Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CONNECTION: COvert chaNnel NEtwork attaCk Through bIt-rate mOdulatioN

Simone Soderi, Rocco De Nicola

TL;DR

This work introduces a covert timing channel that uses bit-rate modulation to encode data across WAN connections. It designs a sender/receiver pair that modulates network throughput as the information carrier, modeled in terms of a Binary Symmetric Channel with $C= \max_{P} I(X;Y) = 1 - H(p)$ and bit-error probability $p$. In a cyber-range testbed, the approach achieves up to $5$ $bps$ and a channel capacity of up to $0.9239$ $bps/Hz$, demonstrating robustness to jitter, latency, and coexistence with legitimate traffic. The study highlights detection challenges, discusses practical mitigation considerations, and emphasizes the need for network defenses that monitor throughput envelope fluctuations to counter such covert channels.

Abstract

Covert channel networks are a well-known method for circumventing the security measures organizations put in place to protect their networks from adversarial attacks. This paper introduces a novel method based on bit-rate modulation for implementing covert channels between devices connected over a wide area network. This attack can be exploited to exfiltrate sensitive information from a machine (i.e., covert sender) and stealthily transfer it to a covert receiver while evading network security measures and detection systems. We explain how to implement this threat, focusing specifically on covert channel networks and their potential security risks to network information transmission. The proposed method leverages bit-rate modulation, where a high bit rate represents a '1' and a low bit rate represents a '0', enabling covert communication. We analyze the key metrics associated with covert channels, including robustness in the presence of legitimate traffic and other interference, bit-rate capacity, and bit error rate. Experiments demonstrate the good performance of this attack, which achieved 5 bps with excellent robustness and a channel capacity of up to 0.9239 bps/Hz under different noise sources. Therefore, we show that bit-rate modulation effectively violates network security and compromises sensitive data.

CONNECTION: COvert chaNnel NEtwork attaCk Through bIt-rate mOdulatioN

TL;DR

This work introduces a covert timing channel that uses bit-rate modulation to encode data across WAN connections. It designs a sender/receiver pair that modulates network throughput as the information carrier, modeled in terms of a Binary Symmetric Channel with and bit-error probability . In a cyber-range testbed, the approach achieves up to and a channel capacity of up to , demonstrating robustness to jitter, latency, and coexistence with legitimate traffic. The study highlights detection challenges, discusses practical mitigation considerations, and emphasizes the need for network defenses that monitor throughput envelope fluctuations to counter such covert channels.

Abstract

Covert channel networks are a well-known method for circumventing the security measures organizations put in place to protect their networks from adversarial attacks. This paper introduces a novel method based on bit-rate modulation for implementing covert channels between devices connected over a wide area network. This attack can be exploited to exfiltrate sensitive information from a machine (i.e., covert sender) and stealthily transfer it to a covert receiver while evading network security measures and detection systems. We explain how to implement this threat, focusing specifically on covert channel networks and their potential security risks to network information transmission. The proposed method leverages bit-rate modulation, where a high bit rate represents a '1' and a low bit rate represents a '0', enabling covert communication. We analyze the key metrics associated with covert channels, including robustness in the presence of legitimate traffic and other interference, bit-rate capacity, and bit error rate. Experiments demonstrate the good performance of this attack, which achieved 5 bps with excellent robustness and a channel capacity of up to 0.9239 bps/Hz under different noise sources. Therefore, we show that bit-rate modulation effectively violates network security and compromises sensitive data.
Paper Structure (13 sections, 1 equation, 9 figures, 1 table, 2 algorithms)

This paper contains 13 sections, 1 equation, 9 figures, 1 table, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Covert Channel Characteristics
  4. Brief Overview of Enterprise Networks
  5. Related Works
  6. Attacker Model
  7. Bit-rate modulation as Covert Channel
  8. Covert Sender
  9. Covert Receiver
  10. Evaluation of the Covert Channel
  11. Results of Adversary Emulation in the cyber range
  12. Discussion
  13. Conclusions

Figures (9)

  • Figure 1: Binary Symmetric Channel model.
  • Figure 2: Overview of service and enterprise networks.
  • Figure 3: Attack model where the WAN can be an enterprise network or the Internet. Sender and Receiver are two devices connected through the WAN.
  • Figure 4: Covert channel (CONNECTION) deployed in a cyber-range.
  • Figure 5: Transmission of a bitstream (preamble and data) over the covert channel.
  • ...and 4 more figures