Exploiting Temporal Variability in TCP Timestamps for Covert Channel Design
Information is a valuable asset for individuals, organizations, and governments, making secure transmission a critical concern. Cryptographic techniques are widely used to protect communication; however, in scenarios where the mere detection of communication poses a risk, encryption alone is insuffi...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11062641/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1839633676507283456 |
|---|---|
| author | Silvio R. A. O. Filho Claudio A. S. Lelis Eric T. E. Soares Cesar A. C. Marcondes |
| author_facet | Silvio R. A. O. Filho Claudio A. S. Lelis Eric T. E. Soares Cesar A. C. Marcondes |
| author_sort | Silvio R. A. O. Filho |
| collection | DOAJ |
| description | Information is a valuable asset for individuals, organizations, and governments, making secure transmission a critical concern. Cryptographic techniques are widely used to protect communication; however, in scenarios where the mere detection of communication poses a risk, encryption alone is insufficient. In such cases, covert channels—designed to conceal the existence of communication—offer a viable alternative. When these channels operate over network protocols, they are referred to as network covert channels. A covert channel is undetectable if its traffic blends with regular communication. One approach to achieving this level of stealth is by embedding secret information into an inherent source of uncertainty within the transmission process. If the characteristics of this uncertainty are preserved, it becomes difficult to differentiate covert communication from normal traffic. Among widely used network protocols, the Transmission Control Protocol (TCP) presents intrinsic uncertainties in its header fields. Specifically, the TCP Timestamp option exhibits temporal uncertainty, making it a promising candidate for covert communication. This paper introduces two novel covert channel models exploiting the inherent temporal variability of TCP timestamps to achieve stealthy and reliable communication. Our approach overcomes limitations of previous methods by ensuring statistical indistinguishability from legitimate traffic while maintaining robustness against detection and packet loss. Experimental validation in real-world network environments demonstrates the practical applicability and enhanced security of the proposed models. It demonstrates that it is possible to enhance both stealth and reliability in covert communication, providing a practical reference for secure data transmission in real-world network environments. |
| format | Article |
| id | doaj-art-8acb75246b5b4c7da05e71db42559c9c |
| institution | Matheson Library |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-8acb75246b5b4c7da05e71db42559c9c2025-07-10T23:01:15ZengIEEEIEEE Access2169-35362025-01-011311590911592310.1109/ACCESS.2025.358486811062641Exploiting Temporal Variability in TCP Timestamps for Covert Channel DesignSilvio R. A. O. Filho0https://orcid.org/0009-0009-9204-736XClaudio A. S. Lelis1Eric T. E. Soares2https://orcid.org/0009-0000-8708-622XCesar A. C. Marcondes3Computer Science Division, Instituto Tecnológico de Aeronáutica (ITA), São José dos Campos, BrazilComputer Science Division, Instituto Tecnológico de Aeronáutica (ITA), São José dos Campos, BrazilComputer Science Division, Instituto Tecnológico de Aeronáutica (ITA), São José dos Campos, BrazilComputer Science Division, Instituto Tecnológico de Aeronáutica (ITA), São José dos Campos, BrazilInformation is a valuable asset for individuals, organizations, and governments, making secure transmission a critical concern. Cryptographic techniques are widely used to protect communication; however, in scenarios where the mere detection of communication poses a risk, encryption alone is insufficient. In such cases, covert channels—designed to conceal the existence of communication—offer a viable alternative. When these channels operate over network protocols, they are referred to as network covert channels. A covert channel is undetectable if its traffic blends with regular communication. One approach to achieving this level of stealth is by embedding secret information into an inherent source of uncertainty within the transmission process. If the characteristics of this uncertainty are preserved, it becomes difficult to differentiate covert communication from normal traffic. Among widely used network protocols, the Transmission Control Protocol (TCP) presents intrinsic uncertainties in its header fields. Specifically, the TCP Timestamp option exhibits temporal uncertainty, making it a promising candidate for covert communication. This paper introduces two novel covert channel models exploiting the inherent temporal variability of TCP timestamps to achieve stealthy and reliable communication. Our approach overcomes limitations of previous methods by ensuring statistical indistinguishability from legitimate traffic while maintaining robustness against detection and packet loss. Experimental validation in real-world network environments demonstrates the practical applicability and enhanced security of the proposed models. It demonstrates that it is possible to enhance both stealth and reliability in covert communication, providing a practical reference for secure data transmission in real-world network environments.https://ieeexplore.ieee.org/document/11062641/Covert channelsnetwork securitytransport layerTCPtemporal uncertaintytime variability |
| spellingShingle | Silvio R. A. O. Filho Claudio A. S. Lelis Eric T. E. Soares Cesar A. C. Marcondes Exploiting Temporal Variability in TCP Timestamps for Covert Channel Design IEEE Access Covert channels network security transport layer TCP temporal uncertainty time variability |
| title | Exploiting Temporal Variability in TCP Timestamps for Covert Channel Design |
| title_full | Exploiting Temporal Variability in TCP Timestamps for Covert Channel Design |
| title_fullStr | Exploiting Temporal Variability in TCP Timestamps for Covert Channel Design |
| title_full_unstemmed | Exploiting Temporal Variability in TCP Timestamps for Covert Channel Design |
| title_short | Exploiting Temporal Variability in TCP Timestamps for Covert Channel Design |
| title_sort | exploiting temporal variability in tcp timestamps for covert channel design |
| topic | Covert channels network security transport layer TCP temporal uncertainty time variability |
| url | https://ieeexplore.ieee.org/document/11062641/ |
| work_keys_str_mv | AT silvioraofilho exploitingtemporalvariabilityintcptimestampsforcovertchanneldesign AT claudioaslelis exploitingtemporalvariabilityintcptimestampsforcovertchanneldesign AT erictesoares exploitingtemporalvariabilityintcptimestampsforcovertchanneldesign AT cesaracmarcondes exploitingtemporalvariabilityintcptimestampsforcovertchanneldesign |