The Implementation of TCP Sequence Number Reference Model in Linux Kernel

It is observed that covert channels can be easily implemented in TCP/IP stack. It is easily achieved by embedding the covert message in the various header fields seemingly filled with "Random" data such as TCP Sequence Number (SQN), IP Identification (ID) etc. Such manipulation of these fields which seems "random" at first sight but might be detected with the help of various techniques. In this research paper we are proposing Sequence Number Reference Model as a Proof-of-Concept for sending the covert message using TCP Sequence Number (SQN) field without changing the semantics of its header field. Covert message in the packet cannot be detected by the conventional covert channel detection techniques since not a single bit of this header field is modified. We are providing a mechanism by which sender can send the covert message and receiver can interpret the same in spite of the fact that the actual covert message will not be carried by the sequence number field of TCP header.