Visible to the public Covert Channels 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Covert Channels 2015

Covert Channels 2015


A covert channel is a simple, effective mechanism for sending and receiving data between machines without alerting any firewalls or intrusion detectors on the network.  In cybersecurity science, they have value both as a means for defense and attack.  The work cited here was presented or published in 2015.

Darwish, O.; Al-Fuqaha, A.; Anan, M.; Nasser, N., "The Role of Hierarchical Entropy Analysis in the Detection and Time-Scale Determination Of Covert Timing Channels," in Wireless Communications and Mobile Computing Conference (IWCMC), 2015 International, pp. 153-159, 24-28 Aug. 2015

doi: 10.1109/IWCMC.2015.7289074

Abstract: This paper evaluates the potential use of hierarchal entropy analysis to detect covert timing channels and determine the best time-scale that reveals it. A data transmission simulator is implemented to generate a collection of overt and covert channels. The hierarchical entropy analysis approach is then utilized to detect the covert timing channels and identify the type-scale that provides the highest evidence that the underlying channel is covert. Hierarchical entropy divides the stream of inter-arrival times greedily to identify the time-scale the best reveals the existence of a covert-timing channel. The lowest entropy in the sequence is the best indicator that identifies non-random patterns in the given data stream. The results show that hierarchal entropy analysis performs significantly better than the classical flat entropy approach in the detection of covert timing channels. Furthermore, the hierarchical entropy analysis provides details about the best time-scale that reveals the features of the covert timing channel.

Keywords: data communication; entropy; security of data; covert timing channel detection; data transmission simulator; hierarchical entropy analysis; time-scale determination; Decoding; Encoding; Entropy; Indexes; Noise; Receivers; Timing; Covert timing channels; Hierarchical entropy; Pattern recognition; Security; Time-scale determination (ID#: 15-8302)



Kaur, J.; Wendzel, S.; Meier, M., "Countermeasures for Covert Channel-Internal Control Protocols," in Availability, Reliability and Security (ARES), 2015 10th International Conference on, pp. 422-428, 24-27 Aug. 2015. doi: 10.1109/ARES.2015.88

Abstract: Network covert channels have become a sophisticated means for transferring hidden information over the network, and thereby breaking the security policy of a system. Covert channel-internal control protocols, called micro protocols, have been introduced in the recent years to enhance capabilities of network covert channels. Micro protocols are usually placed within the hidden bits of a covert channel's payload and enable features such as reliable data transfer, session management, and dynamic routing for network covert channels. These features provide adaptive and stealthy communication channels for malware, especially bot nets. Although many techniques are available to counter network covert channels, these techniques are insufficient for countering micro protocols. In this paper, we present the first work to categorize and implement possible countermeasures for micro protocols that can ultimately break sophisticated covert channel communication. The key aspect of proposing these countermeasures is based on the interaction with the micro protocol. We implemented the countermeasures for two micro protocol-based tools: Ping Tunnel and Smart Covert Channel Tool. The results show that our techniques are able to counter micro protocols in an effective manner compared to current mechanisms, which do not target micro protocol-specific behavior.

Keywords: computer network security; invasive software; protocols; telecommunication channels; adaptive communication channel; bot nets communication channel; covert channel internal control protocols; dynamic routing; hidden information; malware communication channel; microprotocol; network covert channels; ping tunnel; reliable data transfer; session management; smart covert channel tool; stealthy communication channel; Communication channels; Overlay networks; Payloads; Protocols; Reliability; Routing; Timing; ICMP tunneling; active warden; covert channels; information hiding; micro protocols; network security; overlay routing; passive warden; steganography (ID#: 15-8303)



Dakhane, D.M.; Deshmukh, P.R., "Active Warden for TCP Sequence Number Base Covert Channel," in Pervasive Computing (ICPC), 2015 International Conference on, pp. 1-5, 8-10 Jan. 2015

doi: 10.1109/PERVASIVE.2015.7087183

Abstract: Network covert channel generally use for leak the information by violating the security policies. It allows the attacker to send as well as receive secret information without being detected by the network administrator or warden in the network. There are several ways to implement such covert channels; Storage covert channel and Timing covert channel. However there is always some possibility of these covert channels being identified depending on their behaviour. In this paper, we propose, an active warden, which normalizes incoming and outgoing network traffic for eliminating all possible storage based covert channels. It is specially design for TCP sequence number because this field is a maximum capacity vehicle for storage based covert channel. Our experimental result shows that propose active warden model eliminates covert communication up to 99%, while overt communication is as intact.

Keywords: transport protocols; TCP sequence number base covert channel; maximum capacity vehicle; security policies; storage covert channel; timing covert channel; IP networks; Internet; Kernel; Protocols; Security; Telecommunication traffic; Timing; Active Warden; Network Covert Channels; Storage Covert Channels; TCP Headers; TCP ISN;TCP Sequence Number; TCP-SQN; TCP/IP (ID#: 15-8304)



Epishkina, A.; Kogos, K., "A Traffic Padding to Limit Packet Size Covert Channels," in Future Internet of Things and Cloud (FiCloud), 2015 3rd International Conference on, pp. 519-525, 24-26 Aug. 2015. doi: 10.1109/FiCloud.2015.20

Abstract: Nowadays applications for big data are widely spread since IP networks connect milliards of different devices. On the other hand, there are numerous accidents of information leakage using IP covert channels worldwide. Covert channels based on packet size modification are resistant to traffic encryption, but there are some data transfer schemes that are difficult to detect. Investigation of the technique to limit the capacity of covert channels becomes topical as covert channels construction can violate big data security. The purpose of this work is to examine the capacity of a binary packet size covert channel when a traffic padding is generated.

Keywords: Big Data; IP networks; cryptography; electronic data interchange; telecommunication traffic; Big Data security; IP network; data transfer scheme; packet size covert channel; traffic encryption; traffic padding; Channel capacity; IP networks; Receivers; Security; Timing; Yttrium; big data; capacity; information security; limitation; network covert channels (ID#: 15-8305)



Xuyang; Zouchenpeng; Yangning, "Network Covert Channel Analysis Based on the Density Multilevel Two Segment Clustering," in Software Engineering and Service Science (ICSESS), 2015 6th IEEE International Conference on, pp. 263-266, 23-25 Sept. 2015. doi: 10.1109/ICSESS.2015.7339051

Abstract: On the problem of covert channel detection, the traditional detection algorithms exist specific covert channel blind area, or it is useful for some kind of covert channel detection but ignore other covert channels. In order to solve this problem, in this paper proposes network covert channel analysis method based on the density multilevel two segment clustering. Firstly, the problem of covert channel in complex network is studied, and its mathematical model and data feature extraction are presented; Secondly, based on hierarchical clustering and design its multilevel aggregation improved form using the given complex network channel coarsening clustering results, at the same time in each layer of coarse channel and the results of detection, using density clustering algorithm to implement complex network covert channel detection and thinning and improve the prediction accuracy. Finally, the proposed algorithm can detect the complex network covert channel quickly and accurately when the noise is no higher than 20%.

Keywords: computer network security; feature extraction; complex network channel coarsening clustering; complex network covert channel detection; data feature extraction; density multilevel two-segment clustering; mathematical model; network covert channel analysis method; Accuracy; Algorithm design and analysis; Classification algorithms; Clustering algorithms; Complex networks; Gravity; Security; complex network; covert channel; density clustering; multilevel clustering; two segment analysis (ID#: 15-8306)



Tuptuk, N.; Hailes, S., "Covert Channel Attacks in Pervasive Computing," in Pervasive Computing and Communications (PerCom), 2015 IEEE International Conference on, pp. 236-242, 23-27 March 2015. doi: 10.1109/PERCOM.2015.7146534

Abstract: Ensuring security in pervasive computing systems is an essential pre-requisite for their deployment. Typically, such systems are reliant on wireless networks for communication; however, whilst a considerable amount of attention has been given to cryptographic mechanisms for securing that wireless link, almost none has been devoted to the creation of covert channels capable of circumventing perimeter security. In systems that embody an element of control, covert channels offer the potential both to leak information that might be considered private and to alter the operation of the system in ways that are undesirable or unsafe. In this paper, we present two novel forms of covert channel designed to leak information from a compromised node within a secured network in ways that are statistically undetectable by other parts of that system. These two attacks rely on: modulation of transmission power, which impacts the RSSI/LQI of a message; and modulation of sensor data in a way that can be seen in the encrypted form of that data. We report the results of an extensive set of practical experiments designed to assess the channel capacity of these covert channels. Overall, this paper demonstrates that the creation of undetectable covert channels is a practical proposition in pervasive computing systems. This, in turn, has implications for key distribution: the use of individual, rather than group, keys is necessary to limit the exposure caused by a successful covert channel attack.

Keywords: radio links; radio networks; telecommunication security; ubiquitous computing; wireless channels; RSSI/LQI; channel capacity; covert channel attack; cryptographic mechanism; leak information; perimeter security; pervasive computing system; secured network; sensor data; transmission power; wireless link; wireless networks; Cryptography; Pervasive computing; Receivers; Transmitters; Wireless communication; Wireless sensor networks (ID#: 15-8307)



Hong Rong; Huimei Wang; Jian Liu; Xiaochen Zhang; Ming Xian, "WindTalker: An Efficient and Robust Protocol of Cloud Covert Channel Based on Memory Deduplication," in Big Data and Cloud Computing (BDCloud), 2015 IEEE Fifth International Conference on, pp. 68-75, 26-28 Aug. 2015. doi: 10.1109/BDCloud.2015.12

Abstract: As information security and privacy are primary concerns for most enterprises and individuals, a threat called Cross-VM (Virtual Machine) Attack certainly impedes their adoption of public or hybrid cloud computing. Specifically, Cross-VM Attack enables hostile tenants to leverage various forms of covert channels to exfiltrate sensitive information of victims on the same physical host. A new covert channel has been demonstrated by exploiting a special feature of memory deduplication which is widely used in virtualization products, that is, writing to a shared page would incur longer access delay than those non-shared. However, this sort of covert channel attack is merely considered as "potential threat" due to lack of practical protocol. In this paper, we study how to design an efficient and reliable protocol of CCCMD (Cloud Covert Channel based on Memory Deduplication). We first analyze the CCCMD working scheme in a virtualized environment, and uncover its major defects and implementation difficulties. We then build a prototype named WindTalker which overcomes these obstacles. Our experiments show that WindTalker performs much better with lower bit error rate and achieves a reasonable transmission speed adaptive to noisy environment.

Keywords: cloud computing; computer crime; cryptographic protocols; data privacy; error statistics; virtual machines; virtualisation; CCCMD protocol; WindTalker; bit error rate; cloud covert channel based on memory deduplication protocol; covert channel attack; cross-VM attack; cross-virtual machine attack; enterprises; hostile tenants; hybrid cloud computing; information privacy; information security; noisy environment; public cloud computing; robust protocol; transmission speed; virtualization products; virtualized environment; Delays; Encoding; Merging; Protocols; Receivers; Synchronization; Uncertainty; Cloud Computing; Covert Channel; Memory Deduplication; Virtualization Security (ID#: 15-8308)



Epishkina, A.; Kogos, K., "A Random Traffic Padding to Limit Packet Size Covert Channels," in Computer Science and Information Systems (FedCSIS), 2015 Federated Conference on, pp. 1107-1111, 13-16 Sept. 2015. doi: 10.15439/2015F88

Abstract: This paper observes different methods for network covert channels constructing and describes the scheme of the packet length covert channel. The countermeasure based on random traffic padding generating is proposed. The capacity of the investigated covert channel is estimated and the relation between parameter of covert channel and counteraction tool is examined. Practical recommendation for using the obtained results are given.

Keywords: channel capacity; packet size covert channels; random traffic padding; Channel capacity; Channel estimation; IP networks; Receivers; Security; Timing; Yttrium (ID#: 15-8309)



Epishkina, A.; Kogos, K., "Covert Channels Parameters Evaluation Using the Information Theory Statements," in IT Convergence and Security (ICITCS), 2015 5th International Conference on, pp.1-5, 24-27 Aug. 2015.  doi: 10.1109/ICITCS.2015.7292966

Abstract: This paper describes a packet length network covert channel and violators possibilities to build such a channel. Then the technique to estimate and limit the capacity of such channel is presented. The calculation is based on the information theory statements and helps to diminish the negative effects of covert channels in information systems, e.g. data leakage.

Keywords: information theory; telecommunication channels; covert channel parameter evaluation; information theory statements; packet length network covert channel; Channel capacity; Channel estimation; IP networks; Receivers; Security; Timing (ID#: 15-8310)



Peng Yang; Hui Zhao; Zhonggui Bao, "A Probability-Model-Based Approach to Detect Covert Timing Channel," in Information and Automation, 2015 IEEE International Conference on, pp. 1043-1047, 8-10 Aug. 2015. doi: 10.1109/ICInfA.2015.7279440

Abstract: Interest of detecting covert timing channels is increasing rapidly. A lot of exploitation has been done on the construction and detection of covert timing channels over the internet. But the detection of covert timing channels is a challenging task because legitimate network traffic is so various that it's hard to detect and distinguish. The existing detection approaches are not so effective to detect the variety of covert timing channels known to security community. In this paper, we first review some typical detection methods of covert timing channels and then evaluate every approach. After that we introduce a new model-based approach to detecting various covert timing channels. Our new approach is based on the probability model that covert timing channels have different distribution from the legitimate channels. At last, we do an experiment to confirm the effectiveness of our model-based approach. The experiment result shows that our model-based approach is sensitive to the current timing channels, and is capable of detecting them in an accurate manner.

Keywords: probability; telecommunication channels; telecommunication traffic; Internet; covert timing channel detection; network traffic; probability model; Computers; Delays; Entropy; Random variables; Security; Telecommunication traffic; covert timing channel; detection; probability-model-based (ID#: 15-8311)



Rezaei, F.; Hempel, M.; Shrestha, P.L.; Rakshit, S.M.; Sharif, H., "Detecting Covert Timing Channels Using Non-Parametric Statistical Approaches," in Wireless Communications and Mobile Computing Conference (IWCMC), 2015 International, pp. 102-107, 24-28 Aug. 2015. doi: 10.1109/IWCMC.2015.7289065

Abstract: Extensive availability and development of Internet applications and services open up the opportunity for abusing network and Internet resources to distribute malicious data and leak sensitive information. One of the prevalent information-hiding approaches suitable for such activities is known as Covert Timing Channel (CTC), which utilizes the modulation of Inter-Packet Delays (IPDs) to embed secret data and transfers that to designated receivers. In this paper, we propose two different non-parametric statistical tests that can be employed to detect this type of covert communication activities over a network. The new detection metrics are evaluated and verified against four different and highly recognized CTC algorithms. The experimental results show that the proposed detection metrics can reliably and effectively distinguish between the covert and overt traffic flows, thus significantly supporting our research toward an accurate blind and comprehensive CTC detection. This is a capability vital to cyber security in today's information society.

Keywords: Internet; computer network security; modulation; statistical analysis; CTC; IPD modulation; Internet resources; Internet services; covert communication activities; covert timing channel; cyber security; designated receivers; inter-packet delays modulation; malicious data; network resources; nonparametric statistical tests; overt traffic flows; Algorithm design and analysis; Delays; Entropy; Reliability; Telecommunication traffic; Covert Channel Detection; Covert Communication; Covert Timing Channel; Detection Fingerprints; Information Hiding (ID#: 15-8312)



Guri, M.; Monitz, M.; Mirski, Y.; Elovici, Y., "BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations," in Computer Security Foundations Symposium (CSF), 2015 IEEE 28th, pp. 276-289, 13-17 July 2015. doi: 10.1109/CSF.2015.26

Abstract: It has been assumed that the physical separation ('air-gap') of computers provides a reliable level of security, such that should two adjacent computers become compromised, the covert exchange of data between them would be impossible. In this paper, we demonstrate BitWhisper, a method of bridging the air-gap between adjacent compromised computers by using their heat emissions and built-in thermal sensors to create a covert communication channel. Our method is unique in two respects: it supports bidirectional communication, and it requires no additional dedicated peripheral hardware. We provide experimental results based on the implementation of the Bit-Whisper prototype, and examine the channel's properties and limitations. Our experiments included different layouts, with computers positioned at varying distances from one another, and several sensor types and CPU configurations (e.g., Virtual Machines). We also discuss signal modulation and communication protocols, showing how BitWhisper can be used for the exchange of data between two computers in a close proximity (positioned 0-40 cm apart) at an effective rate of 1-8 bits per hour, a rate which makes it possible to infiltrate brief commands and exfiltrate small amount of data (e.g., passwords) over the covert channel.

Keywords: computer network security; protocols; BitWhisper prototype; CPU configurations; air-gapped computers; bidirectional communication; built-in thermal sensors; communication protocols; computer network; covert communication channel; heat emissions; physical separation; sensor types; signal modulation; signaling channel; thermal manipulations; virtual machines; Central Processing Unit; Computers; Heating; Layout; Temperature sensors; air-gap; bridging; covert channel; exfiltration; infiltration; sensors; temperature (ID#: 15-8313)



Benedetto, F.; Giunta, G.; Liguori, A.; Wacker, A., "A Novel Method for Securing Critical Infrastructures by Detecting Hidden Flows of Data," in Communications and Network Security (CNS), 2015 IEEE Conference on, pp. 648-654, 28-30 Sept. 2015. doi: 10.1109/CNS.2015.7346881

Abstract: This work introduces a novel method for securing critical infrastructures. We propose an innovative hypothesis test for intrusion detection in data communications. In particular, we detect the presence or absence of a covert (i.e. hidden) timing channel. We devised a new testing procedure, namely the Weibullness test, that statistically measures how much the series under investigation (inter-arrival times of the received packets) fits Weibull vs. non-Weibull models. This is equivalent to differentiating between the cases of legitimate and covert data communications. The achieved results show the robustness of this innovative test versus the conventional shape and regularity tests, even in presence of short-lived covert communications for intrusion detection in data communications.

Keywords: Conferences; Data communication; Shape; Testing; Timing; Weibull distribution; Yttrium; Covert timing channels; Detection methods; Performance analysis; Regularity test; Shape test (ID#: 15-8314)



Hong Zhao; Minxiou Chen, "WLAN Covert Timing Channel Detection," in Wireless Telecommunications Symposium (WTS), 2015, pp. 1-5, 15-17 April 2015. doi: 10.1109/WTS.2015.7117246

Abstract: Wireless LANs have been widely used to carry out a system to access Internet. WLAN security becomes mission one, especially a new type of attacks called covert channel based attack surfaced over the past few years. This attack uses different data rates provided in WLAN to transmit a secret message. Detecting this covert channel could be difficult due to existence of rate diversity in 802.11 WLAN. Multiple transmission data rates are supported to exploit the trade-off between obtaining the highest possible data rate and trying to minimize the number of communication errors. In this paper, a feature modal is proposed to form possible hypotheses and then statistic hypothesis testing is applied. Simulation results on publicly available WLAN traffic show that our proposed approach could achieve 100% detection rate.

Keywords: Internet; computer network security; message authentication; signal detection; statistical analysis; telecommunication traffic; wireless LAN; wireless channels; IEEE 802.11 standard; Internet; WLAN covert timing channel detection; WLAN traffic; communication error minimization; secret message transmission; statistic hypothesis testing; wireless local area network security; IEEE 802.11 Standards; Monitoring; Security; Testing; Timing; Wireless LAN; Wireless communication (ID#: 15-8315)



Rezaei, Fahimeh; Hempel, Michael; Shrestha, Pradhumna Lal; Rakshit, Sushanta Mohan; Sharif, Hamid, "A Novel Covert Timing Channel Detection Approach For Online Network Traffic," in Communications and Network Security (CNS), 2015 IEEE Conference on, pp. 737-738, 28-30 Sept. 2015. doi: 10.1109/CNS.2015.7346911

Abstract: In this paper, we propose a novel Covert Timing Channel (CTC) detection method that leverages computationally low-cost statistical measures to precisely detect covert communication, using only minimum network traffic knowledge. The proposed detection approach utilizes three different non-parametric statistical tests to classify overt and covert inter-packet delays.

Keywords: Computers; Delays; History; Image edge detection; Knowledge engineering; Telecommunication traffic (ID#: 15-8316)



Qingfeng Tan; Jinqiao Shi; Binxing Fang; Wentao Zhang; Xuebin Wang, "Stegop2p: Oblivious User-Driven Unobservable Communications," in Communications (ICC), 2015 IEEE International Conference on,  pp.7126-7131, 8-12 June 2015. doi: 10.1109/ICC.2015.7249463

Abstract: With increasing concern for erosion of privacy, privacy preserving and censorship-resistance techniques are becoming more and more important. Anonymous communication techniques offer an important method defending against Internet surveillance, but these techniques don't conceal themselves when used. In this paper, we propose StegoP2P, an unobservable communication system with Internet users in overlay network that relies on Innocent users' oblivious data downloading, StegoP2P works by deploying a end-to-middle proxies, which inspect special steganography flows from StegoP2P users to innocent-looking destinations and mirror them to the true destination requested by oblivious P2P users. The hidden communication is indistinguishable from normal network communications to any adversaries without a private key, hence, making the StegoP2P clients unobservable. We have developed a proof-of-concept application based on Vuze and conducted evaluations through experiments.

Keywords: Internet; overlay networks; peer-to-peer computing; steganography; Internet users; StegoP2P; Vuze proof-of-concept application; end-to-middle proxy; hidden communication; innocent users oblivious data downloading; innocent-looking destinations; normal network communications; oblivious user-driven unobservable communications; overlay network; steganography; Censorship; IP networks; Internet; Peer-to-peer computing; Protocols; Security; Servers; Censorship-resistant; Covert channel; Steganography; Unobservable communication (ID#: 15-8317)



Hussain, Rasheed; Kim, Donghyun; Tokuta, Alade O.; Melikyan, Hayk M.; Oh, Heekuck, "Covert Communication Based Privacy Preservation in Mobile Vehicular Networks," in Military Communications Conference, MILCOM 2015 - 2015 IEEE, pp. 55-60, 26-28 Oct. 2015. doi: 10.1109/MILCOM.2015.7357418

Abstract: Due to the dire consequences of privacy abuse in vehicular ad hoc network (VANET), a number of mechanisms have been put forth to conditionally preserve the user and location privacy. To date, multiple pseudonymous approach is regarded as one of the best effective solutions where every node uses multiple temporary pseudonyms. However, recently it has been found out that even multiple pseudonyms could be linked to each other and to a single node thereby jeopardizing the privacy. Therefore in this paper, we propose a novel identity exchange-based approach to preserve user privacy in VANET where a node exchanges its pseudonyms with the neighbors and uses both its own and neighbors' pseudonym randomly to preserve privacy. Additionally the revocation of the immediate user of the pseudonym is made possible through an efficient revocation mechanism. Moreover the pseudonym exchange is realized through covert communication where a side channel is used to establish a covert communication path between the exchanging nodes, based on the scheduled beacons. Our proposed scheme is secure, robust, and it preserves privacy through the existing beacon infrastructure.

Keywords: Cryptography; Privacy; Standards; Transmission line measurements; Vehicles; Vehicular ad hoc networks; Beacons; Conditional Privacy; Covert Communication; Pseudonyms; VANET (ID#: 15-8318)



Ligong Wang; Wornell, G.W.; Lizhong Zheng, "Limits of Low-Probability-of-Detection Communication Over a Discrete Memoryless Channel," in Information Theory (ISIT), 2015 IEEE International Symposium on, pp. 2525-2529, 14-19 June 2015. doi: 10.1109/ISIT.2015.7282911

Abstract: This paper considers the problem of communication over a discrete memoryless channel subject to the constraint that the probability that an adversary who observes the channel outputs can detect the communication is low. Specifically, the relative entropy between the output distributions when a codeword is transmitted and when no input is provided to the channel must be sufficiently small. For a channel whose output distribution induced by the zero input symbol is not a mixture of the output distributions induced by other input symbols, it is shown that the maximum number of bits that can be transmitted under this criterion scales like the square root of the blocklength. Exact expressions for the scaling constant are also derived.

Keywords: channel coding; entropy codes; signal detection; steganography; codeword transmission; discrete memoryless channel; entropy; low-probability-of-detection communication limits; scaling constant; steganography; zero input symbol; AWGN channels; Channel capacity; Memoryless systems; Receivers; Reliability theory; Transmitters; Fisher information; Low probability of detection; covert communication; information-theoretic security (ID#: 15-8319)



Mehic, M.; Slachta, J.; Voznak, M., "Hiding Data in SIP Session," in Telecommunications and Signal Processing (TSP), 2015 38th International Conference on, pp. 1-5, 9-11 July 2015. doi: 10.1109/TSP.2015.7296445

Abstract: Steganography is method of hiding data inside of existing channels of communications. SIP is one of the key protocols used to implement Voice over IP. It is used for establishing, managing and termination of the communication session. During the call, SIP is used for changing parameters of the session as well as for the transfer of DTMF or instant messages. We analyzed scenario where two users (Alice and Bob) want to exchange hidden message via SIP protocol. Their call is established over Kamailio, SIP Proxy server. We were interested in a number of SIP messages that are exchanged during the call with an average duration of 60 seconds. Then we used SNORT IDS with hard coded rules and AD.SNORT (Anomaly Detection) for detecting irregularities while we increased the number of SIP messages. Finally, we calculated the available steganographic bandwidth, amount of hidden data that can be transferred in these messages. The results obtained from the experiments show that it is possible to create a covert channel over SIP with bandwidth of several kbps.

Keywords: Internet telephony; protocols; steganography; AD.SNORT; Kamailio; SIP Proxy server; SIP protocol; SIP session; SNORT IDS; Voice over IP; anomaly detection; data hiding; hard coded rules; key protocols; steganography; Bandwidth; Floods; Generators; IP networks; Protocols; Servers; Telecommunication traffic; Anomaly Detection; Kamailio; Proxy; SIP; Steganography; VoIP (ID#: 15-8320)



Ummenhofer, M.; Schell, J.; Heckenbach, J.; Kuschel, H.; O'Hagan, D.W., "Doppler Estimation for DVB-T Based Passive Radar Systems on Moving Maritime Platforms," in Radar Conference (RadarCon), 2015 IEEE, pp. 1687-1691, 10-15 May 2015. doi: 10.1109/RADAR.2015.7131270

Abstract: PR (Passive Radar) systems using digital broadcasting services such as DVB-T (Digital Versatile Broadcasting - Terrestrial) transmission as illuminators represent surveillance solutions which have rapidly evolved and matured over recent years. PR systems typically use coherent integration time in the order of a few hundred milliseconds to acquire enough dynamic for the detection of moving objects. This is done under the assumption that both the illuminator of opportunity and the receiver stay static during this time period. However, advances in miniaturization of high performing computers and data storage devices allowed the design of PR systems that are compact enough to be operated onboard of moving platforms such as cars [1] and airplanes [2], [3]. Deploying PR systems on maritime platforms could enable covert surveillance of small land or sea based targets in littoral environment. A receiver mounted on such a platform may be subjected to highly non-linear motions. In this case a reference signal generated under the assumption of a static scenario may de-correlate from measured Doppler shifted surveillance channel and consequently degrade the PR systems detection performance. Compensation of these detrimental effects requires highly sampled and accurate measurements of the vessels Doppler shift with respect to the transmitter. To study these effects a two channel PR system for DVB-T broadcast reception has been deployed on a small boat to acquire platform motion data in a littoral environment. Based on the data gathered in this trial, a robust method for the Doppler estimation was developed, which uses the DVB-T standards OFDM (Orthogonal Frequency Division Multiplexing) signal features. The validity of this approach is verified with data gathered simultaneously from onboard IMU (Internal Motion Units) data.

Keywords: Doppler radar; OFDM modulation; marine radar; object detection; passive radar; radar receivers; radar transmitters; DVB-T based passive radar systems; Doppler estimation; Doppler shifted surveillance channel; IMU; OFDM; PR systems detection performance; data storage devices; digital broadcasting services; digital versatile broadcasting terrestrial transmission; internal motion units data; littoral environment; maritime platforms; nonlinear motions; object detection; orthogonal frequency division multiplexing; receiver; reference signal generation; signal features; transmitter; Clocks; Digital video broadcasting; Doppler effect; OFDM; Passive radar; Receivers; Transmitters (ID#: 15-8321)



Yichao Jia; Guangjie Liu; Lihua Zhang, "Bionic Camouflage Underwater Acoustic Communication Based on Sea Lion Sounds," in Control, Automation and Information Sciences (ICCAIS), 2015 International Conference on, pp. 332-336, 29-31 Oct. 2015. doi: 10.1109/ICCAIS.2015.7338688

Abstract: In military confrontation, traditional underwater acoustic communication techniques with fixed frequency and modulation fashion are likely to result in the exposure of the submarine's position. It is helpful for enhance the submarine's concealment to use the sea background noise as carrier to perform communication. In this paper, a novel covert underwater communication method based on sea lion sounds is proposed. Properties of sea lion sounds are investigated firstly. According to the analysis result, sea lion click sound is used as information carrier and whistles are used as synchronization. Information is modulated on the compressed click based on the dual-orthogonal modulation method. For improving the receiving SNR, the channel equalization is performed by passive time reversal mirror technique, whereas channel estimation is done through matching pursuit method under the theory of compressed sensing. The efficiency and feasibility of the proposed method are verified by the simulation.

Keywords: biocybernetics; channel estimation; compressed sensing; frequency modulation; military communication; synchronisation; underwater acoustic communication; wireless channels; bionic camouflage underwater acoustic communication; channel equalization; channel estimation; compressed sensing theory; dual-orthogonal modulation method; frequency modulation; matching pursuit method; military confrontation; passive time reversal mirror technique; receiving SNR improvement; sea background noise; sea lion sound; submarine concealment enhancement; submarine position exposure; synchronization; Channel estimation; Correlation; Frequency modulation; Matching pursuit algorithms; Synchronization; Underwater acoustics; bionic; covert; sea lion; underwater acoustic communication (ID#: 15-8322)



Ligong Wang; Wornell, G.W.; Lizhong Zheng, "Limits of Low-Probability-of-Detection Communication Over a Discrete Memoryless Channel," in Information Theory (ISIT), 2015 IEEE International Symposium on, pp. 2525-2529, 14-19 June 2015. doi: 10.1109/ISIT.2015.7282911

Abstract: This paper considers the problem of communication over a discrete memoryless channel subject to the constraint that the probability that an adversary who observes the channel outputs can detect the communication is low. Specifically, the relative entropy between the output distributions when a codeword is transmitted and when no input is provided to the channel must be sufficiently small. For a channel whose output distribution induced by the zero input symbol is not a mixture of the output distributions induced by other input symbols, it is shown that the maximum number of bits that can be transmitted under this criterion scales like the square root of the blocklength. Exact expressions for the scaling constant are also derived.

Keywords: channel coding; entropy codes; signal detection; steganography; codeword transmission; discrete memoryless channel; entropy; low-probability-of-detection communication limits; scaling constant; steganography; zero input symbol; AWGN channels; Channel capacity; Memoryless systems; Receivers; Reliability theory; Transmitters; Fisher information; Low probability of detection; covert communication; information-theoretic security (ID#: 15-8323)



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modification.