Technical note | Covert Channels over Network Traffic: Methods, Metrics, and Mitigations
This technical note is a review of current open literature regarding covert timing channels over network traffic. The paper consists of a brief background of timing channels, some examples of covert timing channels over network traffic, metrics to define the capacity and probability of a channel, and finally methods to mitigate timing channels. This technical note is intended to provide a basis for analysing and reducing potential timing channels when assessing and designing system architectures.
This technical note is a study of covert timing channels over computer networks.
Steganography, the art of hiding covert messages in plain sight, is by no means a new concept, and is one that certainly applies to network traffic. Messages can be hidden within files, images, or unused fields of network packets. Data crossing domain boundaries must be scrubbed for any potentially classified or hidden information before release, however information can also be transmitted by the timing of the messages themselves. With the increasing inter-connectedness of computer systems, there is a growing need for systems to communicate across domain boundaries, making timing channels an increased threat.
This report covers the common covert timing channels, as well as ways to define and detect their presence, and finally approaches to mitigate them, based on a review of the open literature. These methods will allow systems to be designed to reduce the presence of potential timing channels, and reduce the risk of data leakage over such channels.