Using a novel blending method over multiple network connections for secure communication

Abstract

In the field of computer security, covert communication is usually seen as adversarial, but from another perspective, it can be seen as a way to communicate securely by hiding data from a malicious third party, e.g., an inside attacker. In this light, instead of making data unreadable using encryption, it may be possible to hide from an adversary a secure network infrastructure (consisting of several node endpoints) in network traffic. In this paper we describe a novel blending technique that is capable of using as carriers the payload fields of multiple connections including audio, video, and voice over IP (VoIP) streams. The technique executes in three main phases. First the state of the network is analyzed. Next, insertion points are selected based on the protocols, data rates, and randomness characteristics of the network data. Finally, covert data are inserted into packets that are injected into the network. By analyzing the same network traffic the covert receiver identifies the insertion points and extracts the covert messages. In this paper, we evaluate the blending covert method with user datagram protocol (UDP) connections during two network loads. Our results show that our technique works with limited data loss. We also provide an analysis of the trade offs between throughput and detectability.