A NOVEL APPROACH FOR COVERT  COMMUNICATION OVER TCP VIA INDUCED CLOCK  SKEW

Knebel, Erik S.

A NOVEL APPROACH FOR COVERT COMMUNICATION OVER TCP VIA INDUCED CLOCK SKEW

Files

18Mar_Knebel_Erik.pdf (2.76 MB)

Authors

Knebel, Erik S.

Subjects

covert channel
TCP
clock skew
cyber
TCP timestamp

Advisors

Tummala, Murali

McEachen, John

Date of Issue

2018-03

Publisher

Monterey, CA; Naval Postgraduate School

Abstract

The goal of this thesis is to determine the feasibility and provide a proof of concept for a covert communications channel based on induced clock skew. Transmission Control Protocol (TCP) timestamps provide a means for measuring clock skew between two hosts. By intentionally altering timestamps, a host can induce artificial clock skew as measured by the receiver, thereby providing a means to covertly communicate. A novel scheme for transforming symbols into skew values is developed in this work, along with methods for extraction at the receiver. We tested the proposed scheme in a laboratory network consisting of Dell laptops running Ubuntu 16.04. The results demonstrated a successful implementation of the proposed covert channel with achieved bit rates as high as 33 bits per second under ideal conditions. Forward error correction was also successfully employed in the form of a Reed–Solomon code to mitigate the effects of variation in delay over the Internet.

Type

Thesis

URI

https://hdl.handle.net/10945/70787

Department

Electrical and Computer Engineering (ECE)

Distribution Statement

Approved for public release; distribution is unlimited.

Rights

This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.

Collections

Theses

Full item page

Naval Postgraduate School

Dudley Knox Library