Characterization and Detection of Cross-Router Covert Channels

Oren Shvartzman, Adar Ovadya, Kfir Zvi, Omer Shwartz, Rom Ogen, Yakov Mallah, Niv Gilboa, Yossi Oren

Computers & Security 127, 103125, 2023

In covert channel attacks, an adversary seeks various means to influence a tangible characteristic of a system, and then makes the systems leak information by measuring this characteristic. Covert channels are, by nature, very elusive. This makes it very difficult to identify them and defend against attacks that use these channels to leak sensitive information. Thus, they are a serious threat to the security of many systems.In this paper, we present two network timing covert channel attacks, and a defense mechanism against them. The purpose of the proposed attacks is to leak sensitive information between two logically separated (or isolated) networks that are hosted by a single router – one that is connected to the Internet, and another that is isolated and contains sensitive information. The attacks build on the fact that the response time of the router for a specific type of packet sent from a device that is connected to it is …