Asynchronous Covert Communication Using BitTorrent Trackers

Abstract : Covert channels enable communicating parties to exchange messages without being detected by an external observer. We propose a novel covert channel mechanism based on BitTorrent trackers. The proposed mechanism uses common HTTP commands, thus having the appearance of genuine web traffic and consists of communications that are both indirect and asynchronous: no messages are directly exchanged between the sender and the receiver (of covert communications) and there is a potentially considerable delay between the sender's message to the relaying party and the receiver collecting this message. We present details of the proposed scheme in which a centralized BitTorrent tracker is used for storing covert messages and evaluate its performance based on the implemented prototype. We analyze the detectability of covert communications by an adversary and show that, while the common nature of the BitTorrent traffic and the large number of clients make the detection unlikely, the low temporal correlation between the writer and the reader (the two communicating parties) further increases the detection difficulty.
Document type :
Conference papers
Complete list of metadatas

Cited literature [6 references]  Display  Hide  Download

https://hal.inria.fr/hal-01053147
Contributor : Mathieu Cunche <>
Submitted on : Tuesday, July 29, 2014 - 4:15:04 PM
Last modification on : Saturday, October 27, 2018 - 1:19:01 AM
Long-term archiving on : Tuesday, November 25, 2014 - 8:26:07 PM

File

Hidden_Channel_Tracker_short.p...
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01053147, version 1

Collections

Citation

Mathieu Cunche, Mohamed Ali Kaafar, Roksana Boreli. Asynchronous Covert Communication Using BitTorrent Trackers. International Symposium on Cyberspace Safety and Security (CSS), Aug 2014, Paris, France. ⟨hal-01053147⟩

Share

Metrics

Record views

516

Files downloads

244