Liquid: A Detection Resistant Covert Timing Channel Based On Ipd Shaping
| dc.contributor | Walls, Robert | en_US |
| dc.date.accessioned | 2009-09-16T18:19:32Z | |
| dc.date.accessioned | 2011-08-24T21:42:39Z | |
| dc.date.available | 2009-09-16T18:19:32Z | |
| dc.date.available | 2011-08-24T21:42:39Z | |
| dc.date.issued | 2009-09-16T18:19:32Z | |
| dc.date.submitted | January 2009 | en_US |
| dc.description.abstract | Covert timing channels provide a way to surreptitiously leak information from an entity in a higher-security level to an entity in a lower level. The difficulty of detecting or eliminating such channels makes them a desirable choice for adversaries that value stealth over throughput. When one considers the possibility of such channels transmitting information across network boundaries, the threat becomes even more acute. A promising technique for detecting covert timing channels focuses on using entropy-based tests. This method is able to reliably detect known covert timing channels by using a combination of entropy and conditional entropy to detect anomalies in shape and regularity, respectively. This dual approach is intended to make entropy-based detection robust against both current and future channels. In this work, we show that entropy-based detection can be defeated by a channel that intelligently manipulates the metrics used for detection. Specifically, we propose a new covert channel that uses a portion of the inter-packet delays in a compromised stream to smooth out the distortions detected by the entropy test. Our experimental results suggest that this channel can successfully evade entropy-based detection and other known tests while maintaining reasonable throughput. Furthermore, we investigate the effects of parameter selection on the channel. We introduce a model for analyzing the effect of our techniques on the entropy of the channel and empirically investigate the accuracy of the model. | en_US |
| dc.identifier.uri | http://hdl.handle.net/10106/1758 | |
| dc.language.iso | EN | en_US |
| dc.publisher | Computer Science & Engineering | en_US |
| dc.title | Liquid: A Detection Resistant Covert Timing Channel Based On Ipd Shaping | en_US |
| dc.type | M.S. | en_US |