Designing Rich-Secure Network Covert Timing Channels Based on Nested Lattices

Abstract

As the youngest branch of information hiding, network covert timing channels conceal the existence of secret messages by manipulating the timing information of the overt traffic. The popular model-based framework for constructing covert timing channels always utilizes cumulative distribution function (CDF) of the inter-packet delays (IPDs) to modulate secret messages, whereas discards high-order statistics of the IPDs completely. The consequence is the vulnerability to high-order statistical tests, e.g., entropy test. In this study, a rich security model of covert timing channels is established based on IPD chains, which can be used to measure the distortion of multi-order timing statistics of a covert timing channel. To achieve rich security, we propose two types of covert timing channels based on nested lattices. The CDF of the IPDs is used to construct dot-lattice and interval-lattice for quantization, which can ensure the cell density of the lattice consistent with the joint distribution of the IPDs. Furthermore, compensative quantization and guard band strategy are employed to eliminate the regularity and enhance the robustness, respectively. Experimental results on real traffic show that the proposed schemes are rich-secure, and robust to channel interference, whereas some state-of-the-art covert timing channels cannot evade detection under the rich security model.

1. Introduction

Network covert timing channel is a timing channel that transfers covert information over anetwork [1], it conceals the very existence of secret messages by hiding them in open overtcommunication channels [2]. As the youngest branch of information hiding, covert timing channels have no limit on the amount of cover information, and allow for covert information to be transmitted over long periods of time when compared to information hiding in media files [3]. Thus, finding the starting and ending times of the covert timing channel are difficult and further detection is more challenging. Network covert timing channels can be carried out by adjusting the transmission rate or manipulating the inter-packet delays (IPDs) [4-6]. The secretmessages are modulated into the timing information of overt traffic, predominantly into the IPDs. Advances in the coding theory and high-speed networks have spurred interest in the development of various types of covert timing channels.

As the goal of network covert timing channel is to transmit information between the senderand receiver without being detected by the warden, the fundamental design principle is to alterthe characteristics of IPDs as slightly as possible while preventing the channel disruptions, such as timing perturbation or packet loss. Undetectability and robustness are two main performance metrics of covert timing channels. The undetectability means that the wardencannot distinguish between legitimate and covert traffic using statistical detection tools suchas Kolmogorov-Smirnov (K-S) test [7], Kullback-Leibler divergence (KLD) test [8], andentropy test [9]. Robustness refers to the ability of the covert timing channel to cope with thenetwork jitter inherent in the communication channels.

IPDs have been regarded as the common carriers of network covert timing channels as they are basic units of traffic timing information. Earlier IPD-based scheme modulates the secretmessage by adding different delays to each IPD according to the secret message bits [10], which results in the significant degradation of normal communication. Later, the distribution of IPDs of cover traffic is considered in the design of covert timing channels [11, 12]. Amodel-based covert timing channel is proposed to mimic the statistical properties of legitimatetraffic, which modulates the secret message based on the empirical cumulative distribution function (CDF) of the IPDs of the cover traffic [12]. It is regarded model-secure though the security model is very rough. To consider robustness in the design of covert timing channels, many studies have employed various types of coding schemes to improve the robustness of covert timing channels. In [13, 14], spreading codes are used to strengthen the robustness of the covert timing channel with the assumption that IPDs are independent and identically distributed (i.i.d.). Later on, different error-correcting codes are used incorporated with model-based modulation in CoC [15], and Fountain codes are used to generate encoded symbols continuously until the receiver sucessfully demodulates the secret message [16]. Furthermore, trellis-based adaptive modulation [17] and analog fountain timing channels [6]are proposed to achieve the tradeoff between robustness and undetectability.

Model-based covert timing channels typically consider i.i.d. IPDs. Nevertheless, IPDs of most real traffic are not i.i.d. which makes the covert timing channel vulnerable to regularity orentropy test. To avoid detection based on regularity, Mimic scheme is proposed to learn aboutshape and regularity properties to resist regularity test [18]. Liquid scheme is proposed tosmooth out the shape distortion to resist entropy test [19]. However, the modeling parameters need to be shared frequently and they can only realize model-fitting within limited order.

The main motivation of this study can be described as follows: In the design of existing covert timing channels, undetectability is usually studied based on the security modelestablished from one-order statistics of IPDs (e.g., cumulative distribution function or probability distribution function), whereas high-order statistics of IPDs are always discarded completely. In actual fact, this inchoate security model works under the assumption that the IPDs of network traffic are i.i.d.. Meeting the goal of undetectability still remains challenging, as the multi-order statistics of the IPDs of cover traffic cannot be retained after modulation. Todesign secure covert timing channels under a more general security criterion, we discuss anovel security model that exploits the correlation of IPDs, and study the message modulation methods under this model.

In this study, we first construct a rich security model of covert timing channel based on IPD chains, which can be used to measure the multi-order statistical distortion of IPDs. To achieveundetectability under the rich security model, we then propose two rich-secure covert timing channel schemes based on nested lattices. The dot-lattice and interval-lattice are constructed to quantize the secret messages, respectively. We also employ compensative quantization and guard band strategy to enhance the quantization performance. At the sender, the secretmessage bits are first encoded into Q-ary symbols. Then, the empirical CDF of the IPDs of thelegitimate traffic is established from the captured traffic samples, which can be used togenerate Q coarse lattices. Each encoded symbol can be modulated based on the corresponding coarse lattice according to its symbol value. We construct two types of nested lattices including dot-lattice and interval-lattice. Compensative quantization and guard band strategy are incorporated with dot-lattice quantization and interval-lattice quantization, respectively. The former aims to remove the quantization regularity and the latter aims to enhance the robustness.

The following are the key contributions of this study:

1) We propose a new general security model which can measure the multi-order statistical distortion of covert timing channels. It can be viewed as the development of polynomial security model and KLD for multi-order IPD chains.

2) We propose a new framework to design covert timing channels that are rich-secure, two types of nested lattices are constructed to quantize secret messages based on the CDF of the IPDs, and they can be easily combined with existing robustness-enhancing strategies.

3) We present detailed comparative analysis of the proposed covert timing channelschemes with several types of state-of-the-art covert timing channels.

The rest of the paper is organized as follows. In the next section, we give a brief review of existing network covert timing channels. In Section 3, we give the description of the proposed rich security model of covert timing channels. Then, in Section 4 and Section 5, we introducethe design of the covert timing channel based on dot-lattice and that based on interval-lattice, respectively. Experimental results and analysis are presented in Section 6. Finally, in Section 7, we give a conclusion for this paper and discuss the future work.

2. Related Work

The basic requirements of a network covert timing channel are undetectability and robustness. Undetectability implies that the warden cannot identify the existence of a covert timing channel by distinguishing between the legitimate and covert traffic. If there exists a negligible function \(v(\delta)\) such that \(\left|T(\mathbf{d})-T\left(\mathbf{d}_{s}\right)\right| \leq v(\delta)\) for some probabilistic polynomial-timestatistical test T [13], a covert timing channel can be termed Polynomial Undetectableregarding a security parameter δ, where d and d_s denote arbitrary N samples of IPDs of the legitimate traffic and covert traffic, respectively. On the other side, a covert timing channel may be exposed to both inherent and intentional channel noise. Robustness refers to the capability of correctly receiving the secret message at the receiver in spite of the inherent and maliciously added interference. It is usually measured in terms of bit error rate (BER) for agiven covert transmission rate under channel noise including the common additive white Gaussian noise (AWGN) and real channel noise [14]. The covert transmission rate is defined as the average number of message bits transmitted per packet.

Due to their application scenarios, undetectability has been regarded as the most important performance metric of covert timing channels since the birth of this technique. Covert timing channels can be categorized as three types: rate-based [4, 20], packet-reordering-based [21, 22], and IPD-bas, and IPD-based [6, 17]. Among them, IPD-based covert timing channel is the main focus of the theoretical and implemention studies on covert timing channel. Therefore, we only discuss IPD-based covert timing channel in this study.

To achieve undetectability, a TCP-based covert timing channel called TCPScript first takes the TCP’s normal burstiness patterns into consideration. It embeds secret messages into the TCP burst size [11]. The capacity as well as robustness are evaluated, whereas no solution to improve them can be given. Another IPD-based covert timing channel targeting interactive SSH traffic considers a two-state Markov Modulated Possion Process (MMPP) model of thelegitimate traffic to guarantee the designed covert timing channel satisfying the requirementon undetectability [23]. Time-replay strategy is also employed to maintain the property of thelegitimate traffic. A time-replay covert timing channel utilizes a previously recorded sequence of timing intervals to transmit secret messages [24]. The recorded sequence is partitioned according to the size of the message alphabet, and each partition is then associated with amessage symbol. A secret message symbol is modulated by randomly choosing a timinginterval from the corresponding partition.

To further improve the undetectability, a general model-based framework to designundetectable covert timing channels was proposed to mimic the statistical properties of thelegitimate traffic [12], predominantly to mimic the empirical CDF of the IPDs of thelegitimate traffic. The framework consists of filter, analyzer, encoder, and transmitter. The filter and analyzer are designed to characterize the features of the legitimate traffic and adjust the model to fit with the features. Then the encoder and transmitter are used to generate the covert traffic with IPD distribution which is consistent to the model. This framework has beenemployed in many subsequent schemes [5, 15-17]. However, the requirement for the adjusted model to be shared between the sender and the receiver limits the sender’s ability to adapt tochanges in the IPD distribution of the application traffic.

In our prior work [6], we have addressed the problem of model updating based on a general model-fitting framework using analog fountain codes (AFC), which allows the sender tochange the target model without synchronizing with the receiver. Analog fountain timing channel based on symbol transition and that based on symbol split were proposed to achieveboth undetectability and robustness. In our another prior work [25], a covert timing channel with distribution matching was proposed. The legitimate traffic is partitioned into fixed-length fragements and all IPDs in a fragements are used to derive the IPD histogram, then the histogram is matched after the secret messages are encoded into IPDs. Later, a model-based covert timing channel with a trellis structure at the modulation stage of the sender and at theiterative demodulation stage of the receiver was proposed in [17]. It provides an adaptivemodulation scheme to improve the robustness without any loss of undetectability.

Due to the inherent channel noise (e.g., timing perturbation, packet loss) and maliciously added network jammers, achieving robustness along with undetectability is a challenging task. Many studies have employed various of coding schemes to improve the robustness of coverttiming channels. In [18], a simple Geometric code in conjunction with pseudo random generators is employed to establish a provable undetectable timing channel scheme for i.i.d. traffic [26]. However, the protection level of the secret message needs to be further enhanced as it can only operate under a strong assumption that the network jitter is bounded in areasonable scope. In [13, 14], an IPD-based covert timing channel using spread codes was proposed to make the covert timing channel robust under no assumption of the network jitter, whereas the capacity is low and a Cryptographically Secure Pseudo Random Number Generator (CSPRNG) is required to guarantee model security. Next, a serial of error correcting codes are employed incorporated with model-based framework to achieveundetectability and robustness in CoCo scheme [15], and the performance of different codes are comparatively analyzed. Besides the finite codes, LT codes are also employed to improvethe robustness of covert timing channels [16, 27], the encoded message bits are then modulated into the IPDs based on empirical CDF of the IPDs of the legitimate traffic, which can continually generate code symbols until the secret message is decoded correctly at thereceiver. In addition, some entropy coding such as Huffman coding is also applied to compress the covert timing channel, whereas the robustness analysis is not given in their work [28].

Above all, there have been many state-of-the-art studies that achieve undetectability androbustness. However, the undetectability usually relies on the security model established from cumulative distribution function (CDF) or probability mass function (PMF) of the IPDs of thelegitimate traffic. The statistical model is used to generate an i.i.d. IPD sequence which is distributed in constitent with the empirical CDF or PMF. As we know, in a generic coverttiming channel system, the source and the destination are two end-points of some overtapplication. The source is the overt sender which generates a packet stream (referred to as legitimate traffic) which is transmitted to the destination (overt receiver) over a multihopnetwork. The covert sender and the covert receiver are the end-points of the timing channel. They can be implemented in network elements in the path between the source and the destination or they can be integrated with the source and the destination. Therefore, in a coverttiming channel constructed with a empirical CDF or PMF model, the timing sequence of the overt traffic will be manipulated according to the model, whereas no high-order property can be reserved. These covert timing channels are indeed cover-irrelevant but only related to a first-order statistical model of the IPDs of the legitimate traffic. This limitation on security model has led to the vulnerability to some high-order statistical tests such as the entropy test[9].

Consequently, the problem of maintaining multi-order property of IPDs of the legitimatetraffic is still a challenging task. A feasible solution to this problem is to design cover-relevant covert timing channel which can reserve multi-order property as much as possible, whileensuring the secret messages being correctly received. In this study, we first establish a rich security model of covert timing channels, which can measure the multi-order statistical distortion of the IPD sequence. Next, we propose a new general framework to design coverttiming channels considering multi-order security.

3. Rich Security Model Based on IPD Chains

The undetectability of a covert timing channel is closely relevant to the security model. Mostof existing model-secure covert timing channels are indeed only undetectable under a very weak security model, e.g., to measure the KLD between the CDF of the IPDs of the coverttraffic and the modeled CDF. To the best of our knowledge, there still exist no work to give ageneric security model of covert timing channels which covers each order statistic of the IPDs. Therefore, we give a rich security model for covert timing channels based on IPD chains in this section, which can measure the capability of maintaining multi-order statistical property of the IPDs of the overt traffic.

For given samples of overt traffic C , let \(\text { let } \mathbf{d}=\left\{d_{i}\right\}_{i=1}^{n}\) be the IPDs, where n is the number of the IPDs, d_max and d_min denote the maximal and minimal IPD value, respectively. Let \(F(x)=\operatorname{Pr}\left(d_{i}, denote the CDF of the IPDs, and \(F^{-1}(\cdot)\) is the inverse CDF. Then, we divide the interval \(\left[d_{\min }, d_{\max }\right]\) into N subintervals \(\Omega_{1}, \Omega_{2}, \dots, \Omega_{N}\) by

\(\Omega_{i}=\left\{\begin{array}{ll} {\left[d_{\min }, F^{-1}\left(\frac{1}{N}\right)\right],} & {i=1} \\ {\left(F^{-1}\left(\frac{i-1}{N}\right), F^{-1}\left(\frac{i}{N}\right)\right],} & {i=2, \ldots, N} \end{array}\right.\)       (1)

We define a function G, which can map arbitrary real-value in a subinterval Ω_i to the corresponding subinterval index i . The index sequence \(\mathbf{g}=\left\{G\left(d_{i}\right)\right\}_{i=1}^{n}=\left\{g_{i}\right\}_{i=1}^{n}\) can be obtained from the function G and the IPD sequence, where \(g_{i} \in\{1,2, \ldots, N\}\)

To establish a multi-order security model of covert timing channels, we regard IPD chains as the basic units in the measurement of multi-order property of the IPDs. In fact, conditionalentropy based on IPD chains have proven to be an effective characteristic to detect the existence of some model-based covert timing channels in entropy test scheme. Arbitrary successive \(M \operatorname{IPDs}\left\{d_{k}\right\}_{k=i}^{i+M-1}\) can form a M-order IPD chain. Similar to the first-order statistics such as CDF or PMF, the multi-order statistics of the IPDs of the legitimate traffic have the property of shape-stability in large time scale and irregularity in small time scale.

In our proposed security model, joint distribution probabilities of the corresponding indices of IPD chains are incorporated with accumulated KLD to measure the multi-order statistical distortion of the IPD sequence of a covert timing channel. The joint distribution probability of the corresponding indices of IPD chains is defined by

\(\mathrm{P}\left(K_{1}, K_{2}, \ldots, K_{M}\right)=\operatorname{Pr}\left(G\left(d_{j}\right)=K_{1}, G\left(d_{j+1}\right)=K_{2}, \ldots, G\left(d_{j+M-1}\right)=K_{M}\right)\)       (2)

where \(K_{i} \in\{1,2, \ldots, N\}, j=1, \ldots,(n-M+1)\). Based on polynomial security model and KLD, the rich security model of covert timing channels can be defined as follows:

Rich security model: For arbitrary IPD sequence \(\mathbf{d}^{C}=\left\{d_{i}^{C}\right\}_{i=1}^{n}\) of legitimate traffic, andarbitrary IPD sequence \(\mathbf{d}^{S}=\left\{d_{i}^{S}\right\}_{i=1}^{n}\) of covert traffic with enough large length n, a coverttiming channel can be regarded as rich secure with respect to security parameter vector when (3) is satisfied, T denotes the maximal order of the rich security model.

\(Q_{q}=\sum_{\left.\kappa_{1}, x_{1}, x_{2}, x_{2}, \ldots, n\right\}} P_{s}\left(K_{1}, K_{2}, \ldots, K_{q}\right) \log \frac{P_{s}\left(K_{1}, K_{2}, \ldots, K_{q}\right)}{P_{c}\left(K_{1}, K_{2}, \ldots, K_{q}\right)} \leq \delta_{q}, 1 \leq q \leq T\)       (3)

where P_C and P_S denote the joint distribution probability of the indices of IPD chains in thelegitimate and covert traffic, respectively. Q_q denotes the q-th order accumulated distortion, specifically, Q₁ denotes the KLD between the distribution of the IPDs of the legitimate trafficand that of the covert traffic. It is apparent that the rich security model can be employed todetect most existing model-based covert timing channels.

4. Covert Timing Channels Based on Dot-Lattice

According to the above rich security model, a critical criterion to design undetectable coverttiming channels is to ensure the accumulated distortion as imperceptible as possible. Therefore, cover-relevant covert timing channels have significant superiority when compared with cover-irrelevant ones that generate IPD using an empirical CDF. Nested lattice codes are a family of codes which can asymptotically achieve the Wyner-Ziv limit [29]. There exists duality between Wyner-Ziv coding and information embedding [30]. Thus, we design twotypes of nested lattices using CDF of IPDs of the legitimate traffic to operate rich-securecovert timing channels: dot-lattice and interval-lattice. Compensative quantization and guard band strategy are employed to remove the regularity and to enhance the robustness, respectively.

In this section, we give the general framework to design a rich-secure covert timing channel. A dot-lattice is constructed by choosing serials of structured dot sets according to the CDF of the IPDs of the legitimate traffic. The framework of the proposed covert timing channelscheme based on dot-lattice is shown in Fig. 1, which depicts the example of nested dot-lattices when the coarse lattice number K = 2. It mainly consists of dot-lattice constructor, quantizer, and decoder.

 

Fig. 1. Covert timing channel framework based on dot-lattice

For a given CDF  F(⋅) of the IPDs of the legitimate traffic and the number of the coarselattices K , the coarse lattice set \(\left(\boldsymbol{\Lambda}_{1}, \ldots, \boldsymbol{\Lambda}_{K}\right)\) can be constructed through a dot-lattice constructor, and the fine lattice \(\mathbf{\Lambda}=\bigcup_{i=1}^{K} \mathbf{\Lambda}_{i}\) , each coarse lattice \(\boldsymbol{\Lambda}_{i}=\left\{\tau_{i, j} | j=1, \ldots, n_{i}\right\}\) contains in lattice dots.

For simplicity, we assume that each coarse lattice Λ_i is composed of L lattice dots, namely, in \(n_{i}=L, i=1, \ldots, K\) In order to guarantee the distribution of the lattice dots similar to that of the IPDs of the legitimate traffic and maximize the minimum distance betweenarbitrary two coarse lattices, each coarse lattice Λ_i is constructed by choosing L sampling points from the CDF curve, \(\left(x_{i, 1}, y_{i, 1}\right), \ldots,\left(x_{i, L}, y_{i, L}\right)\), where \(y_{i, j}=F\left(x_{i, j}\right), i=1, \ldots, K\) , \(j=1, \ldots, L\) . Each sampling point is determined by  

\(\left\{\begin{array}{l} {y_{i, j}=(j-1) / L+(i-1) /(L \cdot K)} \\ {x_{i, j}=F^{-1}\left(y_{i, j}\right)} \end{array}\right.\)       (4)

Each coarse dot-lattice contains L sampling values, \(\mathbf{\Lambda}_{i}=\left\{x_{i, 1}, \ldots, x_{i, L}\right\}\) . With the nested dot-lattice, the secret message bits \(\mathbf{m} \in\{0,1\}^{m}\) are first encoded into K-ary symbols \(\mathbf{s} \in\{0,1, \ldots, K-1\}\) ， \(t=m / \log _{2} K\), and when encoded symbol \(s_{i}=k(0 \leq k \leq K-1)\) will be chosen as the quantization lattice, the corresponding i-th IPD Cid is quantized to the nearestlattice dot u_i through dot-lattice quantizer.

\(u_{i}=\underset{\sigma \in \Lambda_{k}}{\arg \min }\left|\sigma-d_{i}^{C}\right|\)       (5)

In order to remove the regularity of the IPDs of covert channels introduced by dot-based quantization, compensative quantization strategy is employed to achieve the tradeoff between undetectability and robustness. \(\alpha \in(0,1)\) denotes the quantization parameter and \(1-\alpha\) denotes the compensative parameter, the resulting i-th IPD of the covert timing channel can be obtained by

\(d_{i}^{S}=\alpha u_{i}+(1-\alpha) d_{i}^{C}\)       (6)

At the receiver, the received IPDs \(\hat{\mathbf{d}}^{S}=\left\{\hat{d}_{i}^{S}\right\}_{i=1}^{n}\) is a noisy version of the IPDs \(\mathbf{d}^{S}=\left\{d_{i}^{S}\right\}_{i = 1}^{n}\)and is given by

\(\hat{\mathbf{d}}^{S}=\mathbf{d}^{S}+\boldsymbol{\delta}\)       (7)

where δ denotes the channel noise. The nested dot-lattice is reconstructed with the shared parameter L and the CDF of IPDs of the legitimate traffic. The estimated encoded symbols \(\mathbf{s}^{\prime}=\left\{S_{i}^{\prime}\right\}_{i=1}^{n}\) can be extracted through dot-lattice decoder by finding the lattice dot in the finelattice Λ that is nearest to the observed IPD. The index of the corresponding coarse lattice which contains the finding lattice dot is regarded as the estimated encoded symbol

\(s_{i}^{\prime}=\sigma\left(\underset{y \in A}{\arg \min }\left|y-\hat{d}_{i}^{S}\right|\right)\)       (8)

where σ(⋅) denotes the index querying function for dot-lattice, namely, \(\lambda \in \Lambda_{\sigma(\lambda)}\) . The finalestimated secret message bits \(\hat{\mathbf{m}}\) can be determined through the K-ary decoder.

5. Covert Timing Channels Based on Interval-Lattice

The covert timing channel based on dot-lattice (CTC-DL) is designed to be rich-secure whilemaintaining well tradeoff between undetectability and robustness. The compensativequantization strategy needs to be employed to remove the inherent regularity. In this section, we present a covert timing channel based on interval-lattice (CTC-IL). This scheme dividesthe CDF curve of IPDs of the legitimate traffic into distinct parts to construct lattice instead of choosing sampling points from the curve, guard band strategy is employed to separate thelattice intervals to reduce the bit error rate (BER) of the received message bits. Fig. 2 shows the framework of the CTC-IL, the example of the interval-lattice is constructed with the coarselattice number K = 2.

 

Fig. 2. Covert timing channel framework based on interval-lattice

With the given CDF F(⋅) of the IPDs of the legitimate traffic and the number of the coarselattices K , the coarse lattice set \(\left(\mathbf{\Lambda}_{1}, \dots, \mathbf{\Lambda}_{k}\right)\)can be constructed through an interval-lattice constructor.

Similar to the dot-lattice, we denote the coarse lattice set and fine lattice as \(\begin{equation} \left(\mathbf{\Lambda}_{1}, \dots, \mathbf{\Lambda}_{K}\right) \end{equation}\)and \(\mathbf{\Lambda}=\bigcup_{i=1}^{K} \mathbf{\Lambda}_{i}\) , respectively. Each coarse lattice \(\boldsymbol{\Lambda}_{i}=\left\{B_{i, 1}, \ldots, B_{i, L}\right\}\) contains L lattice intervals,  \(B_{i, j}=\left[L_{i, j}, R_{i, j}\right]\), where \(L_{i, j}\) and R_i,j denote the lower bound and upper bound of B_i,j , respectively.

The interval-lattice constructor divides the CDF curve of IPDs of the legitimate traffic into L K⋅ distinct parts, guard band is reserved between the parts belonging to different coarse lattice to enhance the robustness of the covert timing channel. The interval-lattice can beconstructed by

\(\left\{\begin{array}{l} {l_{i, j}=(j-1) / L+(i-1) /(L \cdot K)} \\ {r_{i, j}=l_{i, j}+1 /(L \cdot K)-S} \\ {L_{i, j}=F^{-1}\left(l_{i, j}\right)} \\ {R_{i, j}=F^{-1}\left(r_{i, j}\right)} \end{array}\right.\)       (9)

where S denotes the width of guard band. It is apparent that \(L \cdot K-1\) guard bands are required in an interval-lattice.

After encoding the message and choosing lattice using the same strategies in Section 4, w equantize the i-th IPD \(d_{i}^{C}\) to \(d_{i}^{S}\) using the following equation.

\(\left\{\begin{array}{l} {\hat{\mathbf{\Upsilon}}=\underset{\mathbf{T} \in \mathbf{A}_{k}}{\arg \min } D\left(\mathbf{\Upsilon}, d_{i}^{C}\right)} \\ {d_{i}^{S}=\delta(\hat{\mathbf{r}})} \end{array}\right.\)       (10)

where \(\delta(\hat{r})\) denotes a random value in the interval \(\hat{r}\) , and the function \(D(B, p)\) denotes the distance between the interval B and the value p , which is given by

\(D(B, p)=\left\{\begin{array}{l} {0, p \in B} \\ {\min \left\{\left|p-L_{B}\right|,\left|p-R_{B}\right|\right\}, p \notin B} \end{array}\right.\)       (11)

where \(L_{B}\) and \(R_{B}\)denote the lower bound and upper bound of B , respectively.

At the receiver, the nested interval-lattice can be reconstructed with the shared parameter Land the CDF of the IPDs of the legitimate traffic. The estimated encoded symbols \(\mathbf{s}^{\prime}=\left\{s_{i}^{\prime}\right\}_{i=1}^{t}\) can be extracted through interval-lattice decoder by

\(s_{i}=\theta\left(\arg \min _{B \in A} D\left(B, \hat{d}_{i}^{S}\right)\right)\)       (12)

where function A=θ(B) denotes the index querying function for interval-lattice, namely, B∈Λ_A. The final estimated secret message bits \(\hat{\mathbf{m}}\) can be determined through the K-ary decoder.

6. Experimental Results and Analysis

6.1 Experimental Setup

In this section, we benchmark the proposed covert timing channel schemes (CTC-DL, CTC-IL) by examining the undetctability and robustness. We compare them with three schemesincluding the popular model-based covert timing channel incorporated with analog fountain precoding (MB-AFTC) [6, 12], fountain timing channel (FTC) based on LT codes proposed in [16], analog fountain timing channel based on symbol transition (ST-AFTC) proposed in ourprior work [6]. As MB-AFTC, FTC, and ST-AFTC use rateless codes to enhance robustness, in order to make a fair comparison, we also employ forward error correcting codes to precodethe secret message bits in the proposed schemes, while maintaining the same coverttransmission rate to benchmark performance on robustness for all schemes. The utilized forward error correcting codes are punctured binary BCH codes [31].

In this paper, we analyze the performance of the covert timing channel schemes based on the network traffic generated by TeamViewer IP voice, the most popular remote controls of tware with more than 200 million users which can also supply Voice over IP (VoIP) service, VoIP is one of the most important types of packet streams used for covert timing channels. The samples of the traffic are the same with that we used in our prior work [6]. The destination wasimplemented in a host in the Computer Science Department at the University of California, Davis (UCDavis), which was connected to the Internet using wired Ethernet. The source was alaptop which was connected to the Internet via public WiFi in the UCDavis campus. For this case, the end-to-end connection was over multiple hops. For this type of traffic, we captured the IPDs both at the source and the destination. The statistical characteristics of the filtered IPDs and the channel noise are shown in Table 1. The channel noise are obtained by comparing the difference between the IPDs with the same identification at two ends of the connection. As we can locate the lost packets through packet identification and the packet loss rate is only 0.12%, the pattern of packet loss has no influence on the performance. Thus, we d onot discuss the packet loss in this paper.

Table 1. Timing statistical characteristics of the captured traffic 

 

6.2 Undetectability

We model the legitimate traffic of the channels with the captured 10⁴ samples, the empirical CDF of IPDs is acquired from filtered legitimate traffic. The filter is adopted to remove outlier data with value \(\hat{d}\) which satisfies Pr\((\mathbf{d} \leq \hat{d} | \hat{d} \geq \mu+\eta) \geq 0.995\) , where µ and η are the mean and standard deviation of the captured samples, respectively.

In order to evaluate the undetectability of the five schemes, we employed the proposed rich security model in Section 3. The joint distribution probability of the corresponding indices of IPD chains for the legitimate traffic and the covert traffic generated from the five schemes areshown in Fig. 3(a)-(f), respectively. In this figure, the order of IPD chains is set to 2 M = and the subinterval number is set to 4 N = . As the practical covert channel detection requiressmall window-size, the number of the observed IPDs is set to 2000 l= . In MB-AFTC [6, 12], the secret message bits are first encoded into message symbols with analog fountain codes (AFC) [32], and then mapped into IPDs with model-based modulation. In S-FTC [16], theguard band strategy is implemented at the sender, the width of guard band is set to 0.1. In ST-AFTC [6], we use AFC to encode the secret message bits and utilize symbol transitionstrategy to generate IPDs. The weight set of AFC in this paper is set to \(W=\{1 / 2,1 / 3,1 / 5,1 / 7,1 / 11,1 / 13,1 / 17,1 / 19\}\) . In our proposed two schemes, the quantization parameter α in CTC-DL is set to 0.5 and the width of the guard band in CTC-IL is set to \(S=0.5 /(L \cdot K)\) . Both the coarse lattice number K and the number of sampling points L are set to 4. Hereinafter, we all employ above parameters in following experimentsunless otherwise stated. Fig. 3(a) depicts the second-order joint probability of IPD chains oflegitimate traffic and Fig. 3(b)-(f) depict that of the five schemes including MB-AFTC, S-FTC, ST-AFTC, the proposed CTC-DL and CTC-IL.

 

Fig. 3. The joint probability of the second-order IPD chains: (a) legitimate traffic (b) MB-AFTC (c) S-FTC (d) ST-AFTC (e) the proposed CTC-DL (f) the proposed CTC-IL

As we can see from Fig. 3, the proposed CTC-DL and CTC-IL schemes can mimic the joint distribution probability of the corresponding indices of IPD chains for legitimate traffic very well. In fact, as most network traffic is non-stationary, the statistical characteristics oflegitimate traffic have stability in long time scale and dynamics in short time scale. In practical covert channel detection scenario, the inconspicuous gap between the joint distributions of thelegitimate traffic and the covert traffic generated by the proposed schemes can be regarded as normal variation. However, there exist significant difference between the joint distribution probability of IPD chains of legitimate traffic and that generated by MB-AFTC, S-FTC and ST-AFTC, which shows the vulnerability of the existing three schemes to rich security model. The results in Fig. 3 show that the proposed two schemes can achieve significantly betterundetectability than the other three schemes when they are tested with the joint distribution of 2-order IPD chains.

Furthermore, we employ the statistics Q_q in Eq. (3) to evaluate the undetectability of the five schemes under rich security model. The statistics Q2 with the order of IPD chains M = 2 and the statistics Q₃ with the order of IPD chains M = 3 for the five schemes are shown in Fig. 4 and Fig. 5, respectively. Each point is obtained using the average of 10 samples. Fig. 4 depicts the statistics with different interval numbers, the number of IPDs is set to l = 2000 , the horizontal axis denotes the subinterval number and the vertical axis denotes the value of the statistics. Fig. 5 depicts the statistics with different numbers of IPDs, the subinterval number isset to  N = 8 , the horizontal axis denotes the number of IPDs and the vertical axis denotes the value of the statistics.

 

Fig. 4. The stastics Qq with different subinterval number for covert traffic generated from the fiveschemes: (a) the value of statistics Q₂ (b) the value of statistics Q₃

 

Fig. 5. The stastics qQ with different number of IPDs for covert traffic generated from the five schemes: (a) the value of statistics Q₂ (b) the value of statistics Q₃

From Fig. 4 and Fig. 5 we see that the proposed CTC-DL and CTC-IL are model-secure under the rich security model and they can maintain very good undetectability for multi-order statistical test even when a small number of IPDs is used for the test. The results of statisticaltest tend to be stabilized gradually with increasing number of IPDs and subintervals. On the other hand, the values of statistics for MB-AFTC, S-FTC and ST-AFTC are all much larger than the proposed schemes. When the subinterval number 8 N = and the number of IPDs& nbsp;l =400 , Q₂ of the proposed two schemes are both lower than 0.1 and Q₃ of them are bothlower than 1.1. Nevertheless, Q₂ and Q₃ of the other three schemes are all larger than 0.4 and 7, respectively. It means that we can easily distinguish between the legitimate traffic and the covert traffic generated by MB-AFTC, S-FTC and ST-AFTC even with very small number of IPDs under the proposed rich security model. In contrast, both the proposed two covert timing channel schemes can achieve good undetectability when they are tested with multi-orderstatistics.

We also find that the undetectability of the proposed CTC-IL is a little worse than CTC-DL, which is the result of the employed guard band strategy in CTC-IL. The gap can be reduced by decreasing the width of the guard band between coarse lattice intervals. The number of the IPDs has more significant influence on the value of statistics Q_q for the proposed two schemesthan subinterval number. The results also show that ST-AFTC has similar performance on undetectability with MB-AFTC, whereas S-FTC is the worst one.

6.3 Robustness

In order to evaluate the robustness, two types of network noise are considered in ourexperiments. Firstly, we consider the real channel noise with statistical characteristics shown in Table 1. Secondly, we consider an additive white gaussian noise (AWGN), which is measured by the signal-to-noise ratio (SNR). Without loss of generality, we measure therobustness of covert timing channels using the BER of the decoded secret messages. The number of the secret message bits is set to  m = 3000, the number of the sampling points L isset to 2, and the quantization parameter α is set to 0.6. Fig. 6 (a) shows the BER of MB-AFTC, S-FTC, ST-AFTC, and the proposed two schemes with AWGN. Fig. 6(b) shows the BER of them with real channel noise. The horizontal axis denotes the covert transmission rate R , which is defined as the average number of message bits transmitted per packet (bpp). The vertical axis denotes the BER of the decoded secret message. We test the five schemes with the covert transmission rate from 0.3 bpp to 1bpp. The unmarked points in the figuremeans the corresponding BER is zero.

 

Fig. 6. The BER of the five covert timing channels with different covert transmission rates. (a) AWGN (b) real channel noise

As shown in Fig. 6(a), the performance of S-FTC is the worst of all as the BP algorithm in the decoder cannot converge in these cases. The robustness of the proposed covert timing channels schemes are both observably better than the other three schemes for low coverttransmission rate and high SNR under AWGN. When SNR=40dB and the covert transmission rate R≤0.4 bpp, CTC-DL and CTC-IL can both decode the secret message correctly, whereasthe BER of MB-AFTC achieves 3 × 10^-3when R= 0.4 bpp and decreases to 0 when R= 0.3 bpp. The BER of ST-AFTC is about 3 × 10^-3 and 10^-3 with R= 0.3 bpp and R= 0.4 bpp, respectively. When SNR=35dB and R≤ 0.7 bpp, the robustness of the proposed two schemes are worse than ST-AFTC and MB-AFTC, the BER of CTC-DL and CTC-IL are about 9 x 10^-2 and 8 x 10^-2 when R=  0.7 bpp, respectively. Nevertheless, the BER of MB-AFTC is about 2 x 10^-2  and that of ST-AFTC is about  5 x 10^-2 .

The comparison results of the five covert timing channel schemes with real channel noiseare shown in Fig. 6(b). We can find that the performance of MB-AFTC is the best and that of S-FTC is the worst. When the covert transmission rate R > 0.8 bpp, the performance of the proposed two schemes are a little better than that of ST-AFTC, whereas ST-AFTC canachieve stronger robustness when R≤ 0.8 bpp. When R= 0.3 bpp, the BER of the proposed CTC-DL scheme is about 2×10^-4 and that of the proposed CTC-IL scheme is 0. When R= 1 bpp, namely, there exist no precoding stage in the proposed schemes, the BER of CTC-DL and CTC-IL are about  9 × 10^-2  and  8 × 10^-2, respectively. With the same coverttransmission rate R= 1 bpp, the BER of MB-AFTC and ST-AFTC are about 2 x 10^-2 and 1 x 10^-2, respectively.

In summary, MB-AFTC, ST-AFTC and the proposed two schemes can all performefficiently on the channels with network jitter and for traffic which is not very well suited forestablishing covert timing channels. In general, MB-AFTC can achieve the best performance on robustness due to the capacity-approaching analog fountain codes. The proposed CTC-DLand CTC-IL have better performance with high SNR and low transmission rate whencompared with ST-AFTC and S-FTC. We also find that the robustness of the proposed CTC-IL is a little better than CTC-DL.

7. Conclusion

In this paper, we have established a general security model to measure the difference of the multi-order statistical characteristics between the legitimate and covert traffic. It canefficiently detect the existence of covert timing channels that use model-based modulation framework, and also can operate for some state-of-the-art covert timing channels. Moreover, nested lattice codes incorporated with the distribution of IPDs are utilized to design coverttiming channels that not only meet the goals of rich security but are also robust. Two types of nested lattices including dot-lattice and interval-lattice are designed to quantize the secretmessages. In addition, compensative quantization and guard band strategy are adopted toremove the regularity and enhance the robustness, respectively. Using experiments with realtraffic we have demonstrated the effectiveness of the proposed covert timing channels withrespect to undetectability and robustness.

Even though the proposed covert timing channel schemes have been shown to be robustenough for general network jitters when forward error correcting codes are employed, itinevitably limits the covert transmission rate as we have trade off the capacity forundetectability. Another issue is the dimension of the constructed nested lattices, we concentrate on one-dimensional lattices in this paper while the increasing dimension canfurther enhance the overall performance of the proposed covert timing channels. Covert timing channel schemes based on multi-dimensional nested lattices are also part of future work.