TY - GEN
T1 - Disrupting and preventing late-packet covert communication using sequence number tracking
AU - Rezaei, Fahimeh
AU - Hempel, Michael
AU - Peng, Dongming
AU - Sharif, Hamid
PY - 2013
Y1 - 2013
N2 - Modern covert channel communication is the art of hiding secret information in legitimate network traffic in a way that cannot normally be detected by anyone other than the intended receiver. It is growing in its presence and sophistication. This type of communication enables the distribution of malicious or sensitive information and poses a significant network security problem to individuals, organizations, and governments. One popular method of covert communication in RTP streams is the transmission of one or more packets after significantly delaying them. As a result, any normal receiver will discard them as arriving late, whereas covert receivers successfully receive them to extract their payload subverted by the covert transmitter. This provides a covert channel method with significant throughput potential and thus high risk. In this paper we propose a method that can restrict this type of covert communication and prevent the distribution of secret information. Our proposed method takes advantage of buffering the sequence number of the received packets and thus detecting late packets, allowing it to discard them instead of delivering them to the receiver. Therefore, the covert receiver will not be able to intercept and observe these intentionally delayed packets, nor extracting the covert message. The in-depth analysis and our simulation results demonstrate that the proposed method is effective and capable of preventing this type of covert communication.
AB - Modern covert channel communication is the art of hiding secret information in legitimate network traffic in a way that cannot normally be detected by anyone other than the intended receiver. It is growing in its presence and sophistication. This type of communication enables the distribution of malicious or sensitive information and poses a significant network security problem to individuals, organizations, and governments. One popular method of covert communication in RTP streams is the transmission of one or more packets after significantly delaying them. As a result, any normal receiver will discard them as arriving late, whereas covert receivers successfully receive them to extract their payload subverted by the covert transmitter. This provides a covert channel method with significant throughput potential and thus high risk. In this paper we propose a method that can restrict this type of covert communication and prevent the distribution of secret information. Our proposed method takes advantage of buffering the sequence number of the received packets and thus detecting late packets, allowing it to discard them instead of delivering them to the receiver. Therefore, the covert receiver will not be able to intercept and observe these intentionally delayed packets, nor extracting the covert message. The in-depth analysis and our simulation results demonstrate that the proposed method is effective and capable of preventing this type of covert communication.
KW - Covert Communication
KW - Information Hiding
KW - Late Packets
KW - RTP
KW - Sequence Number
UR - http://www.scopus.com/inward/record.url?scp=84897727798&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84897727798&partnerID=8YFLogxK
U2 - 10.1109/MILCOM.2013.108
DO - 10.1109/MILCOM.2013.108
M3 - Conference contribution
AN - SCOPUS:84897727798
SN - 9780769551241
T3 - Proceedings - IEEE Military Communications Conference MILCOM
SP - 599
EP - 604
BT - Proceedings - 2013 IEEE Military Communications Conference, MILCOM 2013
T2 - 2013 IEEE Military Communications Conference, MILCOM 2013
Y2 - 18 November 2013 through 20 November 2013
ER -