DocumentCode :
3234352
Title :
Disrupting and Preventing Late-Packet Covert Communication Using Sequence Number Tracking
Author :
Rezaei, Fatemeh ; Hempel, Michael ; Dongming Peng ; Sharif, Hamid
Author_Institution :
Comput. & Electron. Eng. Dept., Univ. of Nebraska-Lincoln, Omaha, NE, USA
fYear :
2013
fDate :
18-20 Nov. 2013
Firstpage :
599
Lastpage :
604
Abstract :
Modern covert channel communication is the art of hiding secret information in legitimate network traffic in a way that cannot normally be detected by anyone other than the intended receiver. It is growing in its presence and sophistication. This type of communication enables the distribution of malicious or sensitive information and poses a significant network security problem to individuals, organizations, and governments. One popular method of covert communication in RTP streams is the transmission of one or more packets after significantly delaying them. As a result, any normal receiver will discard them as arriving late, whereas covert receivers successfully receive them to extract their payload subverted by the covert transmitter. This provides a covert channel method with significant throughput potential and thus high risk. In this paper we propose a method that can restrict this type of covert communication and prevent the distribution of secret information. Our proposed method takes advantage of buffering the sequence number of the received packets and thus detecting late packets, allowing it to discard them instead of delivering them to the receiver. Therefore, the covert receiver will not be able to intercept and observe these intentionally delayed packets, nor extracting the covert message. The in-depth analysis and our simulation results demonstrate that the proposed method is effective and capable of preventing this type of covert communication.
Keywords :
data encapsulation; RTP streams; covert channel communication; late-packet covert communication; network security problem; network traffic; secret information hiding; sequence number; sequence number tracking; Delays; Jitter; Packet loss; Payloads; Protocols; Receivers; Covert Communication; Information Hiding; Late Packets; RTP; Sequence Number;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Military Communications Conference, MILCOM 2013 - 2013 IEEE
Conference_Location :
San Diego, CA
Type :
conf
DOI :
10.1109/MILCOM.2013.108
Filename :
6735688
Link To Document :
بازگشت