Browse > Article
http://dx.doi.org/10.3837/tiis.2020.08.023

Exploiting Correlation Characteristics to Detect Covert digital communication  

Huang, Shuhua (Nanjing University of Science and Technology)
Liu, Weiwei (Nanjing University of Science and Technology)
Liu, Guangjie (Nanjing University of Information Science and Technology)
Dai, Yuewei (Nanjing University of Information Science and Technology)
Tian, Wen (Nanjing University of Science and Technology)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.14, no.8, 2020 , pp. 3550-3566 More about this Journal
Abstract
As a widely used way to exfiltrate information, wireless covert channel (WCC) brings a serious threat to communication security, which enables the wireless communication process to bypass the authorized access control mechanism to disclose information. Unlike the covert channel on the network layer, wireless covert channels on the physical layer (WCC-P) is a new covert communication mode to implement and improve covert wireless communication. Existing WCC-P scheme modulates the secret message bits into the Gaussian noise, which is also called covert digital communication system based on the joint normal distribution (CJND). Finding the existence of this type of covert channel remains a challenging work due to its high undetectability. In this paper, we exploit the square autocorrelation coefficient (SAC) characteristic of the CJND signal to distinguish the covert communication from legitimate communication. We study the sharp increase of the SAC value when the offset is equal to the symbol length, which is caused by embedding secret information. Then, the SAC value of the measured sample is compared with the threshold value to determine whether the measured sample is CJND sample. When the signal-to-noise ratio reaches 20db, the detection accuracy can reach more than 90%.
Keywords
covert channel detection; wireless communications; Gaussian distribution correlation coefficient; autocorrelation;
Citations & Related Records
연도 인용수 순위
  • Reference
1 E. Casey, "Investigating sophisticated security breaches," Communications of the ACM, vol. 49, no. 2, pp. 48-55, February, 2006.   DOI
2 D. Xiao, J. Liang, Q. Ma, Y. Xiang, and Y. Zhang, "High capacity data hiding in encrypted image based on compressive sensing for nonequivalent resources," Computers, Materials & Continua, vol. 58, no. 1, pp. 1-13, 2019.   DOI
3 S. Gianvecchio, H. Wang, D. Wijesekera, and S. Jajodia, "Model-based covert timing channels: Automated modeling and evasion," in Proc. of International Workshop on Recent Advances in Intrusion Detection, vol. 5230, pp. 211-230, 2008.
4 K. Kothari and M. Wright, "Mimic: An active covert channel that evades regularity-based detection," Computer Networks, vol. 57, no. 3, pp. 647-657, February, 2013.   DOI
5 R. J. Walls, K. Kothari, and M. Wright, "Liquid: A detection-resistant covert timing channel based on IPD shaping," Computer networks, vol. 55, no. 6, pp. 1217-1228, April, 2011.   DOI
6 G. Liu, J. Zhai, and Y. Dai, "Network covert timing channel with distribution matching," Telecommunication Systems, vol. 49, no. 2, pp. 199-205, 2012.   DOI
7 A. Mileva and B. Panajotov, "Covert channels in TCP/IP protocol stack-extended version," Open Computer Science, vol. 4, no. 2, pp. 45-66, June, 2014.
8 I. Grabska and K. Szczypiorski, "Steganography in long term evolution systems," in Proc. of 2014 IEEE Security and Privacy Workshops, pp. 92-99, May, 2014.
9 S. Zander, G. Armitage, and P. Branch, "A survey of covert channels and countermeasures in computer network protocols," IEEE Communications Surveys & Tutorials, vol. 9, no. 3, pp. 44-57, 2007.   DOI
10 K. Szczypiorski and W. Mazurczyk, "Hiding data in OFDM symbols of IEEE 802.11 networks," in Proc. of 2010 International Conference on Multimedia Information Networking and Security, pp. 835-840, November, 2010.
11 J. Classen, M. Schulz, and M. Hollick, "Practical covert channels for WiFi systems," in Proc. of 2015 IEEE Conference on Communications and Network Security (CNS), pp. 209-217, September, 2015.
12 P. Cao, W. Liu, G. Liu, X. Ji, J. Zhai, and Y. Dai, "A wireless covert channel based on constellation shaping modulation," Security and Communication Networks, vol. 2018, January, 2018.
13 Z.-J. Xu, Y. Gong, K. Wang, W.-D. Lu, and J.-Y. Hua, "Covert digital communication systems based on joint normal distribution," IET Communications, vol. 11, no. 8, pp. 1282-1290, 2017.   DOI
14 Y. Wang, Y. Cao, L. Zhang, H. Zhang, R. Ohriniuc, G. Wang, et al., "YATA: Yet Another Proposal for Traffic Analysis and Anomaly Detection," CMC-Computers, Materials & Continua, vol. 60, no. 3, pp. 1171-1187, 2019.   DOI
15 M. E. Cek and F. Savaci, "Stable non-Gaussian noise parameter modulation in digital communication," Electronics Letters, vol. 45, no. 24, pp. 1256-1257, 2009.   DOI
16 P. Peng, P. Ning, and D. S. Reeves, "On the secrecy of timing-based active watermarking trace-back techniques," in Proc. of 2006 IEEE Symposium on Security and Privacy (S&P'06), pp. 334-349, May, 2006.
17 S. Cabuk, C. E. Brodley, and C. Shields, "IP covert timing channels: design and detection," in Proc. of the 11th ACM conference on Computer and communications security, pp. 178-187, October, 2004.
18 G. Shah, A. Molina, and M. Blaze, "Keyboards and Covert Channels," in Proc. of USENIX Security Symposium, vol. 15, pp. 59-75, July, 2006.
19 S. Gianvecchio and H. Wang, "An entropy-based approach to detecting covert timing channels," IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 6, pp. 785-797, 2011.   DOI
20 A. Dutta, D. Saha, D. Grunwald, and D. Sicker, "Secret agent radio: Covert communication through dirty constellations," in Proc. of International Workshop on Information Hiding, vol. 7692, pp. 160-175, 2012.