Bandwidth and detection of packet length covert channels
11Mar_Dye.pdf (1.019Mb)Abstract
This thesis explores the detectability and robustness of packet length covert channels. We discovered that packet length covert channels, where a rogue user modulates the length of a Transport Control Protocol packet, can be detected while monitoring traffic of a large network. The bandwidth of these channels can be successfully estimated as well as the channels themselves detected using statistical inference. In addition, we observed that there is an inverse relationship between the volitionality in networks with respect to packet lengths and the detectability of these channels, and between packet length and channel bandwidth. For a large network like a college department, the bandwidth of a covert channel could be in the tens of megabytes over the course of a day.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Collections
Related items
Showing items related by title, author, creator and subject.
-
Adaptive node capability metric to assess the value of networking in a general command and control wireless communication topology
(Monterey, California. Naval Postgraduate School, 2011-09);In order to quantify any node's capacity to support optimal information flow within a distributed command and control network, a novel node capability value calculation is developed from first principles. The expression ... -
A resource conflict resolution problem formulated in continuous time
(Monterey, California. Naval Postgraduate School, 1985-08); NPS55-85-018In many situations involving data transmission from diverse sources there can be conflict for a limited number of channels or other facilities. Uncoordinated attempts by several sources to use a single facility can result ... -
A practical voiceband television system design.
(Monterey, California. Naval Postgraduate School, 1973-09);A need exists to send television on channels of limited bandwidth, particularly 3 kHz. Successive images must have adequate picture content yet be frequent enough to give the appearance of motion. A new coding scheme ...
