender which blocks need to be retransmitted. Then the resulting code rate of a hybrid FEC+ARQ scheme is: RFEC_ARQ = AMI DED [︃ ]︃ ˜pB N − HARQ (1 − ˜pB) + RFEC . (3.17) T ( ˜pB, ˆpB) N Assuming a target block corruption rate ˆpB = 1 −9 and HARQ = 16 bits (each block contains two additional 8-bit numbers indicating the start and end sequence numbers of bursts of corrupted blocks) we computed the best code rates as the maximum code rate from Equation 3.17 over all empirically measured rates RFEC. Figure 3.22 shows the throughput for the CAIA and Leipzig traces depending on packet loss without packet reordering. Figure 3.23 shows the throughput for the same traces depending on packet reordering for a packet loss rate of 0.1% (results for other traces are in Appendix B.8). The hybrid scheme works well as the decrease in throughput is only moderate for increasing packet loss and reordering. The best performing schemes are MED and DED. Figure 3.24 shows the percentage of the channel capacity reached for the different modulation schemes averaged across all traces. Overall MED performs best. DED also performs well, especially for traces that contain a large percentage of long UDP flows. AMI performs well if there is no packet loss. Overall, the FEC+ARQ transport protocol achieves at least 60% of the capacity. 67
Throughput (bits/s) 60 50 40 30 20 10 0 0.0 0.1 0.2 0.3 0.4 0.5 Packet reordering (%) CHAPTER 3. TIME-TO-LIVE COVERT CHANNELS MED AMI DED Throughput (kbits/s) 8 6 4 2 0 0.0 0.1 0.2 0.3 0.4 0.5 Packet reordering (%) Figure 3.23: Throughput depending on packet reordering for CAIA (left) and Leipzig (right) for 0.1% packet loss Capacity percentage 100 90 80 70 60 50 l=0, r=0 l=0.1, r=0 l=0.5, r=0 l=1.0, r=0 Packet loss (l) and reordering (r) (%) l=0.1, r=0.1 MED0 AMI DED MED Figure 3.24: Percentage of capacity reached for the different modulation schemes and the different packet loss and reordering settings averaged across all traces We also measured the average block decoding speed of the receiver, which is defined as the length of a data block in bytes divided by the average decoding time of blocks. The differences between different modulation schemes are negligible, but there are significant differences between the different traces. The results show that even for the experiments with the highest error rate the decoder is still much faster than the actual throughput of the channel (see Appendix B.9). 3.5.6 Throughput – testbed experiments In the testbed experiments we measured the throughput of the covert channel across a real network for different types of overt traffic. The covert channel was encoded in a single overt traffic flow. This setup is representative for a scenario where the overt traffic 68 l=0.1, r=0.5 MED AMI DED
Page 1 and 2: Chapter 3 CHAPTER 3. TIME-TO-LIVE C
Page 3 and 4: CHAPTER 3. TIME-TO-LIVE COVERT CHAN
Page 5 and 6: Proportion ≤≤ x 1.0 0.8 0.6 0.4
Page 11 and 12: Capacity (bits/packet) 1.00 0.95 0.
Page 13 and 14: 0 1 1-p L 1-p L p L p L CHAPTER 3.
Page 21 and 22: Algorithm 3.3 Block decoding algori
Page 23 and 24: Error rate 1e−02 1e−04 1e−06
Page 27 and 28: Proportion ≤ x 1.0 0.8 0.6 0.4 0.
Page 29: Block corruption rate Block corrupt
Page 33 and 34: Throughput (bits/s) 200 150 100 50

Chapter 3 Time-to-live Covert Channels - CAIA

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?