Embedding a Covert Channel in Active Network Connections

Covert timing channels exploit varying packet rates between synchronized sending and receiving hosts to transmit hidden information. The overhead in synchronizing covert timing channels and their inherent dependence on network conditions are their main drawbacks. In this paper, we propose a covert channel using multiple active connections that does not depend on the timing differences between consecutive packets. Our proposed approach uses multiple network connections between a pair of communicating hosts to transmit covert data. Hence this covert channel is unaffected by underlying unpredictable network conditions. The concealed data is embedded in the order and sequence of connections to/from which regular (cover) packets of data are sent/received. Our experimental results show that, in addition to higher channel capacity, our proposed channel is undetectable using contemporary timing channel detection approaches.