By Topic

A typical noisy covert channel in the IP protocol

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Haipeng Qu ; Inst. of Software, Chinese Acad. of Sci., Beijing, China ; Purui Su ; Dengguo Feng

Previous studies have exploited a number of noiseless covert channels in the IPv4 protocol by using some fields in the IP header including the identification, the header checksum and the padding fields. These channels can transmit covert information correctly between two Internet nodes, but will be eliminated after the adoption of the IPv6 protocol. To construct a covert channel which can survive in the IPv6 protocol, a noisy covert channel is designed by using the TTL field in the IPv4 header. The channel can be exploited in the IPv6 protocol because the TTL field will be substituted by the Hop Limit field with a similar function. Two methods are presented including one-bit-per-packet method and TTL partition method. The maximal attainable bandwidth of the channel is discussed and a formula is given to calculate the maximal attainable bandwidth. The maximal attainable bandwidth is inversely proportional to the expectation and variance of the distribution of the average hop number between two communication nodes. The correlation between the maximal attainable bandwidth and the selection of the code error rate is also analyzed. Some statistics data from real networks are collected to estimate the bandwidth of the channel in practice. The result shows that the covert channel is effective in most situations.

Published in:

Security Technology, 2004. 38th Annual 2004 International Carnahan Conference on

Date of Conference:

11-14 Oct. 2004