Chapter 3 Time-to-live Covert Channels - CAIA
08.08.2013 Views
Share Embed Flag

Chapter 3 Time-to-live Covert Channels - CAIA

Chapter 3 Time-to-live Covert Channels - CAIA

Chapter 3 Time-to-live Covert Channels - CAIA

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
caia.swin.edu.au

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

CHAPTER 3. TIME-TO-LIVE COVERT CHANNELS<br />

We also conducted experiments over a real network using three different applications<br />

as overt traffic. For a hybrid FEC+ARQ scheme we achieved throughputs of 50% or more<br />

of the capacity, except in the case of high packet reordering. The throughput is up <strong>to</strong> over<br />

hundred bits per second, much higher than the commonly accepted covert channel limit<br />

of one bit per second [19].<br />

3.6.1 Future work<br />

The study of the channel characteristics could be extended <strong>to</strong>wards further trace files.<br />

The capacity and throughput analysis could also be extended <strong>to</strong> cover a wider range of<br />

packet loss and reordering settings. Furthermore, experiments could be carried out across<br />

different Internet paths, for example using the PlanetLab overlay network.<br />

Improved modulation schemes should be developed <strong>to</strong> make the TTL channel stealth-<br />

ier. Optimally covert sender and receiver would select the overt packets such that the<br />

distribution of the induced TTL changes looks exactly like normal TTL noise. The TTL<br />

noise distributions cannot be modelled easily with standard statistical distributions, but<br />

covert sender and receiver could use more complex models calibrated on observed traffic.<br />

The performance of the technique for reliable data transport could be further im-<br />

proved. Longer RS codes would be more effective as header overhead is reduced, but<br />

then data is received in a less timely fashion. Although RS codes perform well, there are<br />

better error correcting codes, for example LDPC codes [179]. Furthermore, there may be<br />

other approaches that are more efficient than a hierarchical marker scheme.<br />

Since the error rate of the TTL channel varies significantly over time depending on<br />

the overt traffic, it is questionable if a single error-correcting code could perform well in<br />

different circumstances. Developing and evaluating an adaptive scheme is left for further<br />

study. Another avenue left <strong>to</strong> explore is how much performance could be improved by<br />

reducing the burstiness of errors through interleaving of the data prior <strong>to</strong> encoding.<br />

When encoding the covert channel in<strong>to</strong> TCP flows, the effects of packet loss and<br />

reordering can be mitigated by utilising TCP sequence numbers. We outlined the design<br />

of such a scheme, but an implementation and evaluation are still missing.<br />

73

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!