Covert DCF: A DCF-Based Covert Timing Channel in 802.11 Networks

Covert communications have been used for many decades. Accordingly, when digital communications moved to the forefront it was natural that covert channels be proposed to operate over these networks. Covert channels are general purpose transmission mediums that can be used for good (e.g., an additional layer of security) or bad (e.g., to conduct various proximity-based attacks in wireless LANs). However, their use has been limited as a result of their low throughput. One area that is promising for covert channels is wireless networks. Specifically, those that employ carrier sense multiple access with collision avoidance (CSMA/CA) (e.g., 802.11 networks). These schemes introduce randomness in the network that provides good cover for a covert timing channel. In this paper, we propose a relatively high bandwidth covert timing channel for 802.11 networks (Covert DCF). We exploit the random backoff in the distributed coordinated function (DCF), used to avoid collisions, to provide cover for our covert timing channel. Covert DCF provides significant improvements over other recent covert channels in the area of throughput, while maintaining high accuracy and remaining undetectable. We are able to covertly achieve throughput of 1800 bps while maintaining 99% accuracy. This throughput is approximately 17 times faster than that of current covert timing channels. Covert DCF is robust in that it can adapt to various network conditions.