Disrupting and preventing late-packet covert communication using sequence number tracking

Fahimeh Rezaei, Michael Hempel, Dongming Peng, Hamid Sharif

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Scopus citations

Abstract

Modern covert channel communication is the art of hiding secret information in legitimate network traffic in a way that cannot normally be detected by anyone other than the intended receiver. It is growing in its presence and sophistication. This type of communication enables the distribution of malicious or sensitive information and poses a significant network security problem to individuals, organizations, and governments. One popular method of covert communication in RTP streams is the transmission of one or more packets after significantly delaying them. As a result, any normal receiver will discard them as arriving late, whereas covert receivers successfully receive them to extract their payload subverted by the covert transmitter. This provides a covert channel method with significant throughput potential and thus high risk. In this paper we propose a method that can restrict this type of covert communication and prevent the distribution of secret information. Our proposed method takes advantage of buffering the sequence number of the received packets and thus detecting late packets, allowing it to discard them instead of delivering them to the receiver. Therefore, the covert receiver will not be able to intercept and observe these intentionally delayed packets, nor extracting the covert message. The in-depth analysis and our simulation results demonstrate that the proposed method is effective and capable of preventing this type of covert communication.

Original languageEnglish (US)
Title of host publicationProceedings - 2013 IEEE Military Communications Conference, MILCOM 2013
Pages599-604
Number of pages6
DOIs
StatePublished - 2013
Event2013 IEEE Military Communications Conference, MILCOM 2013 - San Diego, CA, United States
Duration: Nov 18 2013Nov 20 2013

Publication series

NameProceedings - IEEE Military Communications Conference MILCOM

Other

Other2013 IEEE Military Communications Conference, MILCOM 2013
CountryUnited States
CitySan Diego, CA
Period11/18/1311/20/13

Keywords

  • Covert Communication
  • Information Hiding
  • Late Packets
  • RTP
  • Sequence Number

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Disrupting and preventing late-packet covert communication using sequence number tracking'. Together they form a unique fingerprint.

  • Cite this

    Rezaei, F., Hempel, M., Peng, D., & Sharif, H. (2013). Disrupting and preventing late-packet covert communication using sequence number tracking. In Proceedings - 2013 IEEE Military Communications Conference, MILCOM 2013 (pp. 599-604). [6735688] (Proceedings - IEEE Military Communications Conference MILCOM). https://doi.org/10.1109/MILCOM.2013.108