| Covert channel is a great threat to Internet Security. In Academia, the study of covert channel divides into two areas, constructing and detecting covert channel. As the opposite of the detecting, constructors hope to improve and enrich detecting method by digging characteristics of covert channel. Covert channel can be divided into covert storage channel, covert timing channel and covert mulit-link channel. Existing covert timing channels rely on the network environment and can be easily detected. To overcome these defects, we propose a covert channel method based on TCP timestamp option.The proposed channel is based on TCP, which makes use of error control mechanism and window mechanism to build its error control mechanism, so its robustness can be improved. A new type of descriptive method of Inter-Packet-Delay is proposed, named Recording Inter-Packet-Delay. Through the use of TCP timestamp option to construct Inter-Packet-Delay, to construct the new channel furthermore. By slightly modifying timestamp at the same time using modified entropy shaping method, the proposed channel can improve its invisibility. Round-Trip Time is used to construct the parameter of the proposed channel, to improve its volatile. To gain enough covert channel flow and legit channel flow, the proposed channel uses FTP as its application layer protocol.The proposed channel is constructed by experiments. Its robustness and invisibility are estimated through experiments. Experiments proved that the proposed channel performs obviously better than existing covert timing channel in the transmission accuracy of covert message under harsh network environment. It is enough to resist entropy based detection, which as the unique threat to the proposed channel.As result, the theoretical and experimental evidences show that the proposed channel can be as effective covert channel method. |
PDF Full Text Request