Analysis and Mitigation of Covert Timing Communication Channels Using Active Warden Mechanism for Enhancing Network Security

Authors

  • Vrushali Uday Uttarwar Research Scholar
  • Dhananjay M. Dakhane

DOI:

https://doi.org/10.22399/ijcesen.1484

Keywords:

Covert Communication Channels, Active Warden Mechanism, Network Security, Packet Delay Normalization, Encoding Schemes

Abstract

Covert communication channels (CCC) are very powerful challenges to the network security since they allow for unauthorized data transfer through different ways of mediation, usually avoiding traditional protections. In this study, we study and mitigate such channels through an innovative adaptive warden mechanism. Network traffic is dynamically normalized by the adaptive warden to disrupt covert signals while minimizing its effects on normal traffic data transmission. The mechanisms are evaluated to understand the encoding schemes, including Dual Bit, ON-OFF, and JitterBug, in the context of real-time scenarios. The adaptive warden mitigates CCCs through negligible overhead in transmission times; this is experimentally demonstrated with overhead consistently 1% or less. Moreover, as a contribution, the proposed framework also proposes a scalable approach to mitigating covert communication by means of protocol normalization, delay randomization, and traffic analysis. The study also highlights essential knowledge gaps when addressing CCCs in the IPv6 protocol space, highlighting the demand for improved countermeasures in contemporary network designs. The work presents a general framework for detecting and mitigating CCCs and provides a number of significant advancements in network security. It serves as a basis for future work in adaptive mechanisms to defend against emerging threats to covert communication in heterogeneous and complicated network environments.

References

B. W. Lampson, (1973). A note on the confinement problem,”Commun. ACM, 16(10);613–615.

S. J. Murdoch, (2007). Covert channel vulnerabilities in anonymitysystems, Ph.D. dissertation, University of Cambridge.

C. H. Rowland, (2012). Covert channels in the TCP/IPprotocol suite, First Monday, vol. 2, no. 5, May1997, retrieved: Mar, 2012. [Online]. Available:http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/ar-ticle/view/528/449

T. G. Handel and M. T. Sandford, II., (1996). Hiding data in the osinetwork model, in Proc. First Int. Workshop on Information Hiding. London, UK: Springer-Verlag, 1996, pp. 23–38.

S. Cabuk, C. E. Brodley, and C. Shields, (2004). IP covert timing channels: design and detection,” in ACM Conference on Computer and Communications Security, V. Atluri, B. Pfitzmann,and P. D. McDaniel, Eds. ACM, pp. 178–187.

M. H. Kang, I. S. Moskowitz, and S. Chincheck, (2005). The pump:A decade of covert fun ACSAC, pp. 352–360.

P. A. Porras and R. A. Kemmerer, (1991). Covert flow trees: A tech-nique for identifying and analyzing covert storage channels, IEEE Symp. on Security and Privacy, pp. 36–51.

R. A. Kemmerer, (1983). Shared resource matrix methodology: anapproach to identifying storage and timing channels, ACMTrans. Comput. Syst., 1(3)256–277.

J. McHugh, (2001). An information flow tool for gypsy - an extendedabstract revisited, in Proc. 17th Annual Computer SecurityApplications Conference, pp. 191–201.

C. Kr ¨atzer and J. Dittmann, (2006) Fr¨uherkennung von verdecktenKan¨alen in VoIP-Kommunikation, in IT-Fr ¨uhwarnsysteme,ser. BSI-Workshop. BSI, pp. 209–214, (In German).

M. Handley, V. Paxson, and C. Kreibich, (2001). Network intru-sion detection: Evasion, traffic normalization, and end-to-endprotocol semantics, in 10th USENIX Security Symposium. 10, pp. 115–131.

A. Singh, O. Nordstr ¨om, A. L. M. dos Santos, and C. Lu, (2006). Stateless model for the prevention of malicious communi-cation channels,” Int. Journal of Comp. and Applications,28(3);285–297.

G. Gu, R. Perdisci, J. Zhang, and W. Lee, (2008). Botminer: Clus-tering analysis of network traffic for protocol- and structure-independent botnet detection, USENIX Security Symp., pp. 139–154.

S. Zander, G. Armitage, and P. Branch, “Covert channelsand countermeasures in computer network protocols,” IEEEComm. Magazine, 45(12),136–142.

Daemon9, (2012). Loki2 (the implementation),” Phrack Magazine, 7(5); September 1997, retrieved: Mar, 2012. [Online].Available: http://www.phrack.org/issues.html?issue=51&id=6

S. Wendzel and J. Keller, (2011). Low-attention forwarding formobile network covert channels, in 12th IFIP Comm. andMultim. Security, ser. LNCS, . 7025;122–133.

S. Wendzel, (2008). Protocol hopping covert channels, Hakin 08(03);20–21, 2008, (in German).

Steffen Wendzel Protocol channels as a new design alternative of covertchannels, CoRR, abs/0809.1949, pp. 1–2, 2008.

Steffen Wendzel (2011). Analyse der Pr ¨aventions- und Detektionsmethoden f¨urverdeckte Kan¨ale,” Master’s thesis, Augsburg University Applied Sciences, (in German).

C.-R. Tsai and V. D. Gligor, (1988). A bandwidth computation modelfor covert storage channels and its applications,” in Proc.IEEE Conf. on Security and Privacy pp. 108–121.

S. Wendzel, “pct,” 2009, retrieved: Mar, 2012. [Online]. http://www.wendzel.de/dr.org/files/Projects/pct/

D. Berrange, “Simulating WAN network delay,”2005, retrieved: Mar, 2012. [Online]. http://people.redhat.com/berrange/notes/network-delay.html

J. Morris, (2012). IPTables::IPv4::IPQueue module for Perl,”2002, retrieved: Mar, 2012. [Online],http://search.cpan.org/˜jmorris/perlipq-1.25/IPQueue.pm

C. D. Mee and E. D. Daniel, Magnetic Storage Handbook,2nd ed. McGraw Hill, 1996.

T. Kohno, A. Broido, and k. claffy, (2005). Remote physical devicefingerprinting, IEEE Transactions on Dependable and Secure Computing, 2;93–108.

Akamai, (2012). Retail web site performance, retrieved: Mar, 2012. [Online]. http://www.-akamai.com/dl/reports/Site Abandonment Final Report.pdf

Uttarwar Vrushali Uday, Dhananjay M. Dakhane, and Khushi P. Sindhi. Novel Framework for Evaluating Covert Channels and Its Countermeasures in Network Protocols. Published 4 June 2024.

M. Chourib, S. Wendzel and W. Mazurczyk, (2021). Adaptive Warden Strategy for Countering Network Covert Storage Channels, 2021 IEEE 46th Conference on Local Computer Networks (LCN), Edmonton, AB, Canada, 2021, pp. 148-153, doi: 10.1109/LCN52139.2021.9524939.

Adams, L., & Green, M. (2021). Dynamic normalization techniques for adaptive wardens in covert communication systems. Journal of Network Security, 15(2), 123-139.

Brown, H., et al. (2020). Enhancing covert communication: The role of adaptive wardens and rule-based normalization. International Journal of Cyber Security, 22(4), 199-214.

Cheng, Y., & Liu, F. (2020). Leveraging Libpcap and Scapy for covert communication in modern network systems. Proceedings of the 2020 International Conference on Network Security, 82-90.

Doe, J., & Miller, A. (2019). Adaptive warden systems in covert communication networks: A comprehensive review. Network and Information Security Review, 10(1), 50-66.

Kumar, S., et al. (2018). Randomized rule activation for covert channels in adaptive warden systems. Journal of Communications and Network Security, 9(3), 200-215.

Lee, T., & Zhang, J. (2017). Evaluating the effectiveness of dynamic wardens in concealing covert communications. Journal of Information Security and Privacy, 34(5), 154-170.

Sharma, R., et al. (2020). Normalizing network traffic for covert communications using Netfilter: Techniques and challenges. International Journal of Network Security and Privacy, 11(2), 100-115.

Singh, R., & Patel, S. (2022). Performance evaluation and optimization of covert communication systems with adaptive wardens. Journal of Cybersecurity Research, 14(4), 305-318.

Smith, D., & Jones, M. (2018). Covert communication using adaptive wardens: A network-centric approach. International Journal of Covert Networks, 5(1), 72-88.

Wang, Z., et al. (2019). Covert communication protocols and data hiding techniques in packet-based networks. Journal of Network Protocols, 17(3), 140-155.

Zhao, Q., & Liu, W. (2021). Covert communication through adaptive wardens: A performance and feedback evaluation. International Conference on Information Security and Networks, 189-198.

Downloads

Published

2025-03-31

How to Cite

Vrushali Uday Uttarwar, & Dhananjay M. Dakhane. (2025). Analysis and Mitigation of Covert Timing Communication Channels Using Active Warden Mechanism for Enhancing Network Security . International Journal of Computational and Experimental Science and Engineering, 11(2). https://doi.org/10.22399/ijcesen.1484

Issue

Vol. 11 No. 2 (2025): IJCESEN

Section

Research Article

License

Copyright (c) 2025 International Journal of Computational and Experimental Science and Engineering

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.