Superimposing permutational covert channels onto reliable stream protocols

In this paper, we present a implicit encoding technique that makes use of lower-layer packet reordering to superimpose covert messages onto a reliable data stream. In particular, since the TCP layer provides a reliable in-order data stream over the unreliable network layerpsilas IP datagram service, we can encode covert messages by artificially permuting IP packets before they leave the source and reading the permutation at the destination prior to delivering the payload to TCP. Applying such permutations will not adversely affect TCPpsilas ability to reconstitute the transport layer data stream, since TCP is designed to be robust against out of order network layer packet delivery. We describe the design and operation of PERMEATE, an open-source covert channel toolkit which implements such a permutational covert channel over TCP, and we provide a quantitative assessment of itpsilas efficacy and efficiency as a covert channel.