An empirical evaluation of IP time to live covert channels
conference contribution
posted on 2024-07-11, 12:21 authored by Sebastian Zander, Grenville Armitage, Philip BranchPhilip BranchCommunication is not necessarily made secure by the use of encryption alone. The mere existence of communication is often enough to raise suspicion and trigger investigative actions. Covert channels aim to side-step this problem by hiding additional information within the 'normal' behaviour of preexisting communication streams. The huge amount of data and vast number of different protocols in the Internet make it ideal as a high-bandwidth vehicle for covert channels. Several researchers have proposed modulation techniques to encode covert information into the IP Time To Live field. In this paper we compare the different encoding techniques and also propose two new improved encoding schemes. We present a software framework developed for evaluating covert channels in network protocols. We use this software to empirically evaluate the transmission rates of the different TTL modulation techniques for real Internet traffic.
History
Available versions
PDF (Published version)Publisher DOI
ISBN
1424412307Journal title
ICON 2007 - Proceedings of the 2007 15th IEEE International Conference on NetworksConference name
ICON 2007 - The 2007 15th IEEE International Conference on NetworksPagination
5 ppPublisher
IEEECopyright statement
Copyright © 2007 IEEE. The published version is reproduced in accordance with the copyright policy of the publisher. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.Language
engUsage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC