A study of on/off timing channel based on packet delay distribution

An on/off timing channel is a typical network covert timing channel, which can be used by attackers to steal information from compromised systems without triggering network firewalls and intrusion detection systems. In this paper, we discuss the principle of the information transmission in an on/off timing channel and categorize such channels into two types: deterministic channels and non-deterministic channels. We then analyze the components of packet delay and their characteristics, and provide a method of calculating the maximum transmission rate of a non-deterministic channel based on the packet delay distribution. After that, we conduct experiments to obtain the packet delay distribution in real network, and calculate the maximum transmission rate via our method. Then we construct an actual channel, and attain the actual transmission rate based on the observed symbol transmission probabilities. Our experiments show that the transmission rate calculated through our method is close to the real one, and can reveal the risk of the information leakage via on/off time channels in a network. In addition, the results indicate that non-deterministic channels may bring more threat than deterministic ones in the same network, and the information leakage via on/off timing channels should gain more intention.