Presentation is loading. Please wait.

Presentation is loading. Please wait.

PHY Covert Channels: Can you see the Idles? Ki Suh Lee Cornell University Joint work with Han Wang, and Hakim Weatherspoon 1 첩자첩자 Chupja.

Published byGloria Rice Modified over 9 years ago

Similar presentations

Presentation on theme: "PHY Covert Channels: Can you see the Idles? Ki Suh Lee Cornell University Joint work with Han Wang, and Hakim Weatherspoon 1 첩자첩자 Chupja."— Presentation transcript:

1 PHY Covert Channels: Can you see the Idles? Ki Suh Lee Cornell University Joint work with Han Wang, and Hakim Weatherspoon 1 첩자첩자 Chupja

2 첩자 (chupja) 2

3 Network Covert Channels Hiding information – Through communication not intended for data transfer 3

4 Network Covert Channels Hiding information – Through communication not intended for data transfer – Using legitimate packets (Overt channel) Storage Channels: Packet headers Timing Channels: Arrival times of packets 4

5 Network Covert Channels Hiding information – Through communication not intended for data transfer – Using legitimate packets (Overt channel) Storage Channels: Packet headers Timing Channels: Arrival times of packets 5

6 Goals of Covert Channels Bandwidth – How much information can be delivered in a second Robustness – How much information can be delivered without loss / error Undetectability – How well communication is hidden 6

7 Goals of Covert Channels Bandwidth – How much information can be delivered in a second – 10~100s bits per second Robustness – How much information can be delivered without loss / error – Cabuk’04, Shah’06 Undetectability – How well communication is hidden – Liu’09, Liu’10 7 Application Transport Network Data Link Physical

8 8 Current network covert channels are implemented in L3~4 (TCP/IP) layers and are extremely slow.

9 Chupja: PHY Covert Channel Bandwidth – How much information can be delivered in a second – 10~100s bits per second Robustness – How much information can be delivered without loss / error – Bit Error Rate < 10% Undetectability – How well communication is hidden – Invisible to detection software 9 Application Transport Network Data Link Physical -> 10s~100s Kilo bits per second

10 10 Chupja is a network covert channel which is faster than priori art. It is implemented in L1 (PHY), robust and virtually invisible to software.

11 Outline Introduction Design Evaluation Conclusion 11

12 Outline Introduction Design – Threat Model – 10 Gigabit Ethernet Evaluation Conclusion 12

13 Threat Model 13 Application Transport Network Data Link Physical Application Transport Network Data Link Physical Application Transport Network Data Link Physical Application Transport Network Data Link Physical SenderReceiver Passive Adversary Commodity Server Commodity NIC

14 10 Gigabit Ethernet Idle Characters (/I/) – Each bit is ~100 picosecond wide – 7~8 bit special character in the physical layer – 700~800 picoseconds to transmit – Only in PHY 14 Packet iPacket i+1Packet i+2 Application Transport Network Data Link Physical

15 Interpacket delays (D) and gaps (G) Homogeneous packet stream – Same packet size, – Same IPD (IPG), – Same destination Terminology 15 IPG Packet iPacket i+1 IPD Packet iPacket i+1Packet i+2

16 Chupja: Design Homogeneous stream Sender Receiver 16 Packet iPacket i+1Packet i+2 G - ƐG + Ɛ D - ƐD + Ɛ ‘0’‘1’Packet iPacket i+2 G i G i+1 DiDi D i+1 ‘0’‘1’Packet i+1Packet iPacket i+2 GG DD IPG Packet i+1

17 Chupja: Design With shared G – Encoding ‘1’: G i = G + ε – Encoding ‘0’: G i = G - ε 17 Packet iPacket i+1Packet i+2 G - ƐG + Ɛ D - ƐD + Ɛ ‘0’‘1’

18 Implementation SoNIC [NSDI ’13] – Software-defined Network Interface Card – Allows control and access every bit of PHY In realtime, and in software 50 lines of C code addition 18 Application Transport Network Data Link Physical

19 Outline Introduction Design Evaluation – Bandwidth – Robustness – Undetectability Conclusion 19

20 Evaluation What is the bandwidth of Chupja? How robust is Chupja? – Why is Chupja robust? How undetectable is Chupja? 20

21 What is the bandwidth of Chupja? 21

22 Evaluation: Bandwidth Covert bandwidth equals to packet rate of overt channel 22 1518B 1Gbps 81kbps

23 How robust is Chupja? 23

24 Boston Cornell (Ithaca) Cornell (NYC)NLR (NYC) Chicaco Cleveland Sender Receiver SW1 SW2 SW3SW4 Sender Receiver Evaluation Setup Small Network – Six commercial switches – Average RTT: 0.154 ms National Lambda Rail – Nine routing hops – Average RTT: 67.6ms – 1~2 Gbps External Traffic 24

25 Evaluation: Robustness Overt Channel at 1 Gbps (D = 12211ns, G=13738 /I/s) Covert Channel at 81 kbps 25 ? SenderReceiver 7.7%2.8% 8.9%

26 ? Evaluation: Robustness Overt Channel at 1 Gbps (D = 12211ns, G=13738 /I/s) Covert Channel at 81 kbps Modulating IPGS at 1.6us scale (=2048 /I/s) 26 SenderReceiver 7.7%2.8% 8.9%

27 Why is Chupja robust? 27

28 Evaluation: Why? Switches do not add significant perturbations to IPDs Switches treat ‘1’s and ‘0’s as uncorrelated – Over multiple hops when there is no external traffic. – With external traffic 28

29 Evaluation: Why? Switches do not add significant perturbations to IPDs Switches treat ‘1’s and ‘0’s as uncorrelated – Over multiple hops when there is no external traffic. – With external traffic 29 Sender Homogeneous 1518B at 1 Gbps ReceiverSender Chupja (Ɛ = 256/I/s) 1518B at 1 Gbps Receiver

30 Evaluation: Why? Switches do not add significant perturbations to IPDs Switches treat encoded ‘0’ and ‘1’ as uncorrelated – Over multiple hops when there is no external traffic. 30 1 hop3 hop6 hop9 hop12 hop15 hop D - Ɛ 90% in D - Ɛ ± 250ns 1 hop3 hop6 hop9 hop12 hop 90% in D ± 250ns Homogeneous streamChupja stream ( Ɛ=256/I/s ) 90% in D ± 100ns 90% in D – Ɛ ± 100ns D + Ɛ

31 Evaluation: Why? 31 Boston Cornell (Ithaca) Cornell (NYC)NLR (NYC) Chicaco Cleveland Most of IPDs are within some range from original IPD – Even when there is external traffic. Encoded ‘Zero’ Encoded ‘One’ SenderReceiver Ɛ (/I/s) (ns) 256 (=204.8ns) 512 (=409.6) 1024 (=819.2) 2048 (=1638.4) 4096 (=3276.8) BER0.3670.3910.2810.0890.013

32 Evaluation: Why? Switches do not add significant perturbations to IPDs Switches treat ‘1’s and ‘0’s as uncorrelated – Over multiple hops when there is no external traffic. – With external traffic 32 ? SenderReceiver 1518B at 1 Gbps With sufficiently large Ɛ, the interpacket spacing holds throughout the network, and BER is less than 10%

33 How undetectable is Chupja? 33

34 Evaluation: Detection Setup Commodity server with 10G NIC – Kernel timestamping 34 NLR Sender Kernel timestamping Receiver NLR Sender SoNIC timestamping Receiver

35 Evaluation: Detection 35 Adversary cannot detect patterns of Chupja Kernel TimestampingSoNIC Timestamping Ɛ = 1024 Ɛ = 4096 Ɛ = 1024 Ɛ = 4096

36 Evaluation: Summary What is the bandwidth of Chupja? – 10s~100s Kilo bits per second How robust is Chupja? – BER < 10% over NLR – Why is Chupja robust? Sufficiently large Ɛ holds throughout the network How undetectable is Chupja? – Invisible to software 36

37 Conclusion Chupja: PHY covert channel – High-bandwidth, robust, and undetectable Based on understanding of network devices – Perturbations from switches – Inaccurate endhost timestamping http://sonic.cs.cornell.edu & GENI (ExoGENI)!!! http://sonic.cs.cornell.edu 37 첩자첩자

38 Thank you 38

Download ppt "PHY Covert Channels: Can you see the Idles? Ki Suh Lee Cornell University Joint work with Han Wang, and Hakim Weatherspoon 1 첩자첩자 Chupja."

Similar presentations

Spring 2000CS 4611 Introduction Outline Statistical Multiplexing Inter-Process Communication Network Architecture Performance Metrics.

Spring 2000CS 4611 Introduction Outline Statistical Multiplexing Inter-Process Communication Network Architecture Performance Metrics.
 Implementation of physical and data link layer in software  Real-time access to network stack  Real-time traffic monitoring  Fine-grained control.

 Implementation of physical and data link layer in software  Real-time access to network stack  Real-time traffic monitoring  Fine-grained control.
OSI MODEL Maninder Kaur www.eazynotes.com.

OSI MODEL Maninder Kaur
Western Michigan University Covert Timing Channels Omar Darwish Instructor: Professor Elise de Doncker.

Western Michigan University Covert Timing Channels Omar Darwish Instructor: Professor Elise de Doncker.
CacheCast: Eliminating Redundant Link Traffic for Single Source Multiple Destination Transfers Piotr Srebrny, Thomas Plagemann, Vera Goebel Department.

CacheCast: Eliminating Redundant Link Traffic for Single Source Multiple Destination Transfers Piotr Srebrny, Thomas Plagemann, Vera Goebel Department.
COMMUNICATION TECHNOLOGY by Shashi Bhushan School of Computer and Information Sciences.

COMMUNICATION TECHNOLOGY by Shashi Bhushan School of Computer and Information Sciences.
Sang-Chun Han Hwangjun Song Jun Heo International Conference on Intelligent Hiding and Multimedia Signal Processing (IIH-MSP), Feb, 2008. 05/05 Feb 2009.

Sang-Chun Han Hwangjun Song Jun Heo International Conference on Intelligent Hiding and Multimedia Signal Processing (IIH-MSP), Feb, /05 Feb 2009.
Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.

Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.
1 Fall 2005 Protocols and layering Qutaibah Malluhi Computer Science and Engineering Qatar University.

1 Fall 2005 Protocols and layering Qutaibah Malluhi Computer Science and Engineering Qatar University.
Circuit Switching (a) Circuit switching. (b) Packet switching.

Circuit Switching (a) Circuit switching. (b) Packet switching.
Chapter 5 Link Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 20.

Chapter 5 Link Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 20.
04/26/2004CSCI 315 Operating Systems Design1 Computer Networks.

04/26/2004CSCI 315 Operating Systems Design1 Computer Networks.
1 Link Layer & Network Layer Some slides are from lectures by Nick Mckeown, Ion Stoica, Frans Kaashoek, Hari Balakrishnan, and Sam Madden Prof. Dina Katabi.

1 Link Layer & Network Layer Some slides are from lectures by Nick Mckeown, Ion Stoica, Frans Kaashoek, Hari Balakrishnan, and Sam Madden Prof. Dina Katabi.
Timing is Everything: Accurate, Minimum Overhead, Available Bandwidth Estimation in High-speed Wired Networks Han Wang, Ki Suh Lee, Erluo Li, Chiun Lin.

Timing is Everything: Accurate, Minimum Overhead, Available Bandwidth Estimation in High-speed Wired Networks Han Wang, Ki Suh Lee, Erluo Li, Chiun Lin.
1 Chapter 10 Introduction to Metropolitan Area Networks and Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.

1 Chapter 10 Introduction to Metropolitan Area Networks and Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.
Network Analysis -- Available Bandwidth Estimation Using SoNIC Junyu Chen, Yicheng Liang, Zhihong Liu Cornell University 1.

Network Analysis -- Available Bandwidth Estimation Using SoNIC Junyu Chen, Yicheng Liang, Zhihong Liu Cornell University 1.
Data Center Traffic and Measurements: Available Bandwidth Estimation Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance.

Data Center Traffic and Measurements: Available Bandwidth Estimation Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance.
5: DataLink Layer5-1 Chapter 5 Link Layer and LANs Part 1: Overview of the Data Link layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose,

5: DataLink Layer5-1 Chapter 5 Link Layer and LANs Part 1: Overview of the Data Link layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose,
 Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the.

 Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the.
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

Similar presentations

Ads by Google