Disrupting and Preventing Late-Packet Covert Communication Using Sequence Number Tracking

Modern covert channel communication is the art of hiding secret information in legitimate network traffic in a way that cannot normally be detected by anyone other than the intended receiver. It is growing in its presence and sophistication. This type of communication enables the distribution of malicious or sensitive information and poses a significant network security problem to individuals, organizations, and governments. One popular method of covert communication in RTP streams is the transmission of one or more packets after significantly delaying them. As a result, any normal receiver will discard them as arriving late, whereas covert receivers successfully receive them to extract their payload subverted by the covert transmitter. This provides a covert channel method with significant throughput potential and thus high risk. In this paper we propose a method that can restrict this type of covert communication and prevent the distribution of secret information. Our proposed method takes advantage of buffering the sequence number of the received packets and thus detecting late packets, allowing it to discard them instead of delivering them to the receiver. Therefore, the covert receiver will not be able to intercept and observe these intentionally delayed packets, nor extracting the covert message. The in-depth analysis and our simulation results demonstrate that the proposed method is effective and capable of preventing this type of covert communication.