Time Lord: Covert Timing Channel Implementation and Realistic Experimentation

Abstract

Covert channels are unique methods for exchanging messages, since they permit sending information secretly. Unlike encryption, covert communication allows to send information covertly, using an otherwise legitimate medium of transfer, thus it is not apparent that a message is being transferred at all. There is limited research on Covert Timing Channels (CTCs), i.e., channels that manipulate packet inter-arrival time to exchange messages based on a certain encoding. Implementing and testing CTCs in real network environments is lacking in the current literature due to sensitivity to network delays that significantly affects this type of communication. Thus, it is important to implement CTC communication to analyze the challenges of creating robust, efficient, and undetectable channels in real life situations. It is also paramount to test these implementations in a wide range of realistic network conditions. In this research, we have developed and tested two implementations of CTCs. The first implementation is based on [1] using standard bits encoding and ASCII for simplicity and robustness. This implementation suffers from easy detection. On the other hand, we developed the second implementation with goal to make the channel undetectable by using encoding with five different delays, i.e., symbols, where five symbols in a specific order correspond to one letter of the alphabet. This implementation has sufficient randomness to be undetected with standard statistical mechanisms. We have tested both implementations on local networks, the Global Environment for Network Innovations (GENI) controlled environment, networks across states in the US, and internationally.