Modeling packet rate covert timing channels

Covert channels provide a medium for secret communication by exploiting caveats in common networking protocols to hide information exchanges within benign activities, without being detected by unsuspecting hosts and network firewalls. This makes covert channels a significant security concern. Therefore, it is of utmost importance to develop effective and comprehensive countermeasures. In general, the more secret data capacity a covert channel provides the higher its estimated threat level is, as it diminishes the time available to detect and disrupt such activities and prevent the information exchange. Hence, determining the capacity of a covert channel is important. However, most work in capacity estimation is specifically targeted at individual algorithms only, and thus is similarly in applicability. A general mathematical model that can predict the capacity of most algorithms is a key research need for effective covert channel prevention. In this paper, we have provided a general analytical model to determine the capacity of timing-based covert channels, and verified the model with computer simulations.