CN110392050A - A kind of construction method of the Use of Covert Storage Channels based on timestamp - Google Patents
A kind of construction method of the Use of Covert Storage Channels based on timestamp Download PDFInfo
- Publication number
- CN110392050A CN110392050A CN201910648030.6A CN201910648030A CN110392050A CN 110392050 A CN110392050 A CN 110392050A CN 201910648030 A CN201910648030 A CN 201910648030A CN 110392050 A CN110392050 A CN 110392050A
- Authority
- CN
- China
- Prior art keywords
- timestamp
- data
- unit
- data packet
- concealed channel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/14—Systems for two-way working
- H04N7/141—Systems for two-way working between two video terminals, e.g. videophone
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Compression Or Coding Systems Of Tv Signals (AREA)
Abstract
The present invention relates to a kind of construction methods of Use of Covert Storage Channels based on timestamp, belong to mobile data safety technical field.Communicating pair passes through the formula appointed and secret information is embedded into the timestamp field of data packet head, carries out corresponding being advanced or delayed transmission to data packet sending time further according to the numerical value of timestamp adjustment.Institute's support system includes concealed channel sender data embedding module and concealed channel receiving side data recovery module;Concealed channel sender data embedding module includes data pack buffer unit, timestamp feature unit, timestamp recording unit, timestamp computing unit, concealed channel coding unit and data packet modulation unit again;Concealed channel receiving side data recovery module includes data pack buffer unit and concealed channel decoding unit again;The construction method of the Use of Covert Storage Channels includes the course of work of concealed channel sender data embedding module and concealed channel receiving side data recovery module.The method avoids concealed channel and is detected, and improves concealment.
Description
Technical field
The present invention relates to a kind of construction methods of Use of Covert Storage Channels based on timestamp, more particularly to one kind is based on mobile view
The construction method of the Use of Covert Storage Channels based on timestamp in frequency call environment, belongs to mobile data safety technical field.
Background technique
With flourishing for internet, in today that means of communication is more and more flourishing, rule and the spy that can be utilized
Property is consequently increased, and concealed channel is one of pith.Concealed channel is originally defined as one kind by high security level process
Snugly by information leakage to the process of low security level process, it can make the acquisition of low security level process that should can not access
Information.And the concealed channel in computer network is that secret information is hidden in the process communicated in non-secret information.By
In the mass data being widely present on internet and various agreements can be used, the potentiality for constructing concealed channel are greatly improved.
There are two types of widely used concealed channels: Use of Covert Storage Channels and covert timing channel.Use of Covert Storage Channels refers to that sender is logical
Data are modified to which information to be directly or indirectly written wherein in crossing the packet header to network packet or wrapping, and are received
Side restores secret information by the specific position modified in observation network packet.Covert timing channel refers to sender not
Modify to the content of network packet itself, but sent by network packet time interval, rate, sequence etc. whens
Between because of usually hiding information, recipient is by observing time because usually restoring secret information.The concealed channel that the present invention constructs belongs to
Use of Covert Storage Channels.
With the development of mobile communication, user is continuously increased mobile voice, video traffic demand, and logical in mobile video
A large amount of bi-directional data packet can be generated when letter, can become the good carrier of concealed channel.And data packet when video communication is more
Rule needs preferably to design the concealment of concealed channel when constructing concealed channel with it, that is, is keeping original number
According to the insertion for carrying out secret information on the basis of packet rule.
Classify package location adjustment covert timing channel method and core of the invention difference be concealed channel building mode not
Together.This method constructs concealed channel by adjusting the transmission sequence of data packet, and the present invention is by adjusting timestamp in data packet
Content constructs concealed channel.This method adjusts the transmission sequence of data packet under the agreement that data packet records sequence number
The out-of-order rate not being inconsistent with Network status will be will cause to improve, destroy original statistical law, anti-detection property is lower.And the present invention by
In not to data packet transmission sequence be adjusted, still can be kept under the agreement that data packet records sequence number compared with
High anti-detection.
The IP covert timing channel method and core of the invention difference for adjusting data packet transmission time interval are concealed channel
Building mode is different.This method constructs concealed channel by adjusting data packet transmission time interval, and the present invention is by adjusting data
The content of timestamp is in packet to construct concealed channel, while being adjusted to the sending time of data packet.This method is in data packet pair
Under the agreement that timestamp is recorded, there is linear relationship, independent logarithms with data packet transmission time interval for timestamp increment
This linear relationship can be destroyed by being adjusted according to packet transmission time interval, and anti-detection property is lower.And the present invention is to timestamp sum number
It is adjusted simultaneously according to packet transmission time interval, does not destroy the linear relationship between the two, higher anti-detection can be kept.
The purpose of the present invention is being dedicated to solving the problems, such as the concealment of mobile video call concealed channel, construction of stable and hidden
Property higher Use of Covert Storage Channels, propose a kind of building side of the Use of Covert Storage Channels based on timestamp under the call based on mobile video
Method.
Summary of the invention
The purpose of the present invention is carrier may be destroyed under mobile video call environment for existing Use of Covert Storage Channels
The rule of data packet, to keep carrier data packet rule to stablize the case where making the anti-detection reduction of concealed channel, improve building
Anti- detection, propose a kind of construction method of Use of Covert Storage Channels based on timestamp.
Specifically: communicating pair passes through the timestamp field that secret information is embedded into data packet head by the formula appointed
In, further according to timestamp adjustment numerical value to data packet sending time carry out it is corresponding be advanced or delayed transmission, guaranteed with this
The statistical law that data packet will not be destroyed while constructing concealed channel, realizes higher concealment.
A kind of system that the construction method of the Use of Covert Storage Channels based on timestamp is relied on, including concealed channel sender's data
It is embedded in module and concealed channel receiving side data recovery module;
Wherein, concealed channel sender data embedding module includes data pack buffer unit, timestamp feature unit, time again
Stab recording unit, timestamp computing unit, concealed channel coding unit and data packet modulation unit;
The data pack buffer unit is supplied to the time for obtaining current data packet to be sent and caching to it
Stamp feature unit, timestamp computing unit, concealed channel coding unit access;
The timestamp feature unit is used to calculate the feature of timestamp increment, and is supplied to timestamp computing unit;
The timestamp recording unit is used to stab the initial time stamp and modification time of all data packets in this communication
It is recorded, and calculates statistical law and be supplied to timestamp computing unit and access;
When the timestamp computing unit is used to calculate modification by secret information embedding formula for the data packet of caching
Between stab set, and according to the record in timestamp recording unit, selection stabs modification time from modification time stamp set system
One modification time timestamp value of the regular statistical law closest to initial time stamp of meter;
The concealed channel coding unit is used to the initial time stamp in the data packet of caching being changed to timestamp computing unit
Obtained in modification time stamp, to realize the insertion of hiding data;
The data packet modulation unit is used to calculate sending time according to modification time stamp and the difference of initial time stamp
Modulation value, and corresponding modulation is carried out to sending time;
Concealed channel receiving side data recovery module includes data pack buffer unit and concealed channel decoding unit again;
The data pack buffer unit is supplied to concealed channel solution for obtaining currently received data packet and being cached
Code unit accesses;
Based on timestamp value of the concealed channel decoding unit by being modified in the data packet to caching by sender carries out
It calculates, decodes the hiding data of insertion, complete the reduction of hiding data;
The connection relationship of each unit is as follows in the construction method institute support system of the Use of Covert Storage Channels:
Data pack buffer unit is connected with timestamp feature unit, timestamp computing unit and concealed channel coding unit;
Timestamp feature unit is connected with timestamp computing unit;Timestamp computing unit and concealed channel coding unit and data packet tune
Unit processed is connected;Concealed channel coding unit is connected with data packet modulation unit;Data pack buffer unit and concealed channel decoding unit
It is connected.
The construction method of the Use of Covert Storage Channels includes the course of work of concealed channel sender's data embedding module and hidden
Course of work two parts of channel reception side's data restoring module, the two dependence are as follows: being executed respectively by communicating pair hidden
Channel sender's data embedding module and concealed channel receiving side data recovery module, and concealed channel sender's data is required to be embedded in mould
Block executes before concealed channel receiving side data recovery module, the data packet energy generated by concealed channel sender's data embedding module
And it is only capable of restoring the hiding data being wherein embedded in by concealed channel receiving side data recovery module;
Wherein, the course of work of concealed channel sender data embedding module, i.e. telescopiny, comprising the following steps:
Step A intercepts and captures current packet content to be sent from system kernel, and data packet to be sent is put into data
Packet cache unit is cached, then timestamp recording unit is added in the initial time stamp of current data packet;
Wherein, the content of data packet includes but is not limited to the timestamp value and sending time of data packet;
Step B, in timestamp computing unit, with the initial time stamp of current hiding information and current data packet to be embedded
Value is parameter, calculates modification time stamp set by secret information embedding formula, and record according in timestamp recording unit
Statistical law select an optimal modification time timestamp value;
Wherein, statistical law includes but is not limited to the regularity of distribution of interval of timestamps;
Wherein, optimal modification time timestamp value refers to the statistical law for stabbing modification time closest to initial time stamp
The modification time timestamp value of statistical law;
Modification time timestamp value optimal obtained in step B is added timestamp recording unit and updates the time by step C
The statistical law recorded in stamp recording unit, for the use of follow-up data packet;
Step D, in concealed channel coding unit, in the stamp replacement current data packet of the modification time obtained in step B
Initial time stamp completes the insertion of hiding data;
Step E is stabbed first with current data packet in data packet modulation unit according to modification time obtained in step B
The difference of beginning timestamp calculates the modulation value of sending time, and is modulated to the sending time of data packet, specifically:
E.1, if the modulation value of sending time is positive number, the sending time of the data packet is postponed into modulation value;
E.2, if the modulation value of sending time is negative, the sending time of the data packet is shifted to an earlier date into modulation value;
E.3, if the modulation value of sending time is zero, the sending time of data packet is not changed;
The course of work of concealed channel receiving side data recovery module, comprising the following steps:
Step 1, intercepts and captures the content of currently received data packet from system kernel, and is deposited into data pack buffer list
Member is cached;
Wherein, the content of data packet includes but is not limited to the timestamp value of data packet;
Step 2 is counted the timestamp value in data cached packet using hidden message extraction by concealed channel decoding unit
It calculates, obtains being embedded in hiding data in the packet.
Beneficial effect
A kind of construction method of the Use of Covert Storage Channels based on timestamp of the present invention and existing Use of Covert Storage Channels construction method
It compares, has the following beneficial effects:
1. by carrying out the calculating of statistical law to timestamp value in primary call, and selecting relatively optimal modification accordingly
Timestamp value can be such that the statistical law of timestamp value and the statistical law of initial time stamp value after modifying keeps to the maximum extent
Unanimously, it is detected to avoid the presence of concealed channel, improves concealment;
2. by calculating modulation value modification time stamp and the difference of initial time stamp, and according to modulation value logarithm
It is adjusted accordingly according to the sending time of packet, the linear relationship between sending time can be stabbed with the retention time, avoids damage to original
There is statistical law,
Improve concealment.
Detailed description of the invention
Fig. 1 for each unit in a kind of construction method institute support system of the Use of Covert Storage Channels based on timestamp of the present invention pass
System's figure;
Fig. 2 is concealed channel sender's data insertion in a kind of construction method of the Use of Covert Storage Channels based on timestamp of the present invention
The course of work of module is specifically shown in example 1;
Fig. 3 is concealed channel receiving side data reduction in a kind of construction method of the Use of Covert Storage Channels based on timestamp of the present invention
The course of work of module is specifically shown in example 2.
Specific embodiment
In order to clearly illustrate that technical solution of the present invention, with reference to the accompanying drawings and embodiments, to a kind of base of the present invention
It is further described in detail in the construction method of the Use of Covert Storage Channels of timestamp.It below will be each described in summary of the invention
A step successively describes in detail.
Embodiment 1
The present embodiment illustrates sender in a kind of construction method of the Use of Covert Storage Channels based on timestamp of the present invention
A kind of specific implementation process of data embedding module sends number formulary according to the process of insertion that is, under VoLTE video calling environment.
The application background of the present embodiment, corresponding is Zhang San and two people of Li Si, needs to transmit important quotient in a concealed manner
Industry message.But sender Zhang San, in Beijing, recipient Li Si is in Shanghai, and the all-network environment where Li Si is competed
Opponent monitors, and any communication process for carrying suspect message can all be intercepted by rival.But day is carried out between Zhang San and Li Si
The VoLTE video calling often lived is normal and is allowed to.Zhang San needs for secret information to be embedded into VoLTE sequence of data packet
In, and not detected by opponent under the premise of guaranteeing performance and robustness.
Fig. 1 for each unit in a kind of construction method institute support system of the Use of Covert Storage Channels based on timestamp of the present invention pass
System's figure.It includes that sender is embedded in module and recipient's recovery module that Fig. 1, which can be seen that the system that the construction method relies on,.
Wherein, sender is embedded in module and corresponds to concealed channel sender's data embedding module in summary of the invention;Recipient is also
Former module corresponds to the concealed channel receiving side data recovery module in summary of the invention.
Wherein, it includes: concealed channel coding unit, timestamp feature unit, timestamp calculating list that sender is embedded in module again
Member, data pack buffer unit, concealed channel coding unit and data packet modulation unit;Recipient's recovery module includes that data packet is slow
Memory cell and concealed channel decoding unit;
Wherein, timestamp feature unit is connected with data pack buffer unit and timestamp computing unit respectively;Concealed channel is compiled
Code unit is connected with data pack buffer unit, timestamp computing unit and data packet modulation unit respectively;Data packet modulation is single
Member is connected with timestamp computing unit and concealed channel coding unit respectively;Timestamp computing unit respectively with timestamp feature list
Member, data pack buffer unit, concealed channel coding unit and data packet modulation unit are connected;Data pack buffer unit and concealed channel
Decoding unit is connected;Data packet modulation unit is connected with data packet cache unit.
Fig. 2 is that number formulary is sent under VoLTE video calling environment according to the schematic diagram of telescopiny.
Telescopiny includes the following steps:
Step 1, secret information is reduced out when concealed channel is found in order to prevent, and secret information to be sent is carried out
AES encryption obtains preparing the binary string that is embedded into data packet stream, as in Fig. 2 in the first row the 1st frame, the 2nd frame, the 3rd frame with
And the 4th secret information in box above frame: 1010.
Step 2, the data packet for obtaining the 0th frame, obtains initial time stamp 509547254, and enabling sending time is 0, and is stored in
Buffer area;
Step 3, the data packet for obtaining next frame obtains timestamp 509549774 and sending time 28.3666923ms, and
It is stored in buffer area;
Step 4, the timestamp that the timestamp of present frame in buffer area is subtracted to previous frame obtains timestamp increment 2520,
And the access time stabs increment recording areas;
Step 5, the timestamp of present frame in buffer area is subtracted into initial time stamp, obtaining current time stamp is 2520,
2520%180=0, the present bit further according to secret information are 1, need to be adjusted timestamp, influence according on timestamp
The smallest principle, obtaining optional modification time stamp is 2430 and 2610;
Step 6, according to the statistical law recorded in timestamp increment recording areas, (temporarily no record is then random when 1 frame
Selection), compare the situation of change of statistical law after selecting each optional modification time stamp, and select to influence statistical law minimum
One value, be at this time 2610;
Step 7, timestamp modification amount is+90, therefore obtaining modified timestamp is 509549864, by institute in the 1st frame
There is the timestamp value of data packet to be changed to 509549774 by 509549774, completes the insertion of this secret information;
It step 8, is+90 by timestamp modification amount, it is+1ms that sending time modulation value, which is calculated, therefore will be in the 1st frame
The sending time of all data packets delays 1ms, and first data packet is changed to 29.3666923ms;
Step 9, the data packet after the 1st frame all modifications is sent according to modulated sending time, completes the position
The transmission of secret information;
Step 10, step 3- step 9 is repeated, until the transmission of all secret informations is completed, it is modified in this example
Timestamp is 509549864,509552654,509556344,509559854.
So far, secret information is successfully embedded into the timestamp for sending data packet by sender Zhang San, sends number formulary
The course of work according to insertion module terminates.
Embodiment 2
The present embodiment illustrates recipient in a kind of construction method of the Use of Covert Storage Channels based on timestamp of the present invention
The specific implementation process of data restoring module, i.e., receiving side data recovery module is worked under VoLTE video calling environment
Journey, such as Fig. 3.
Recipient Li Si extracts timestamp field after receiving VoLTE data packet, and data restoring module is opened
Begin to execute extraction operation.
Step a obtains the data packet of the 0th frame, obtains initial time stamp 509547254, and be stored in buffer area;
Step b obtains the data packet of next frame, obtains timestamp 509549864, and be stored in buffer area;
The timestamp of present frame in buffer area is subtracted initial time stamp by step c, obtains current time stamp 2610, is substituted into
2610%A=1 is calculated in hidden message extraction, therefore restoring present bit secret information is 1;
Wherein, hidden message extraction is by timestamp about configured transmission remainder;
Wherein, the digit being embedded in configured transmission A value and each timestamp is related, is embedded in one in the present embodiment every time
Position, then the value of configured transmission A is 90 × 21=180;
Step d repeats step b to step c, until completing the reception of all secret informations, restores in this example
Secret information is 1010;
So far, recipient Li Si obtains the concealed message of sender Zhang San insertion, the course of work knot of the recovery module
The transfer function of beam, the covert timing channel is completed.Sender Zhang San is by modifying data in normal VoLTE video calling
Timestamp information in packet, secret message to be transmitted are embedded into timestamp;Recipient Li Si after receiving data packet,
Timestamp is handled, concealed message is obtained, transmission process terminates.
Above embodiments are presently preferred embodiments of the present invention, and not to limit the content of present invention, and the present invention is not limited to
Content expressed by embodiment and attached drawing.All any modifications made within technical principle of the invention and change equivalent replacement
Into etc., it is included within protection scope of the present invention.
Claims (5)
1. a kind of construction method of the Use of Covert Storage Channels based on timestamp, it is characterised in that: the system relied on includes concealed channel
Sender's data embedding module and concealed channel receiving side data recovery module;
Wherein, concealed channel sender data embedding module includes data pack buffer unit, timestamp feature unit, time stab again
Record unit, timestamp computing unit, concealed channel coding unit and data packet modulation unit;
The data pack buffer unit is supplied to timestamp spy for obtaining current data packet to be sent and caching to it
Sign unit, timestamp computing unit, concealed channel coding unit access;
The timestamp feature unit is used to calculate the feature of timestamp increment, and is supplied to timestamp computing unit;
The timestamp recording unit is used to carry out the initial time stamp and modification time stamp of all data packets in this communication
Record, and calculate statistical law and be supplied to timestamp computing unit and access;
The timestamp computing unit is used to calculate modification time stamp by secret information embedding formula for the data packet of caching
Set, and according to the record in timestamp recording unit, the statistics rule that selection stabs modification time from modification time stamp set
Restrain a modification time timestamp value closest to the statistical law of initial time stamp;
The concealed channel coding unit is used to for the initial time stamp in the data packet of caching being changed in timestamp computing unit and obtain
The modification time stamp arrived, to realize the insertion of hiding data;
The data packet modulation unit is used to calculate the modulation of sending time with the difference of initial time stamp according to modification time stamp
Value, and corresponding modulation is carried out to sending time;
Concealed channel receiving side data recovery module includes data pack buffer unit and concealed channel decoding unit again;
The data pack buffer unit is for obtaining currently received data packet and being cached, and it is single to be supplied to concealed channel decoding
Member accesses;
The concealed channel decoding unit is solved for being calculated by the timestamp value that sender modified in the data packet of caching
Code goes out the hiding data of insertion, completes the reduction of hiding data;
The connection relationship of each unit is as follows in the construction method institute support system of the Use of Covert Storage Channels:
Data pack buffer unit is connected with timestamp feature unit, timestamp computing unit and concealed channel coding unit;Time
Stamp feature unit is connected with timestamp computing unit;Timestamp computing unit and concealed channel coding unit and data packet modulation are single
Member is connected;Concealed channel coding unit is connected with data packet modulation unit;Data pack buffer unit is connected with concealed channel decoding unit;
The construction method of the Use of Covert Storage Channels includes the course of work and concealed channel of concealed channel sender's data embedding module
The course of work of receiving side data recovery module, the two dependence are as follows: executing concealed channel sender respectively by communicating pair
Data embedding module and concealed channel receiving side data recovery module, and require concealed channel sender's data embedding module in concealed channel
It executes before receiving side data recovery module, the data packet energy generated by concealed channel sender's data embedding module and is only capable of hidden
Channel reception side's data restoring module restores the hiding data being wherein embedded in;
Wherein, the course of work of concealed channel sender data embedding module, i.e. telescopiny, comprising the following steps:
Step A intercepts and captures current packet content to be sent from system kernel, and data packet to be sent is put into data packet and is delayed
Memory cell is cached, then timestamp recording unit is added in the initial time stamp of current data packet;
Step B, in timestamp computing unit, the initial time stamp value with current hiding information and current data packet to be embedded is
Parameter calculates modification time stamp set by secret information embedding formula, and according to the system recorded in timestamp recording unit
Meter rule selects an optimal modification time timestamp value;
Modification time timestamp value optimal obtained in step B is added timestamp recording unit and updates the time stab by step C
The statistical law recorded in record unit, for the use of follow-up data packet;
Step D, it is initial in the stamp replacement current data packet of the modification time obtained in step B in concealed channel coding unit
Timestamp completes the insertion of hiding data;
Step E, in data packet modulation unit, according to modification time obtained in step B stamp with current data packet it is initial when
Between the difference stabbed calculate the modulation value of sending time, and the sending time of data packet is modulated, specifically:
E.1, if the modulation value of sending time is positive number, the sending time of the data packet is postponed into modulation value;
E.2, if the modulation value of sending time is negative, the sending time of the data packet is shifted to an earlier date into modulation value;
E.3, if the modulation value of sending time is zero, the sending time of data packet is not changed;
The course of work of concealed channel receiving side data recovery module, comprising the following steps:
Step 1, intercepts and captures the content of currently received data packet from system kernel, and be deposited into data pack buffer unit into
Row caching;
Step 2 is calculated the timestamp value in data cached packet using hidden message extraction by concealed channel decoding unit,
Obtain being embedded in hiding data in the packet.
2. a kind of construction method of Use of Covert Storage Channels based on timestamp according to claim 1, it is characterised in that: step
In A, the content of data packet includes but is not limited to the timestamp value and sending time of data packet.
3. a kind of construction method of Use of Covert Storage Channels based on timestamp according to claim 1, it is characterised in that: step
In B, statistical law includes but is not limited to the regularity of distribution of interval of timestamps.
4. a kind of construction method of Use of Covert Storage Channels based on timestamp according to claim 1, it is characterised in that: step
In B, optimal modification time timestamp value refers to the statistical law for stabbing modification time closest to the statistical law of initial time stamp
Modification time timestamp value.
5. a kind of construction method of Use of Covert Storage Channels based on timestamp according to claim 1, it is characterised in that: step
In one, the content of data packet includes but is not limited to the timestamp value of data packet.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910648030.6A CN110392050B (en) | 2019-07-18 | 2019-07-18 | Method for constructing hidden storage channel based on timestamp |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910648030.6A CN110392050B (en) | 2019-07-18 | 2019-07-18 | Method for constructing hidden storage channel based on timestamp |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110392050A true CN110392050A (en) | 2019-10-29 |
CN110392050B CN110392050B (en) | 2020-11-27 |
Family
ID=68285146
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910648030.6A Active CN110392050B (en) | 2019-07-18 | 2019-07-18 | Method for constructing hidden storage channel based on timestamp |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110392050B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113438257A (en) * | 2021-08-26 | 2021-09-24 | 网御安全技术(深圳)有限公司 | Time-based hidden channel feature acquisition method, system, equipment and storage medium |
CN114095242A (en) * | 2021-11-18 | 2022-02-25 | 东南大学 | Storage type hidden channel scheme based on Tor hidden service domain name state |
CN114553811A (en) * | 2022-01-07 | 2022-05-27 | 中国人民解放军战略支援部队信息工程大学 | High-capacity behavior steganography method based on timestamp modulation and carrier selection |
CN115150067A (en) * | 2022-05-10 | 2022-10-04 | 北京理工大学 | TLS protocol construction method and system based on network covert channel |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107332723A (en) * | 2016-04-28 | 2017-11-07 | 华为技术有限公司 | The detection method and detection device of convert channel |
US20170346849A1 (en) * | 2016-05-31 | 2017-11-30 | F-Secure Corporation | Preventing Security Threats in a Computer Network |
CN108259811A (en) * | 2018-04-03 | 2018-07-06 | 北京理工大学 | A kind of the covert timing channel device and its construction method of package location adjustment of classifying |
CN109040115A (en) * | 2018-09-06 | 2018-12-18 | 中国科学院软件研究所 | A kind of concealed communication method under block chain network environment |
CN109547443A (en) * | 2018-11-28 | 2019-03-29 | 甘肃农业大学 | A kind of detection method of the hidden channel of network storage type |
US20190190556A1 (en) * | 2010-09-16 | 2019-06-20 | Benjamin J. Sheahan | Apparatus and method for conversion between analog and digital domains with a time stamp |
-
2019
- 2019-07-18 CN CN201910648030.6A patent/CN110392050B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190190556A1 (en) * | 2010-09-16 | 2019-06-20 | Benjamin J. Sheahan | Apparatus and method for conversion between analog and digital domains with a time stamp |
CN107332723A (en) * | 2016-04-28 | 2017-11-07 | 华为技术有限公司 | The detection method and detection device of convert channel |
US20170346849A1 (en) * | 2016-05-31 | 2017-11-30 | F-Secure Corporation | Preventing Security Threats in a Computer Network |
CN108259811A (en) * | 2018-04-03 | 2018-07-06 | 北京理工大学 | A kind of the covert timing channel device and its construction method of package location adjustment of classifying |
CN109040115A (en) * | 2018-09-06 | 2018-12-18 | 中国科学院软件研究所 | A kind of concealed communication method under block chain network environment |
CN109547443A (en) * | 2018-11-28 | 2019-03-29 | 甘肃农业大学 | A kind of detection method of the hidden channel of network storage type |
Non-Patent Citations (3)
Title |
---|
MEHDI HUSSAIN 等: "A high bandwidth covert channel in network protocol", 《2011 INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGIES》 * |
娄嘉鹏: "一种基于TCP协议的网络隐蔽传输方案设计", 《信息网络安全》 * |
王鹏: "一种基于TCP时间戳选项的隐蔽信道方法", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113438257A (en) * | 2021-08-26 | 2021-09-24 | 网御安全技术(深圳)有限公司 | Time-based hidden channel feature acquisition method, system, equipment and storage medium |
CN113438257B (en) * | 2021-08-26 | 2021-11-12 | 网御安全技术(深圳)有限公司 | Time-based hidden channel feature acquisition method, system, equipment and storage medium |
CN114095242A (en) * | 2021-11-18 | 2022-02-25 | 东南大学 | Storage type hidden channel scheme based on Tor hidden service domain name state |
CN114095242B (en) * | 2021-11-18 | 2024-02-06 | 东南大学 | Storage type hidden channel construction method based on Tor hidden service domain name state |
CN114553811A (en) * | 2022-01-07 | 2022-05-27 | 中国人民解放军战略支援部队信息工程大学 | High-capacity behavior steganography method based on timestamp modulation and carrier selection |
CN114553811B (en) * | 2022-01-07 | 2023-04-28 | 中国人民解放军战略支援部队信息工程大学 | High-capacity behavior steganography method based on timestamp modulation and carrier selection |
CN115150067A (en) * | 2022-05-10 | 2022-10-04 | 北京理工大学 | TLS protocol construction method and system based on network covert channel |
Also Published As
Publication number | Publication date |
---|---|
CN110392050B (en) | 2020-11-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110392050A (en) | A kind of construction method of the Use of Covert Storage Channels based on timestamp | |
Sultana et al. | Secure provenance transmission for streaming data | |
Ling et al. | A new cell-counting-based attack against Tor | |
EP2768182B1 (en) | Method, base station, and terminal for communication surveillance | |
CN106878528A (en) | A kind of disturbance incoming call SMS interception method and system based on block chain technology | |
CN107480990A (en) | Block chain bookkeeping methods and device | |
CN103746962B (en) | GOOSE electric real-time message encryption and decryption method | |
Zheng et al. | Secure and energy-efficient transmissions in cache-enabled heterogeneous cellular networks: Performance analysis and optimization | |
CN104967610B (en) | A kind of timeslot-based watermark hopping communication means | |
CN109150861B (en) | Block chain network communication system | |
CN107454276A (en) | A kind of subscriber terminal equipment and its data forwarding method and communication system | |
CN106960166A (en) | A kind of smart jack management system and its method based on distributed general ledger technology | |
CN106209325A (en) | A kind of TCP ACK message processing method and device | |
CN108259811A (en) | A kind of the covert timing channel device and its construction method of package location adjustment of classifying | |
De Rango et al. | Mitigating DoS attacks in IoT EDGE Layer to preserve QoS topics and nodes' energy | |
CN103023630B (en) | Method for hiding information of speech stream on basis of speech coding by pulse code modulation | |
CN109714295B (en) | Voice encryption and decryption synchronous processing method and device | |
CN116155477B (en) | IPsec anti-replay method and system based on dynamic sliding window | |
Huang et al. | Secured flooding time synchronization protocol | |
CN101296110B (en) | Real-time monitoring apparatus and method | |
CN111865983A (en) | Block chain-based data security tracing method | |
CN109728908B (en) | Secret key management method based on quantum secure mobile storage medium | |
CN103138913A (en) | Optical fiber web encryption communication system based on time hidden signal channel | |
Li et al. | Research on the application of data encryption technology in communication security | |
CN103354666B (en) | Communication means, base station and terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |