Covert channels are a useful tool for those that wish to access data on secure systems without being detected. Covert channels exploit the implementation of legitimate system services to transmit data illicitly. For example, one program may affect the amount of load on a computer's processor while another program monitors the processor load. When the processor load passes a certain threshold, the interpreter program records a 1. When the processor load is below that threshold, the interpreter program records 0s.
The most basic covert channel is a binary symmetric channel, a channel that transmits a 0 or 1. There is a probability that either symbol will be received in error (e.g, 0 is received as a 1). A second type of channel, the Z channel, transmits 1s and 0s, and one symbol is received without error. We defined a Z-channel in TFTP, a file transfer protocol based on UDP. We defined this channel as 2�δ, where δ was the lower threshold for receiving a 1, and the 2 represents the number of symbols that in the channel's alphabet. Building on the work of Greenwald et.al., we expand the capabilities of the 2δ� channel by creating a 2βδ� channel we call the Saw-Tooth Channel. We measure the data and error rates in this expanded version by measuring the information theoretic properties of capacity, entropy, and equivocation in the Saw-Tooth Channel transmitting β-length strings, as opposed to single characters. We also examine the effects of the mini-pump, a mitigation technique based on the NRL pump, on the properties of the Saw-Tooth Channel.
|