Murdoch University Research Repository

Welcome to the Murdoch University Research Repository

The Murdoch University Research Repository is an open access digital collection of research
created by Murdoch University staff, researchers and postgraduate students.

Learn more

Covert channels in the IP Time To Live Field

Tools

Zander, S., Armitage, G. and Branch, P. (2006) Covert channels in the IP Time To Live Field. In: Australian Telecommunication Networks and Application Conference (ATNAC) 2006, 4 - 6 December 2006, Melbourne, Australia

[img]
Preview
PDF
Download (121kB) | Preview

Abstract

Covert channels are used for the secret transfer of information. Unlike encryption, which only protects the information from unauthorised observers, covert channels aim to hide the very existence of the communication. The huge amount of data and vast number of different network protocol s in the Internet makes it an ideal high-capacity vehicle for covert communication. Covert channels pose a serious security threat as they can be used for a number of malicious activities. In this paper we present a novel covert channel inside the IP header’s Time To Live (TTL) field. The sender manipulates the TTLs of subsequent packets transmitting covert information to the receiver. Since network elements along the path also modify the TTL, the capacity and stealth of this channel depend on the “natural” TTL variation. We analyse this variation in multiple traffic traces and propose an encoding scheme, which makes the TTL covert channel look similar to “natural” variation. We also discuss methods to eliminate and detect this covert channel

Item Type: Conference Paper
URI: http://researchrepository.murdoch.edu.au/id/eprint/35012
Item Control Page Item Control Page

Downloads

Downloads per month over past year