Project Summary Covert channels exploit open overt communication as the carrier to transmit secret messages. The plethora of Internet traffic offers an ideal high bandwidth carrier for covert communication. A specific type of a covert channel is a covert timing channel (CTC) in which, when the Internet traffic is used as a medium, the sender encodes a message by manipulating the transmission time of packets produced by legitimate applications. The receiver observes the arrival times of the packets and using a shared code-book decodes the message. The focus of this research project is on such covert timing channels (CTCs). There are two main requirements in the design of CTCs. One is robustness and the other is security. The robustness requirement stems from the fact that the covert channel established between two hosts must be able to tolerate packet loss, delay, and jitter introduced by both the network and by an active adversary employing timing jammers. The security requirement originates from the goal that a passive adversary should neither be able to detect the CTC nor decode the covert message. Undetectibilty implies that the inter-packet delays of the covert traffic mimic, and ideally match, the inter-packet delay distribution of the overt traffic. The primary goal of this research is to build upon the current work, and design and implement robust and secure CTCs for overt traffic generated by real applications.
PeopleWeiwei Liu (Nanjing University of Science and Technology, China)
Arnab Kumar Biswas (Indian Institute of Science, Bangalore, India)
Shishir Nagaraja (University of Birmingham)
Rennie Archibald (AT&T Labs)
Dipak Ghosal (UC Davis)
Cherita Corbett (SRI)
Tracy Liu (AT&T Labs)
- Rennie Archibald, Dipak Ghosal, A comparative analysis of detection metrics for covert timing channels, Computers & Security, May 2014.
- Rennie Archibald and Dipak Ghosal, A Covert Timing Channel Based on Fountain Codes,” IEEE TrustCom, ACS Workshop, Liverpool, June, 2012.
- Rennie Archibald, Cherita Corbett, Yali Liu, and Dipak Ghosal, "Diambiguating HTTP: Classifying Web Applications," In IWCMC-Traffic Analysis and Classification, July 2011, Istanbul, Turkey.
- Yali Liu, Dipak Ghosal, Biswanath Mukherjee and Ahmad-Reza Sadeghi. Video Streaming Forensic - Content Identification with Traffic Snooping, 13th Information Security Conference (ISC 2010), Boca-Raton, Florida, October 25-28, 2010.
- Y. Liu, F. Armknecht, D. Ghosal, S. Katzenbeisser, A. Sadeghi, S. Schulz, “Robust and Undetectable Covert Timing Channels for i.i.d. Traffic,” 12th Information Hiding Conferences (IH10), 2010.
- Yali Liu, Frederik Armknecht, Dipak Ghosal, Stefan Katzenbeisser, Ahmad-Reza Sadeghi, Steffen Schulz, Hide and Seek in Time - Robust Covert Timing Channels, 14th European Symposium on Research in Computer Security Saint Malo, France | September 21-25, 2009.
- Y. Liu, K. Chiang, C. Corbett, R. Archibald, B. Mukherjee, and D. Ghosal, A Novel Audio Steganalysis Based on High-Order Statistics of a Distortion Measure with Hausdorff Distance. Information Security Conference (ISC) 2008, pp. 487-501
- Y. Liu, C. Corbett, K. Chiang, R. Archibald, B. Mukherjee, D. Ghosal, Detecting Sensitive Data Exfiltration by an Insider Attack, Proc. the 4th Annual Workshop on Cyber Security and Information Intelligence Research (CSIIRW '08), pp. 1-3, New York, 2008.
- Rennie Archibald, Design and Detection of Covert Communication: Timing Channels and Application Tunneling, 2013
- Tracy Liu, Hide-and-seek : concealment and detection of sensitive data exfiltration in network traffic, 2009