A survey of timing channels and countermeasures

A timing channel is a communication channel that can transfer information to a receiver/decoder by modulating the timing behavior of an entity. Examples of this entity include the interpacket delays of a packet stream, the reordering packets in a packet stream, or the resource access time of a cryptographic module. Advances in the information and coding theory and the availability of high-performance computing systems interconnected by high-speed networks have spurred interest in and development of various types of timing channels. With the emergence of complex timing channels, novel detection and prevention techniques are also being developed to counter them. In this article, we provide a detailed survey of timing channels broadly categorized into network timing channel, in which communicating entities are connected by a network, and in-system timing channel, in which the communicating entities are within a computing system. This survey builds on the last comprehensive survey by Zander et al. [2007] and considers all three canonical applications of timing channels, namely, covert communication, timing side channel, and network flow watermarking. We survey the theoretical foundations, the implementation, and the various detection and prevention techniques that have been reported in literature. Based on the analysis of the current literature, we discuss potential future research directions both in the design and application of timing channels and their detection and prevention techniques

ATTACK AGAINST ANONYMITY USING CELL COUNTING

Various low-latency anonymous communication systems such as Tor and Anonymizer have been designed to provide anonymity service for users. In order to hide the communication of users, most of the anonymity systems pack the application data into equal-sized cells. Via extensive experiments on Tor, we found that the size of IP packets in the Tor network can be very dynamic because a cell is an application concept and the IP layer may repack cells. Based on this finding, we investigate a new cell-counting-based attack against Tor, which allows the attacker to confirm anonymous communication relationship among users very quickly. In this attack, by marginally varying the number of cells in the target traffic at the malicious exit onion router, the attacker can embed a secret signal into the variation of cell counter of the target traffic. The embedded signal will be carried along with the target traffic and arrive at the malicious entry onion router. Then, an accomplice of the attacker at themalicious entry onion router will detect the embedded signal based on the received cells and confirm the communication relationship among users. We have implemented this attack against Tor, and our experimental data validate its feasibility and effectiveness. There are several unique features of this attack. First, this attack is highly efficient and can confirm very short communication sessions with only tens of cells. Second, this attack is effective, and its detection rate approaches 100% with a very low false positive rate. Third, it is possible to implement the attack in a way that appears to be very difficult for honest participants to detect

Scalable Wavelet-Based Active Network Stepping Stone Detection

Network intrusions leverage vulnerable hosts as stepping stones to penetrate deeper into a network and mask malicious actions from detection. This research focuses on a novel active watermark technique using Discrete Wavelet Transformations to mark and detect interactive network sessions. This technique is scalable, nearly invisible and resilient to multi-flow attacks. The watermark is simulated using extracted timestamps from the CAIDA 2009 dataset and replicated in a live environment. The simulation results demonstrate that the technique accurately detects the presence of a watermark at a 5% False Positive and False Negative rate for both the extracted timestamps as well as the empirical tcplib distribution. The watermark extraction accuracy is approximately 92%. The live experiment is implemented using the Amazon Elastic Compute Cloud. The client system sends marked and unmarked packets from California to Virginia using stepping stones in Tokyo, Ireland and Oregon. Five trials are conducted using simultaneous watermarked and unmarked samples. The live results are similar to the simulation and provide evidence demonstrating the effectiveness in a live environment to identify stepping stones

Non-blind watermarking of network flows

Linking network flows is an important problem in intrusion detection as well as anonymity. Passive traffic analysis can link flows but requires long periods of observation to reduce errors. Active traffic analysis, also known as flow watermarking, allows for better precision and is more scalable. Previous flow watermarks introduce significant delays to the traffic flow as a side effect of using a blind detection scheme; this enables attacks that detect and remove the watermark, while at the same time slowing down legitimate traffic. We propose the first non-blind approach for flow watermarking, called RAINBOW, that improves watermark invisibility by inserting delays hundreds of times smaller than previous blind watermarks, hence reduces the watermark interference on network flows. We derive and analyze the optimum detectors for RAINBOW as well as the passive traffic analysis under different traffic models by using hypothesis testing. Comparing the detection performance of RAINBOW and the passive approach we observe that both RAINBOW and passive traffic analysis perform similarly good in the case of uncorrelated traffic, however, the RAINBOW detector drastically outperforms the optimum passive detector in the case of correlated network flows. This justifies the use of non-blind watermarks over passive traffic analysis even though both approaches have similar scalability constraints. We confirm our analysis by simulating the detectors and testing them against large traces of real network flows

Physical Layer Watermarking of Direct Sequence Spread Spectrum Signals

Security services and mechanisms in wireless networks have long been studied and developed. However, compared to upper network layers, physical layer security did not play a signicant role in the OSI security model. Thanks to the easier implementation and verication methods brought by the development of software dened radio (SDR) techniques, physical layer security mechanisms have recently drawn increasing interest from researchers. Digital watermarking is one of the popular security techniques that can fully utilize various exclusive characteristics of the physical layer. This thesis proposes a physical layer watermarking technique named Water-marked Direct Sequence Spread Spectrum (DSSS) or WDSSS technique, which embeds authentication information into pseudonoise (PN) sequences of a DSSS system. The design and implementation of the WDSSS prototype system on the GNU Radio/USRP SDR platform is discussed, as well as two watermark embedding methods, the maximized minimum distance method and the sub-sequence method. Theoretical analysis and experimental results on the WDSSS prototype system are presented to evaluate the performances of both the content signal and the watermark signal. Results show that, for the 11-chip PN sequence, increasing articial chip errors has aquantitatively predictable impact on the content signal, requiring 2 dB higher signal-to-noise ratio (SNR) to maintain an acceptable packet error rate (PER) for one additional ipped chip. In terms of the watermark signal, the two embedding methods demonstrated individual advantages in either PER or throughput. The maximized minimum distance method outperforms the sub-sequence embedding method with a 3 dB lower SNR requirement, while the latter provides 400 more throughput than the former with adequate SN

Огляд існуючих методів та алгоритмів приховування інформації в цифрових сигналах

In this article, the main attention is paid to the research of existing methods and algorithms for hiding information in digital signals with the aim of further creating information technology for hiding information in digital signals. Steganographic studies are based on insufficient reliability of the cryptographic systems themselves and the ambitions to full secrecy in an open system environment. Governments in many countries have passed laws that limit the reliability of cryptosystems or forbid them altogether. Badly that this leaves most of the internet community with enough weak and often faulty encryption algorithms, or generally without them. That's why steganography comes to the rescue. You can use steganography to hide sensitive data in some file and only sides who wish to receive the message know that the message is secret. The development of computer technology in recent decades has given a new impetus to the development of computer steganography. Many new areas of application have appeared. Messages are now embedded in digital data, usually analog in nature. These are speech, audio recordings, images, videos. There are also ideas for embedding information in text files and executable files, This science has generated a lot of interest in recent years, especially in the field of computer security, as it has been used by criminal and terrorist organizations. However, this is nothing new, as it has been in use since ancient times and has traditionally been used by police, military and intelligence agencies, as well as criminals or civilians wishing to escape state control, especially in tyrannical regimes. Classical steganography was solely based on ignoring the covert channel in use, whereas in the modern era, digital channels (image, video, audio, and communication protocols) are also used to achieve the goal. In many cases, the container object is known, but the algorithm for inserting information into the specified object is unknown.В даній статті основну увагу приділено дослідженню існуючих методів та алгоритмів приховування інформації в цифрових сигналах з метою подальшого створення інформаційної технології приховування інформації в цифрових сигналах