A.I. Belozubova, A.V. Epishkina, K.G. Kogos

 National Research Nuclear University «MEPhI» (Moscow, Russia)

Lampson was the first to introduce a covert channel as a channel that was not designed for information transmission. The problem of information leakage via network covert channels has a large scale due to the facts that IP protocol is widely used and has a lot of features to use it for hidden information transmission. Usually covert channels are divided into two groups by transmission technic: storage and timing covert channels. In the paper authors provide brief survey for network timing and storage covert channels as well as methods of information leakage counteraction. According to best practices, information systems and infrastructure have an information security policy with the requirements about allowable level of covert channel capacity. However, to take a decision about any method activation it is important not to allow underestimation of covert channel capacity. For the effective prevention of information leakage via network covert channels authors suggest a way to assess timing covert channel capacity. Two binary timing channels have been investigated: on/off and channel based on inter packet intervals modulation. In on/off covert channel the sender sends a packet during a preliminarily agreed time interval to transmit the bit «1» and does not send to transmit the bit «0». In a covert channel based on inter packet intervals modulation the sender sends packets with different time intervals defining different bits. The scientific novelty consists in taking into account network load conditions while assessing maximum amount of information that can be stealthily transmitted from secure infrastructure to an illegitimate receiver beyond secure perimeter. Authors investigated cases when packet transfer time from the sender to the receiver in the network (PTT) is defined by normal and exponential distribution – the most common distribution according to current research. Covert channel capacity is evaluated as a function of covert channel parameters and parameters of the PTT distribution (DPTT). Conducted research shows that in case when secure officer does not take into account typical load for the network and DPTT type maximum covert channel capacity will most likely be underestimated. If allowable level of covert channel capacity is set up, obtained results allow to take right decision about activation of countermeasures to prevent information leakage.

Belozubova A.I., Epishkina A.V., Kogos K.G. Evaluation of the timing covert channel capacity considering packet transfer time distribution. Highly Available Systems. 2021. V. 17. № 1. P. 41−50. DOI: https://doi.org/10.18127/j20729472-202101-04. (in Russian)

1. Lampson B.W. A Note on the Confinement Problem. Communications of the ACM. 1973. V. 16. № 10. P. 613−615.
2. GOST R 53113.1-2008. Informatsionnaya tekhnologiya. Zashchita informatsionnykh tekhnologii i avtomatizirovannykh sistem ot ugroz informatsionnoi bezopasnosti, realizuemykh s ispolzovaniem skrytykh kanalov. Chast 1. Obshchie polozheniya. Vved. 2009-10-01. M.: Standartinform. 2009. 12 s.
3. Grusho A.A. Skrytye kanaly i bezopasnost informatsii v kompyuternykh sistemakh. Diskretnaya matematika. 1998. T. 10. № 1. S. 3−9.
4. Grusho A.A. O sushchestvovanii skrytykh kanalov. Diskretnaya matematika. 1999. T. 11. №  1. S. 24−28.
5. US Department of Defense. Department of Defense Trusted Computer System Evaluation Criteria. US Department of Defense. The ‘Orange Book’ Series. Palgrave Macmillan, London. 1985. https://doi.org/10.1007/978-1-349-12020-8_1.
6. Ahsan K., Kundur D. Practical Data Hiding in TCP/IP. Proc. of the ACM Workshop on Multimedia Security. 2002.
7. Zander S., Armitage G., Branch P. Covert Channels in the IP Time To Live Field. Proc. of the Australian Telecommunication Networks and Applications Conference. 2006.
8. Zander S., Armitage G., Branch P. A Survey of Covert Channels and Countermeasures in Computer Network Protocols. IEEE Communications Surveys and Tutorials. 2007. V. 9. № 3. P. 44−57.
9. Epishkina A., Kogos K. A random traffic padding to limit packet size covert channels. Proc. of the 2015 Federated Conference on Computer Science and Information Systems. 2015. V. 5. P. 1107−1113.
10. Epishkina A., Kogos K. Covert channels parameters evaluation using the information theory statements. Proc. of the 5th International Conference on IT convergence and security. 2015. P. 395−399.
11. Cabuk S., Brodley C.E., Shields C. IP covert timing channels: design and detection. Proc. of the eleventh ACM conference on computer and communications security. 2004. P. 178−187.
12. Girling C.G. Covert channels in LAN’s. IEEE Transactions on software engineering. 1987. V. 13. № 2. P. 292−296.
13. Shah G., Molina A., Blaze M. Keyboards and Covert Channels. Proc. of the 15th USENIX Security Symposium. 2006. P. 59−75.
14. Sellke S.H., Wang C.-C., Bagchi S., Shroff N.B. Covert TCP/IP timing channels: theory to implementation. Proc. of the 28th conference on computer communications. 2009. P. 2204−2212.
15. IBM Knowledge Center [Elektronnyi resurs]. URL = https://www.ibm.com/support/knowledgecenter/ssw_aix_71/security/ taix_audit_bandwidth.html (data obrashcheniya 15.02.2020).
16. GOST R 53113.2-2009. Informatsionnaya tekhnologiya. Zashchita informatsionnykh tekhnologii i avtomatizirovannykh sistem ot ugroz informatsionnoi bezopasnosti, realizuemykh s ispolzovaniem skrytykh kanalov. Chast 2. Rekomendatsii po organizatsii zashchity
17. Liu M., Xue Y., Zhao Y., Guo H. Research on the Distribution and Self-Similarity Characteristic of End-To-End Network Delay. International Journal of Future Generation Communication and Networking. 2015. V. 8. № 3.
18. Elteto T., Molnar S. On the distribution of round-trip delays in TCP/IP networks. Proc. of the 24th Conference on Local Computer Networks. 1999.
19. Karakas M. Determination of network delay distribution over the internet. Thesis submitted to the graduate school of natural and applied sciences of the Middle East Technical University. December 2003.
20. Sukhov A.M., Kuznetsova N.Yu., Pervitsky A.K., Galtsev A.A. Generating Function For Network Delay. Journal of High Speed Networks. 2016. V. 22. № 4. P. 321−333.
21. Huang G., Akopian D., Chen C.L.P. Measurement and Modeling of Network Delays for MS-Based A-GPS Assistance Delivery. IEEE Transactions on instrumentation and measurement. 2014. V. 63. № 8.