Premium
A network covert timing channel detection method based on threshold secret sharing
Author(s) -
Xie Jinpu,
Chen Yonghong,
Wang Linfan,
Wang Zhe
Publication year - 2020
Publication title -
transactions on emerging telecommunications technologies
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.366
H-Index - 47
ISSN - 2161-3915
DOI - 10.1002/ett.3781
Subject(s) - robustness (evolution) , computer science , covert , jitter , covert channel , network packet , computer network , channel (broadcasting) , network security , real time computing , telecommunications , cloud computing , security information and event management , philosophy , biochemistry , chemistry , linguistics , gene , cloud computing security , operating system
Network covert timing channel (NCTC) is a kind of covert channel that acquires strong concealment by modifying the interpacket delays of legitimate network traffic and can evade detection by conventional network security mechanisms such as firewalls. Existing detection schemes are not able to detect multiple types of covert channels. Moreover, the robustness of the detection method is low when the network environment changes. Therefore, detecting NCTC is a challenging task. In this paper, an NCTC detection method based on threshold secret sharing is proposed. The new approach utilizes the principle of threshold secret sharing to tolerate the loss or the destruction of partial subsecrets, improves the robustness of the detection method, and solves the problem that the current detection method cannot resist environment changes. Experimental results show that the proposed scheme in this paper has strong robustness to a changing network environment such as when network jitter, packet loss, and packet injection occur in the network transmission process. The approach can detect varieties of NCTCs with a guaranteed true positive rate and greatly improve the versatility and robustness.