Covert Communications Despite Traffic Data Retention [chapter]

George Danezis
2011 Lecture Notes in Computer Science  
We show that Alice and Bob can communicate covertly and anonymously, despite Eve having access to the traffic data of most machines on the Internet. Our protocols take advantage of small amounts of shared state that exist in many TCP/IP stacks, and use them to construct a covert channel. Techniques inspired from Direct Sequence Spread Spectrum (DSSS) are used to make sure that the communication is covert and resistant to noise. We implement a prototype based on ICMP Echo (ping) to illustrate
more » ... practicality of our approach and discuss how a more complex protocol would modulate information through the use of TCP features to make communication detection very difficult. The feasibility of covert communications despite stringent traffic data retention, has far reaching policy consequences. Introduction Covert and jamming resistant communications are a well studied discipline in the field of military and civilian radio communications. Low probability of intercept and position fix techniques like frequency hopping and Direct Sequence Spread Spectrum (DSSS) have been developed to force an adversary to spend a lot of power to jam a signal, as well as to hide altogether the existence of a communication from those that do not know a shared key [5] . Such technologies have been deployed in military tactical radios, but have also become part of civilian communications with frequency hopping being used in GSM phones, and CDMA (a variant of DSSS that uses orthogonal codes) being used in mobile communications and high-speed modems. Yet relatively little attention has been directly payed to the covertness of communication in the context of the Internet. The field of anonymous communications, as started by David Chaum's [13] proposal for mixes and mix networks, attempts to provide unlinkability of senders and receiver. These anonymity properties fall short of full covertness, in that an observer is in a position to determine that some form of communication is taking place. Jamming resistance is also difficult to achieve, since the anonymous communication infrastructure in deployed systems [14, 23, 15] , can easily be targeted and rendered inoperable by a powerful adversary. A peer-to-peer approach [18, 29] to providing anonymity may
doi:10.1007/978-3-642-22137-8_27 fatcat:cu74ah4x6nbwphylf2ferdbw44