Murdoch University Research Repository

Welcome to the Murdoch University Research Repository

The Murdoch University Research Repository is an open access digital collection of research
created by Murdoch University staff, researchers and postgraduate students.

Learn more

Covert channels in the IP Time To Live Field

Zander, S., Armitage, G. and Branch, P. (2006) Covert channels in the IP Time To Live Field. In: Australian Telecommunication Networks and Application Conference (ATNAC) 2006, 4 - 6 December 2006, Melbourne, Australia



Covert channels are used for the secret transfer of information. Unlike encryption, which only protects the information from unauthorised observers, covert channels aim to hide the very existence of the communication. The huge amount of data and vast number of different network protocol s in the Internet makes it an ideal high-capacity vehicle for covert communication. Covert channels pose a serious security threat as they can be used for a number of malicious activities. In this paper we present a novel covert channel inside the IP header’s Time To Live (TTL) field. The sender manipulates the TTLs of subsequent packets transmitting covert information to the receiver. Since network elements along the path also modify the TTL, the capacity and stealth of this channel depend on the “natural” TTL variation. We analyse this variation in multiple traffic traces and propose an encoding scheme, which makes the TTL covert channel look similar to “natural” variation. We also discuss methods to eliminate and detect this covert channel

Item Type: Conference Paper
Item Control Page Item Control Page


Downloads per month over past year