A Novel Class of Robust Covert Channels Using Out-of-order Packets
IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 14 (2017), pp. 116-129 (to appear)
Covert channels are usually used to circumvent security policies and allow information leakage without being observed. In this paper, we propose a novel covert channel technique using the packet reordering phenomenon as a host for carrying secret communications. Packet reordering is a common phenomenon on the Internet. Moreover, it is handled transparently from the user and application-level processes. This makes it an attractive medium to exploit for sending hidden signals to receivers by dynamically manipulating packet order in a network flow. In our approach, specific permutations of successive packets are selected to enhance the reliability of the channel, while the frequency distribution of their usage is tuned to increase stealthiness by imitating real Internet traffic. It is very expensive for the adversary to discover the covert channel due to the tremendous overhead to buffer and sort the packets among huge amount of background traffic. A simple tool is implemented to demonstrate this new channel. We studied extensively the robustness and capabilities of our proposed channel using both simulation and experimentation over large varieties of traffic characteristics. The reliability and capacity of this technique have shown promising results. We also investigated a practical mechanism for distorting and potentially preventing similar novel channels.