CN110392050A - A kind of construction method of the Use of Covert Storage Channels based on timestamp - Google Patents

A kind of construction method of the Use of Covert Storage Channels based on timestamp Download PDF

Info

Publication number
CN110392050A
CN110392050A CN201910648030.6A CN201910648030A CN110392050A CN 110392050 A CN110392050 A CN 110392050A CN 201910648030 A CN201910648030 A CN 201910648030A CN 110392050 A CN110392050 A CN 110392050A
Authority
CN
China
Prior art keywords
timestamp
data
unit
data packet
concealed channel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910648030.6A
Other languages
Chinese (zh)
Other versions
CN110392050B (en
Inventor
张全新
朱梦妍
韩文聪
王连芳
梁晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Beijing Institute of Technology BIT
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CN201910648030.6A priority Critical patent/CN110392050B/en
Publication of CN110392050A publication Critical patent/CN110392050A/en
Application granted granted Critical
Publication of CN110392050B publication Critical patent/CN110392050B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/14Systems for two-way working
    • H04N7/141Systems for two-way working between two video terminals, e.g. videophone

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Compression Or Coding Systems Of Tv Signals (AREA)

Abstract

The present invention relates to a kind of construction methods of Use of Covert Storage Channels based on timestamp, belong to mobile data safety technical field.Communicating pair passes through the formula appointed and secret information is embedded into the timestamp field of data packet head, carries out corresponding being advanced or delayed transmission to data packet sending time further according to the numerical value of timestamp adjustment.Institute's support system includes concealed channel sender data embedding module and concealed channel receiving side data recovery module;Concealed channel sender data embedding module includes data pack buffer unit, timestamp feature unit, timestamp recording unit, timestamp computing unit, concealed channel coding unit and data packet modulation unit again;Concealed channel receiving side data recovery module includes data pack buffer unit and concealed channel decoding unit again;The construction method of the Use of Covert Storage Channels includes the course of work of concealed channel sender data embedding module and concealed channel receiving side data recovery module.The method avoids concealed channel and is detected, and improves concealment.

Description

A kind of construction method of the Use of Covert Storage Channels based on timestamp
Technical field
The present invention relates to a kind of construction methods of Use of Covert Storage Channels based on timestamp, more particularly to one kind is based on mobile view The construction method of the Use of Covert Storage Channels based on timestamp in frequency call environment, belongs to mobile data safety technical field.
Background technique
With flourishing for internet, in today that means of communication is more and more flourishing, rule and the spy that can be utilized Property is consequently increased, and concealed channel is one of pith.Concealed channel is originally defined as one kind by high security level process Snugly by information leakage to the process of low security level process, it can make the acquisition of low security level process that should can not access Information.And the concealed channel in computer network is that secret information is hidden in the process communicated in non-secret information.By In the mass data being widely present on internet and various agreements can be used, the potentiality for constructing concealed channel are greatly improved.
There are two types of widely used concealed channels: Use of Covert Storage Channels and covert timing channel.Use of Covert Storage Channels refers to that sender is logical Data are modified to which information to be directly or indirectly written wherein in crossing the packet header to network packet or wrapping, and are received Side restores secret information by the specific position modified in observation network packet.Covert timing channel refers to sender not Modify to the content of network packet itself, but sent by network packet time interval, rate, sequence etc. whens Between because of usually hiding information, recipient is by observing time because usually restoring secret information.The concealed channel that the present invention constructs belongs to Use of Covert Storage Channels.
With the development of mobile communication, user is continuously increased mobile voice, video traffic demand, and logical in mobile video A large amount of bi-directional data packet can be generated when letter, can become the good carrier of concealed channel.And data packet when video communication is more Rule needs preferably to design the concealment of concealed channel when constructing concealed channel with it, that is, is keeping original number According to the insertion for carrying out secret information on the basis of packet rule.
Classify package location adjustment covert timing channel method and core of the invention difference be concealed channel building mode not Together.This method constructs concealed channel by adjusting the transmission sequence of data packet, and the present invention is by adjusting timestamp in data packet Content constructs concealed channel.This method adjusts the transmission sequence of data packet under the agreement that data packet records sequence number The out-of-order rate not being inconsistent with Network status will be will cause to improve, destroy original statistical law, anti-detection property is lower.And the present invention by In not to data packet transmission sequence be adjusted, still can be kept under the agreement that data packet records sequence number compared with High anti-detection.
The IP covert timing channel method and core of the invention difference for adjusting data packet transmission time interval are concealed channel Building mode is different.This method constructs concealed channel by adjusting data packet transmission time interval, and the present invention is by adjusting data The content of timestamp is in packet to construct concealed channel, while being adjusted to the sending time of data packet.This method is in data packet pair Under the agreement that timestamp is recorded, there is linear relationship, independent logarithms with data packet transmission time interval for timestamp increment This linear relationship can be destroyed by being adjusted according to packet transmission time interval, and anti-detection property is lower.And the present invention is to timestamp sum number It is adjusted simultaneously according to packet transmission time interval, does not destroy the linear relationship between the two, higher anti-detection can be kept.
The purpose of the present invention is being dedicated to solving the problems, such as the concealment of mobile video call concealed channel, construction of stable and hidden Property higher Use of Covert Storage Channels, propose a kind of building side of the Use of Covert Storage Channels based on timestamp under the call based on mobile video Method.
Summary of the invention
The purpose of the present invention is carrier may be destroyed under mobile video call environment for existing Use of Covert Storage Channels The rule of data packet, to keep carrier data packet rule to stablize the case where making the anti-detection reduction of concealed channel, improve building Anti- detection, propose a kind of construction method of Use of Covert Storage Channels based on timestamp.
Specifically: communicating pair passes through the timestamp field that secret information is embedded into data packet head by the formula appointed In, further according to timestamp adjustment numerical value to data packet sending time carry out it is corresponding be advanced or delayed transmission, guaranteed with this The statistical law that data packet will not be destroyed while constructing concealed channel, realizes higher concealment.
A kind of system that the construction method of the Use of Covert Storage Channels based on timestamp is relied on, including concealed channel sender's data It is embedded in module and concealed channel receiving side data recovery module;
Wherein, concealed channel sender data embedding module includes data pack buffer unit, timestamp feature unit, time again Stab recording unit, timestamp computing unit, concealed channel coding unit and data packet modulation unit;
The data pack buffer unit is supplied to the time for obtaining current data packet to be sent and caching to it Stamp feature unit, timestamp computing unit, concealed channel coding unit access;
The timestamp feature unit is used to calculate the feature of timestamp increment, and is supplied to timestamp computing unit;
The timestamp recording unit is used to stab the initial time stamp and modification time of all data packets in this communication It is recorded, and calculates statistical law and be supplied to timestamp computing unit and access;
When the timestamp computing unit is used to calculate modification by secret information embedding formula for the data packet of caching Between stab set, and according to the record in timestamp recording unit, selection stabs modification time from modification time stamp set system One modification time timestamp value of the regular statistical law closest to initial time stamp of meter;
The concealed channel coding unit is used to the initial time stamp in the data packet of caching being changed to timestamp computing unit Obtained in modification time stamp, to realize the insertion of hiding data;
The data packet modulation unit is used to calculate sending time according to modification time stamp and the difference of initial time stamp Modulation value, and corresponding modulation is carried out to sending time;
Concealed channel receiving side data recovery module includes data pack buffer unit and concealed channel decoding unit again;
The data pack buffer unit is supplied to concealed channel solution for obtaining currently received data packet and being cached Code unit accesses;
Based on timestamp value of the concealed channel decoding unit by being modified in the data packet to caching by sender carries out It calculates, decodes the hiding data of insertion, complete the reduction of hiding data;
The connection relationship of each unit is as follows in the construction method institute support system of the Use of Covert Storage Channels:
Data pack buffer unit is connected with timestamp feature unit, timestamp computing unit and concealed channel coding unit; Timestamp feature unit is connected with timestamp computing unit;Timestamp computing unit and concealed channel coding unit and data packet tune Unit processed is connected;Concealed channel coding unit is connected with data packet modulation unit;Data pack buffer unit and concealed channel decoding unit It is connected.
The construction method of the Use of Covert Storage Channels includes the course of work of concealed channel sender's data embedding module and hidden Course of work two parts of channel reception side's data restoring module, the two dependence are as follows: being executed respectively by communicating pair hidden Channel sender's data embedding module and concealed channel receiving side data recovery module, and concealed channel sender's data is required to be embedded in mould Block executes before concealed channel receiving side data recovery module, the data packet energy generated by concealed channel sender's data embedding module And it is only capable of restoring the hiding data being wherein embedded in by concealed channel receiving side data recovery module;
Wherein, the course of work of concealed channel sender data embedding module, i.e. telescopiny, comprising the following steps:
Step A intercepts and captures current packet content to be sent from system kernel, and data packet to be sent is put into data Packet cache unit is cached, then timestamp recording unit is added in the initial time stamp of current data packet;
Wherein, the content of data packet includes but is not limited to the timestamp value and sending time of data packet;
Step B, in timestamp computing unit, with the initial time stamp of current hiding information and current data packet to be embedded Value is parameter, calculates modification time stamp set by secret information embedding formula, and record according in timestamp recording unit Statistical law select an optimal modification time timestamp value;
Wherein, statistical law includes but is not limited to the regularity of distribution of interval of timestamps;
Wherein, optimal modification time timestamp value refers to the statistical law for stabbing modification time closest to initial time stamp The modification time timestamp value of statistical law;
Modification time timestamp value optimal obtained in step B is added timestamp recording unit and updates the time by step C The statistical law recorded in stamp recording unit, for the use of follow-up data packet;
Step D, in concealed channel coding unit, in the stamp replacement current data packet of the modification time obtained in step B Initial time stamp completes the insertion of hiding data;
Step E is stabbed first with current data packet in data packet modulation unit according to modification time obtained in step B The difference of beginning timestamp calculates the modulation value of sending time, and is modulated to the sending time of data packet, specifically:
E.1, if the modulation value of sending time is positive number, the sending time of the data packet is postponed into modulation value;
E.2, if the modulation value of sending time is negative, the sending time of the data packet is shifted to an earlier date into modulation value;
E.3, if the modulation value of sending time is zero, the sending time of data packet is not changed;
The course of work of concealed channel receiving side data recovery module, comprising the following steps:
Step 1, intercepts and captures the content of currently received data packet from system kernel, and is deposited into data pack buffer list Member is cached;
Wherein, the content of data packet includes but is not limited to the timestamp value of data packet;
Step 2 is counted the timestamp value in data cached packet using hidden message extraction by concealed channel decoding unit It calculates, obtains being embedded in hiding data in the packet.
Beneficial effect
A kind of construction method of the Use of Covert Storage Channels based on timestamp of the present invention and existing Use of Covert Storage Channels construction method It compares, has the following beneficial effects:
1. by carrying out the calculating of statistical law to timestamp value in primary call, and selecting relatively optimal modification accordingly Timestamp value can be such that the statistical law of timestamp value and the statistical law of initial time stamp value after modifying keeps to the maximum extent Unanimously, it is detected to avoid the presence of concealed channel, improves concealment;
2. by calculating modulation value modification time stamp and the difference of initial time stamp, and according to modulation value logarithm It is adjusted accordingly according to the sending time of packet, the linear relationship between sending time can be stabbed with the retention time, avoids damage to original There is statistical law,
Improve concealment.
Detailed description of the invention
Fig. 1 for each unit in a kind of construction method institute support system of the Use of Covert Storage Channels based on timestamp of the present invention pass System's figure;
Fig. 2 is concealed channel sender's data insertion in a kind of construction method of the Use of Covert Storage Channels based on timestamp of the present invention The course of work of module is specifically shown in example 1;
Fig. 3 is concealed channel receiving side data reduction in a kind of construction method of the Use of Covert Storage Channels based on timestamp of the present invention The course of work of module is specifically shown in example 2.
Specific embodiment
In order to clearly illustrate that technical solution of the present invention, with reference to the accompanying drawings and embodiments, to a kind of base of the present invention It is further described in detail in the construction method of the Use of Covert Storage Channels of timestamp.It below will be each described in summary of the invention A step successively describes in detail.
Embodiment 1
The present embodiment illustrates sender in a kind of construction method of the Use of Covert Storage Channels based on timestamp of the present invention A kind of specific implementation process of data embedding module sends number formulary according to the process of insertion that is, under VoLTE video calling environment.
The application background of the present embodiment, corresponding is Zhang San and two people of Li Si, needs to transmit important quotient in a concealed manner Industry message.But sender Zhang San, in Beijing, recipient Li Si is in Shanghai, and the all-network environment where Li Si is competed Opponent monitors, and any communication process for carrying suspect message can all be intercepted by rival.But day is carried out between Zhang San and Li Si The VoLTE video calling often lived is normal and is allowed to.Zhang San needs for secret information to be embedded into VoLTE sequence of data packet In, and not detected by opponent under the premise of guaranteeing performance and robustness.
Fig. 1 for each unit in a kind of construction method institute support system of the Use of Covert Storage Channels based on timestamp of the present invention pass System's figure.It includes that sender is embedded in module and recipient's recovery module that Fig. 1, which can be seen that the system that the construction method relies on,.
Wherein, sender is embedded in module and corresponds to concealed channel sender's data embedding module in summary of the invention;Recipient is also Former module corresponds to the concealed channel receiving side data recovery module in summary of the invention.
Wherein, it includes: concealed channel coding unit, timestamp feature unit, timestamp calculating list that sender is embedded in module again Member, data pack buffer unit, concealed channel coding unit and data packet modulation unit;Recipient's recovery module includes that data packet is slow Memory cell and concealed channel decoding unit;
Wherein, timestamp feature unit is connected with data pack buffer unit and timestamp computing unit respectively;Concealed channel is compiled Code unit is connected with data pack buffer unit, timestamp computing unit and data packet modulation unit respectively;Data packet modulation is single Member is connected with timestamp computing unit and concealed channel coding unit respectively;Timestamp computing unit respectively with timestamp feature list Member, data pack buffer unit, concealed channel coding unit and data packet modulation unit are connected;Data pack buffer unit and concealed channel Decoding unit is connected;Data packet modulation unit is connected with data packet cache unit.
Fig. 2 is that number formulary is sent under VoLTE video calling environment according to the schematic diagram of telescopiny.
Telescopiny includes the following steps:
Step 1, secret information is reduced out when concealed channel is found in order to prevent, and secret information to be sent is carried out AES encryption obtains preparing the binary string that is embedded into data packet stream, as in Fig. 2 in the first row the 1st frame, the 2nd frame, the 3rd frame with And the 4th secret information in box above frame: 1010.
Step 2, the data packet for obtaining the 0th frame, obtains initial time stamp 509547254, and enabling sending time is 0, and is stored in Buffer area;
Step 3, the data packet for obtaining next frame obtains timestamp 509549774 and sending time 28.3666923ms, and It is stored in buffer area;
Step 4, the timestamp that the timestamp of present frame in buffer area is subtracted to previous frame obtains timestamp increment 2520, And the access time stabs increment recording areas;
Step 5, the timestamp of present frame in buffer area is subtracted into initial time stamp, obtaining current time stamp is 2520, 2520%180=0, the present bit further according to secret information are 1, need to be adjusted timestamp, influence according on timestamp The smallest principle, obtaining optional modification time stamp is 2430 and 2610;
Step 6, according to the statistical law recorded in timestamp increment recording areas, (temporarily no record is then random when 1 frame Selection), compare the situation of change of statistical law after selecting each optional modification time stamp, and select to influence statistical law minimum One value, be at this time 2610;
Step 7, timestamp modification amount is+90, therefore obtaining modified timestamp is 509549864, by institute in the 1st frame There is the timestamp value of data packet to be changed to 509549774 by 509549774, completes the insertion of this secret information;
It step 8, is+90 by timestamp modification amount, it is+1ms that sending time modulation value, which is calculated, therefore will be in the 1st frame The sending time of all data packets delays 1ms, and first data packet is changed to 29.3666923ms;
Step 9, the data packet after the 1st frame all modifications is sent according to modulated sending time, completes the position The transmission of secret information;
Step 10, step 3- step 9 is repeated, until the transmission of all secret informations is completed, it is modified in this example Timestamp is 509549864,509552654,509556344,509559854.
So far, secret information is successfully embedded into the timestamp for sending data packet by sender Zhang San, sends number formulary The course of work according to insertion module terminates.
Embodiment 2
The present embodiment illustrates recipient in a kind of construction method of the Use of Covert Storage Channels based on timestamp of the present invention The specific implementation process of data restoring module, i.e., receiving side data recovery module is worked under VoLTE video calling environment Journey, such as Fig. 3.
Recipient Li Si extracts timestamp field after receiving VoLTE data packet, and data restoring module is opened Begin to execute extraction operation.
Step a obtains the data packet of the 0th frame, obtains initial time stamp 509547254, and be stored in buffer area;
Step b obtains the data packet of next frame, obtains timestamp 509549864, and be stored in buffer area;
The timestamp of present frame in buffer area is subtracted initial time stamp by step c, obtains current time stamp 2610, is substituted into 2610%A=1 is calculated in hidden message extraction, therefore restoring present bit secret information is 1;
Wherein, hidden message extraction is by timestamp about configured transmission remainder;
Wherein, the digit being embedded in configured transmission A value and each timestamp is related, is embedded in one in the present embodiment every time Position, then the value of configured transmission A is 90 × 21=180;
Step d repeats step b to step c, until completing the reception of all secret informations, restores in this example Secret information is 1010;
So far, recipient Li Si obtains the concealed message of sender Zhang San insertion, the course of work knot of the recovery module The transfer function of beam, the covert timing channel is completed.Sender Zhang San is by modifying data in normal VoLTE video calling Timestamp information in packet, secret message to be transmitted are embedded into timestamp;Recipient Li Si after receiving data packet, Timestamp is handled, concealed message is obtained, transmission process terminates.
Above embodiments are presently preferred embodiments of the present invention, and not to limit the content of present invention, and the present invention is not limited to Content expressed by embodiment and attached drawing.All any modifications made within technical principle of the invention and change equivalent replacement Into etc., it is included within protection scope of the present invention.

Claims (5)

1. a kind of construction method of the Use of Covert Storage Channels based on timestamp, it is characterised in that: the system relied on includes concealed channel Sender's data embedding module and concealed channel receiving side data recovery module;
Wherein, concealed channel sender data embedding module includes data pack buffer unit, timestamp feature unit, time stab again Record unit, timestamp computing unit, concealed channel coding unit and data packet modulation unit;
The data pack buffer unit is supplied to timestamp spy for obtaining current data packet to be sent and caching to it Sign unit, timestamp computing unit, concealed channel coding unit access;
The timestamp feature unit is used to calculate the feature of timestamp increment, and is supplied to timestamp computing unit;
The timestamp recording unit is used to carry out the initial time stamp and modification time stamp of all data packets in this communication Record, and calculate statistical law and be supplied to timestamp computing unit and access;
The timestamp computing unit is used to calculate modification time stamp by secret information embedding formula for the data packet of caching Set, and according to the record in timestamp recording unit, the statistics rule that selection stabs modification time from modification time stamp set Restrain a modification time timestamp value closest to the statistical law of initial time stamp;
The concealed channel coding unit is used to for the initial time stamp in the data packet of caching being changed in timestamp computing unit and obtain The modification time stamp arrived, to realize the insertion of hiding data;
The data packet modulation unit is used to calculate the modulation of sending time with the difference of initial time stamp according to modification time stamp Value, and corresponding modulation is carried out to sending time;
Concealed channel receiving side data recovery module includes data pack buffer unit and concealed channel decoding unit again;
The data pack buffer unit is for obtaining currently received data packet and being cached, and it is single to be supplied to concealed channel decoding Member accesses;
The concealed channel decoding unit is solved for being calculated by the timestamp value that sender modified in the data packet of caching Code goes out the hiding data of insertion, completes the reduction of hiding data;
The connection relationship of each unit is as follows in the construction method institute support system of the Use of Covert Storage Channels:
Data pack buffer unit is connected with timestamp feature unit, timestamp computing unit and concealed channel coding unit;Time Stamp feature unit is connected with timestamp computing unit;Timestamp computing unit and concealed channel coding unit and data packet modulation are single Member is connected;Concealed channel coding unit is connected with data packet modulation unit;Data pack buffer unit is connected with concealed channel decoding unit;
The construction method of the Use of Covert Storage Channels includes the course of work and concealed channel of concealed channel sender's data embedding module The course of work of receiving side data recovery module, the two dependence are as follows: executing concealed channel sender respectively by communicating pair Data embedding module and concealed channel receiving side data recovery module, and require concealed channel sender's data embedding module in concealed channel It executes before receiving side data recovery module, the data packet energy generated by concealed channel sender's data embedding module and is only capable of hidden Channel reception side's data restoring module restores the hiding data being wherein embedded in;
Wherein, the course of work of concealed channel sender data embedding module, i.e. telescopiny, comprising the following steps:
Step A intercepts and captures current packet content to be sent from system kernel, and data packet to be sent is put into data packet and is delayed Memory cell is cached, then timestamp recording unit is added in the initial time stamp of current data packet;
Step B, in timestamp computing unit, the initial time stamp value with current hiding information and current data packet to be embedded is Parameter calculates modification time stamp set by secret information embedding formula, and according to the system recorded in timestamp recording unit Meter rule selects an optimal modification time timestamp value;
Modification time timestamp value optimal obtained in step B is added timestamp recording unit and updates the time stab by step C The statistical law recorded in record unit, for the use of follow-up data packet;
Step D, it is initial in the stamp replacement current data packet of the modification time obtained in step B in concealed channel coding unit Timestamp completes the insertion of hiding data;
Step E, in data packet modulation unit, according to modification time obtained in step B stamp with current data packet it is initial when Between the difference stabbed calculate the modulation value of sending time, and the sending time of data packet is modulated, specifically:
E.1, if the modulation value of sending time is positive number, the sending time of the data packet is postponed into modulation value;
E.2, if the modulation value of sending time is negative, the sending time of the data packet is shifted to an earlier date into modulation value;
E.3, if the modulation value of sending time is zero, the sending time of data packet is not changed;
The course of work of concealed channel receiving side data recovery module, comprising the following steps:
Step 1, intercepts and captures the content of currently received data packet from system kernel, and be deposited into data pack buffer unit into Row caching;
Step 2 is calculated the timestamp value in data cached packet using hidden message extraction by concealed channel decoding unit, Obtain being embedded in hiding data in the packet.
2. a kind of construction method of Use of Covert Storage Channels based on timestamp according to claim 1, it is characterised in that: step In A, the content of data packet includes but is not limited to the timestamp value and sending time of data packet.
3. a kind of construction method of Use of Covert Storage Channels based on timestamp according to claim 1, it is characterised in that: step In B, statistical law includes but is not limited to the regularity of distribution of interval of timestamps.
4. a kind of construction method of Use of Covert Storage Channels based on timestamp according to claim 1, it is characterised in that: step In B, optimal modification time timestamp value refers to the statistical law for stabbing modification time closest to the statistical law of initial time stamp Modification time timestamp value.
5. a kind of construction method of Use of Covert Storage Channels based on timestamp according to claim 1, it is characterised in that: step In one, the content of data packet includes but is not limited to the timestamp value of data packet.
CN201910648030.6A 2019-07-18 2019-07-18 Method for constructing hidden storage channel based on timestamp Active CN110392050B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910648030.6A CN110392050B (en) 2019-07-18 2019-07-18 Method for constructing hidden storage channel based on timestamp

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910648030.6A CN110392050B (en) 2019-07-18 2019-07-18 Method for constructing hidden storage channel based on timestamp

Publications (2)

Publication Number Publication Date
CN110392050A true CN110392050A (en) 2019-10-29
CN110392050B CN110392050B (en) 2020-11-27

Family

ID=68285146

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910648030.6A Active CN110392050B (en) 2019-07-18 2019-07-18 Method for constructing hidden storage channel based on timestamp

Country Status (1)

Country Link
CN (1) CN110392050B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113438257A (en) * 2021-08-26 2021-09-24 网御安全技术(深圳)有限公司 Time-based hidden channel feature acquisition method, system, equipment and storage medium
CN114095242A (en) * 2021-11-18 2022-02-25 东南大学 Storage type hidden channel scheme based on Tor hidden service domain name state
CN114553811A (en) * 2022-01-07 2022-05-27 中国人民解放军战略支援部队信息工程大学 High-capacity behavior steganography method based on timestamp modulation and carrier selection
CN115150067A (en) * 2022-05-10 2022-10-04 北京理工大学 TLS protocol construction method and system based on network covert channel

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107332723A (en) * 2016-04-28 2017-11-07 华为技术有限公司 The detection method and detection device of convert channel
US20170346849A1 (en) * 2016-05-31 2017-11-30 F-Secure Corporation Preventing Security Threats in a Computer Network
CN108259811A (en) * 2018-04-03 2018-07-06 北京理工大学 A kind of the covert timing channel device and its construction method of package location adjustment of classifying
CN109040115A (en) * 2018-09-06 2018-12-18 中国科学院软件研究所 A kind of concealed communication method under block chain network environment
CN109547443A (en) * 2018-11-28 2019-03-29 甘肃农业大学 A kind of detection method of the hidden channel of network storage type
US20190190556A1 (en) * 2010-09-16 2019-06-20 Benjamin J. Sheahan Apparatus and method for conversion between analog and digital domains with a time stamp

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190190556A1 (en) * 2010-09-16 2019-06-20 Benjamin J. Sheahan Apparatus and method for conversion between analog and digital domains with a time stamp
CN107332723A (en) * 2016-04-28 2017-11-07 华为技术有限公司 The detection method and detection device of convert channel
US20170346849A1 (en) * 2016-05-31 2017-11-30 F-Secure Corporation Preventing Security Threats in a Computer Network
CN108259811A (en) * 2018-04-03 2018-07-06 北京理工大学 A kind of the covert timing channel device and its construction method of package location adjustment of classifying
CN109040115A (en) * 2018-09-06 2018-12-18 中国科学院软件研究所 A kind of concealed communication method under block chain network environment
CN109547443A (en) * 2018-11-28 2019-03-29 甘肃农业大学 A kind of detection method of the hidden channel of network storage type

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
MEHDI HUSSAIN 等: "A high bandwidth covert channel in network protocol", 《2011 INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGIES》 *
娄嘉鹏: "一种基于TCP协议的网络隐蔽传输方案设计", 《信息网络安全》 *
王鹏: "一种基于TCP时间戳选项的隐蔽信道方法", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113438257A (en) * 2021-08-26 2021-09-24 网御安全技术(深圳)有限公司 Time-based hidden channel feature acquisition method, system, equipment and storage medium
CN113438257B (en) * 2021-08-26 2021-11-12 网御安全技术(深圳)有限公司 Time-based hidden channel feature acquisition method, system, equipment and storage medium
CN114095242A (en) * 2021-11-18 2022-02-25 东南大学 Storage type hidden channel scheme based on Tor hidden service domain name state
CN114095242B (en) * 2021-11-18 2024-02-06 东南大学 Storage type hidden channel construction method based on Tor hidden service domain name state
CN114553811A (en) * 2022-01-07 2022-05-27 中国人民解放军战略支援部队信息工程大学 High-capacity behavior steganography method based on timestamp modulation and carrier selection
CN114553811B (en) * 2022-01-07 2023-04-28 中国人民解放军战略支援部队信息工程大学 High-capacity behavior steganography method based on timestamp modulation and carrier selection
CN115150067A (en) * 2022-05-10 2022-10-04 北京理工大学 TLS protocol construction method and system based on network covert channel

Also Published As

Publication number Publication date
CN110392050B (en) 2020-11-27

Similar Documents

Publication Publication Date Title
CN110392050A (en) A kind of construction method of the Use of Covert Storage Channels based on timestamp
Sultana et al. Secure provenance transmission for streaming data
Ling et al. A new cell-counting-based attack against Tor
EP2768182B1 (en) Method, base station, and terminal for communication surveillance
CN106878528A (en) A kind of disturbance incoming call SMS interception method and system based on block chain technology
CN107480990A (en) Block chain bookkeeping methods and device
CN103746962B (en) GOOSE electric real-time message encryption and decryption method
Zheng et al. Secure and energy-efficient transmissions in cache-enabled heterogeneous cellular networks: Performance analysis and optimization
CN104967610B (en) A kind of timeslot-based watermark hopping communication means
CN109150861B (en) Block chain network communication system
CN107454276A (en) A kind of subscriber terminal equipment and its data forwarding method and communication system
CN106960166A (en) A kind of smart jack management system and its method based on distributed general ledger technology
CN106209325A (en) A kind of TCP ACK message processing method and device
CN108259811A (en) A kind of the covert timing channel device and its construction method of package location adjustment of classifying
De Rango et al. Mitigating DoS attacks in IoT EDGE Layer to preserve QoS topics and nodes' energy
CN103023630B (en) Method for hiding information of speech stream on basis of speech coding by pulse code modulation
CN109714295B (en) Voice encryption and decryption synchronous processing method and device
CN116155477B (en) IPsec anti-replay method and system based on dynamic sliding window
Huang et al. Secured flooding time synchronization protocol
CN101296110B (en) Real-time monitoring apparatus and method
CN111865983A (en) Block chain-based data security tracing method
CN109728908B (en) Secret key management method based on quantum secure mobile storage medium
CN103138913A (en) Optical fiber web encryption communication system based on time hidden signal channel
Li et al. Research on the application of data encryption technology in communication security
CN103354666B (en) Communication means, base station and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant