Catalog Home Page

An Empirical Evaluation of IP Time To Live Covert Channels

Zander, S., Armitage, G. and Branch, P. (2007) An Empirical Evaluation of IP Time To Live Covert Channels. In: 15th IEEE International Conference on Networks (ICON) 2007, 19 - 21 November 2007, Adelaide, South Australia

[img]
Preview
PDF - Published Version
Download (130kB) | Preview
Link to Published Version: http://dx.doi.org/10.1109/ICON.2007.4444059
*Subscription may be required

Abstract

Communication is not necessarily made secure by the use of encryption alone. The mere existence of communication is often enough to raise suspicion and trigger investigative actions. Covert channels aim to side-step this problem by hiding additional information within the 'normal' behaviour of preexisting communication streams. The huge amount of data and vast number of different protocols in the Internet make it ideal as a high-bandwidth vehicle for covert channels. Several researchers have proposed modulation techniques to encode covert information into the IP Time To Live field. In this paper we compare the different encoding techniques and also propose two new improved encoding schemes. We present a software framework developed for evaluating covert channels in network protocols. We use this software to empirically evaluate the transmission rates of the different TTL modulation techniques for real Internet traffic.

Publication Type: Conference Paper
URI: http://researchrepository.murdoch.edu.au/id/eprint/35014
Item Control Page Item Control Page

Downloads

Downloads per month over past year