CN110392050B - Method for constructing hidden storage channel based on timestamp - Google Patents

Method for constructing hidden storage channel based on timestamp Download PDF

Info

Publication number
CN110392050B
CN110392050B CN201910648030.6A CN201910648030A CN110392050B CN 110392050 B CN110392050 B CN 110392050B CN 201910648030 A CN201910648030 A CN 201910648030A CN 110392050 B CN110392050 B CN 110392050B
Authority
CN
China
Prior art keywords
timestamp
data packet
unit
hidden channel
hidden
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910648030.6A
Other languages
Chinese (zh)
Other versions
CN110392050A (en
Inventor
张全新
朱梦妍
韩文聪
王连芳
梁晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN201910648030.6A priority Critical patent/CN110392050B/en
Publication of CN110392050A publication Critical patent/CN110392050A/en
Application granted granted Critical
Publication of CN110392050B publication Critical patent/CN110392050B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/14Systems for two-way working
    • H04N7/141Systems for two-way working between two video terminals, e.g. videophone

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Compression Or Coding Systems Of Tv Signals (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The invention relates to a method for constructing a hidden storage channel based on a timestamp, and belongs to the technical field of mobile data security. The two communication parties embed the secret information into the timestamp field of the data packet header through an agreed formula, and then correspondingly send the sending time of the data packet in advance or in a delayed manner according to the value adjusted by the timestamp. The supported system comprises a data embedding module of a hidden channel sender and a data restoring module of a hidden channel receiver; the data embedding module of the hidden channel sender also comprises a data packet caching unit, a time stamp feature unit, a time stamp recording unit, a time stamp calculating unit, a hidden channel coding unit and a data packet modulating unit; the data recovery module of the hidden channel receiver also comprises a data packet buffer unit and a hidden channel decoding unit; the method for constructing the storage hidden channel comprises the working processes of a hidden channel sender data embedding module and a hidden channel receiver data restoring module. The method avoids the hidden channel from being detected, and improves the concealment.

Description

Method for constructing hidden storage channel based on timestamp
Technical Field
The invention relates to a method for constructing a storage hidden channel based on a timestamp, in particular to a method for constructing a storage hidden channel based on a timestamp in a mobile video call environment, and belongs to the technical field of mobile data security.
Background
With the explosion of the internet, in today with more and more developed communication means, the laws and characteristics that can be utilized are also increased, and a hidden channel is an important part of the communication. A hidden channel is initially defined as a process where information is covertly revealed by a high security level process to a low security level process, enabling the low security level process to obtain information that should not be accessible. The hidden channel in the computer network is a process of hiding the hidden information in the non-hidden information for communication. The potential of constructing a hidden channel is greatly improved due to the fact that mass data and various protocols widely existing on the Internet can be used.
There are two widely used hidden channels: and storing the hidden channel and the time hidden channel. The storage hidden channel means that a sender directly or indirectly writes information into a header of a network data packet or data in the packet by modifying the header, and a receiver restores hidden information by observing a specific modified position in the network data packet. The time hidden channel means that a sender does not modify the content of the network data packet, but hides information through time factors such as time interval, speed, sequence and the like of network data packet sending, and a receiver restores the hidden information through observing the time factors. The hidden channel constructed by the invention belongs to a storage hidden channel.
With the development of mobile communication, the user's demand for mobile voice and video services is increasing, and a large amount of bidirectional data packets are generated during mobile video communication, which can become a good carrier of a hidden channel. The data packet in video communication is regular, and when the hidden channel is constructed by the data packet, the concealment of the hidden channel needs to be designed well, namely, the hidden information is embedded on the basis of keeping the original data packet rule.
The core difference between the time hidden channel method for adjusting the position of the classified packet and the method is that the construction mode of the hidden channel is different. The method constructs the hidden channel by adjusting the sending sequence of the data packets, and the invention constructs the hidden channel by adjusting the content of the time stamp in the data packets. According to the method, under the protocol that the data packets record the serial numbers, the disorder rate inconsistent with the network condition is improved by adjusting the sending sequence of the data packets, the original statistical rule is damaged, and the detection resistance is low. The invention can keep higher anti-detection performance under the protocol of recording the sequence number by the data packet because the sending sequence of the data packet is not adjusted.
The core difference between the IP time hidden channel method for adjusting the data packet sending time interval and the method is that the construction mode of the hidden channel is different. The method constructs the hidden channel by adjusting the sending time interval of the data packet, constructs the hidden channel by adjusting the content of the time stamp in the data packet, and simultaneously adjusts the sending time of the data packet. According to the method, under the protocol that the data packet records the timestamp, a linear relation exists between the timestamp increment and the data packet sending time interval, the linear relation is damaged when the data packet sending time interval is independently adjusted, and the detectability resistance is low. The invention adjusts the time stamp and the data packet sending time interval at the same time, does not destroy the linear relation between the two and can keep higher anti-detection performance.
The invention aims to solve the problem of concealment of a hidden channel in mobile video call, construct a stable and high-concealment storage hidden channel, and provides a method for constructing the storage hidden channel based on a timestamp under the mobile video call.
Disclosure of Invention
The invention aims to provide a method for constructing a hidden storage channel based on a timestamp, aiming at the problem that the conventional hidden storage channel can damage the rule of a carrier data packet in a mobile video call environment, so that the detectability resistance of the hidden channel is reduced, the rule of the carrier data packet is kept stable, and the detectability resistance of construction is improved.
The method specifically comprises the following steps: the two communication parties embed the covert information into a timestamp field of a data packet header through an agreed formula, and correspondingly send the sending time of the data packet in advance or in a delayed manner according to the value adjusted by the timestamp, so that the construction of a covert channel is guaranteed, the statistical rule of the data packet is not damaged, and high concealment is realized.
A system supported by a method for constructing a hidden channel based on a time stamp comprises a data embedding module of a hidden channel sender and a data restoring module of a hidden channel receiver;
the hidden channel sender data embedding module comprises a data packet caching unit, a time stamp feature unit, a time stamp recording unit, a time stamp calculating unit, a hidden channel coding unit and a data packet modulating unit;
the data packet caching unit is used for acquiring and caching a current data packet to be sent and providing the current data packet to the timestamp characteristic unit, the timestamp calculation unit and the hidden channel coding unit for access;
the time stamp feature unit is used for calculating the feature of the time stamp increment and providing the feature to the time stamp calculating unit;
the time stamp recording unit is used for recording the initial time stamps and the modification time stamps of all the data packets in the communication, calculating a statistical rule and providing the statistical rule for the time stamp calculating unit to access;
the timestamp calculation unit is used for calculating a modification timestamp set for the cached data packet through a secret information embedding formula, and selecting a modification timestamp value which enables the statistical rule of the modification timestamp to be closest to the statistical rule of the initial timestamp from the modification timestamp set according to the record in the timestamp recording unit;
the hidden channel coding unit is used for changing an initial timestamp in a cached data packet into a modified timestamp obtained in the timestamp calculation unit, so that the hidden data is embedded;
the data packet modulation unit is used for calculating a modulation value of the sending time according to the difference value of the modification timestamp and the initial timestamp and correspondingly modulating the sending time;
the data recovery module of the hidden channel receiver also comprises a data packet buffer unit and a hidden channel decoding unit;
the data packet cache unit is used for acquiring and caching a currently received data packet and providing the data packet for the hidden channel decoding unit to access;
the hidden channel decoding unit is used for calculating the timestamp value modified by the sender in the cached data packet, decoding the embedded hidden data and finishing the restoration of the hidden data;
the construction method of the hidden storage channel relies on the following connection relation of each unit in the system:
the data packet cache unit is connected with the timestamp feature unit, the timestamp calculation unit and the hidden channel coding unit; the time stamp feature unit is connected with the time stamp calculating unit; the time stamp calculating unit is connected with the hidden channel coding unit and the data packet modulating unit; the hidden channel coding unit is connected with the data packet modulation unit; the data packet buffer unit is connected with the hidden channel decoding unit.
The method for constructing the storage hidden channel comprises two parts, namely a working process of a hidden channel sender data embedding module and a working process of a hidden channel receiver data restoring module, wherein the dependence relationship between the two parts is as follows: the method comprises the following steps that a communication party and a communication party respectively execute a hidden channel sender data embedding module and a hidden channel receiver data restoring module, the hidden channel sender data embedding module is required to be executed before the hidden channel receiver data restoring module, and a data packet generated by the hidden channel sender data embedding module can only be restored by the hidden channel receiver data restoring module;
the working process of the hidden channel sender data embedding module, namely the embedding process, comprises the following steps:
step A, intercepting the content of a current data packet to be sent from a system kernel, putting the data packet to be sent into a data packet cache unit for caching, and adding an initial timestamp of the current data packet into a timestamp recording unit;
wherein, the content of the data packet includes but is not limited to the time stamp value and the sending time of the data packet;
step B, in a time stamp calculation unit, taking the current hidden information to be embedded and the initial time stamp value of the current data packet as parameters, calculating a modification time stamp set through a hidden information embedding formula, and selecting an optimal modification time stamp value according to the statistical rule recorded in a time stamp recording unit;
wherein, the statistical rules include but are not limited to distribution rules of time stamp intervals;
wherein the optimal modification timestamp value refers to a modification timestamp value that makes the statistical rule of the modification timestamp closest to the statistical rule of the initial timestamp;
step C, adding the optimal modified timestamp value obtained in the step B into a timestamp recording unit and updating the statistical rule recorded in the timestamp recording unit for use by subsequent data packets;
d, in the hidden channel coding unit, replacing the initial timestamp in the current data packet by the modified timestamp obtained in the step B to finish the embedding of the hidden data;
step E, in the data packet modulation unit, calculating a modulation value of the sending time according to the difference value of the modification timestamp obtained in the step B and the initial timestamp of the current data packet, and modulating the sending time of the data packet, specifically:
e.1, if the modulation value of the sending time is a positive number, delaying the sending time of the data packet by the modulation value;
e.2, if the modulation value of the sending time is a negative number, the sending time of the data packet is advanced by the modulation value;
e.3, if the modulation value of the sending time is zero, the sending time of the data packet is not changed;
the working process of the hidden channel receiver data recovery module comprises the following steps:
intercepting the content of a currently received data packet from a system kernel, and storing the content into a data packet cache unit for caching;
wherein the content of the data packet includes, but is not limited to, the time stamp value of the data packet;
and step two, the hidden channel decoding unit calculates the timestamp value in the buffer data packet by using hidden message extraction to obtain hidden data embedded in the data packet.
Advantageous effects
Compared with the existing method for constructing the hidden storage channel, the method for constructing the hidden storage channel based on the timestamp has the following beneficial effects:
1. by calculating the statistical rule of the timestamp values in one call and selecting the relatively optimal modification timestamp values according to the statistical rule, the statistical rule of the modified timestamp values and the statistical rule of the initial timestamp values can be kept consistent to the maximum extent, so that the existence of a hidden channel is prevented from being detected, and the concealment is improved;
2. by calculating the modulation value according to the difference value between the modification timestamp and the initial timestamp and correspondingly adjusting the sending time of the data packet according to the modulation value, the linear relation between the timestamp and the sending time can be kept, the original statistical rule is prevented from being damaged,
improving the concealment.
Drawings
FIG. 1 is a relational diagram of units in a system relied on by a method for constructing a hidden channel of storage based on a timestamp;
fig. 2 is a working process of a hidden channel sender data embedding module in a method for constructing a storage hidden channel based on a timestamp, which is specifically shown in example 1;
fig. 3 is a working process of a hidden channel receiver data restoring module in the method for constructing a storage hidden channel based on a timestamp, which is specifically shown in example 2.
Detailed Description
In order to more clearly show the technical solution of the present invention, the following describes in detail a method for constructing a hidden channel based on a timestamp according to the present invention with reference to the accompanying drawings and embodiments. The individual steps described in the summary are described in detail below in turn.
Example 1
This embodiment details a specific implementation process of the sender data embedding module in the method for constructing a storage hidden channel based on a timestamp, that is, a process of embedding sender data in a VoLTE video call environment.
The application background of the embodiment, corresponding to Zhang three and Li four people, needs to transmit important commercial messages in a concealed way. However, the sender Zhang III is in Beijing, the receiver Liqu is in Shanghai, all network environments in which the Liqu is located are monitored by competitors, and any communication process carrying suspicious messages can be intercepted by the competitors. However, VoLTE video calls between zhang san and lie san, which are everyday life, are normal and allowed. Zhang III needs to embed the secret information into the VoLTE data packet sequence and cannot be detected by an adversary on the premise of ensuring the performance and the robustness.
FIG. 1 is a relational diagram of units in a system relied on by a method for constructing a hidden channel based on a timestamp. As can be seen in fig. 1, the system on which the construction method relies includes a sender embedding module and a receiver restoring module.
The sender embedding module corresponds to a hidden channel sender data embedding module in the invention content; the receiver recovery module corresponds to the hidden channel receiver data recovery module in the invention content.
Wherein, sender embedded module includes again: the device comprises a hidden channel coding unit, a time stamp feature unit, a time stamp calculating unit, a data packet caching unit, a hidden channel coding unit and a data packet modulating unit; the receiver restoring module comprises a data packet buffer unit and a hidden channel decoding unit;
the time stamp feature unit is respectively connected with the data packet cache unit and the time stamp calculation unit; the hidden channel coding unit is respectively connected with the data packet cache unit, the timestamp calculation unit and the data packet modulation unit; the data packet modulation unit is respectively connected with the timestamp calculation unit and the hidden channel coding unit; the time stamp calculating unit is respectively connected with the time stamp feature unit, the data packet caching unit, the hidden channel coding unit and the data packet modulation unit; the data packet buffer unit is connected with the hidden channel decoding unit; the data packet modulation unit is connected with the data packet buffer unit.
Fig. 2 is a schematic diagram of a sender data embedding process in a VoLTE video call environment.
The embedding process comprises the following steps:
step 1, in order to prevent the hidden information from being restored when the hidden channel is found, AES encryption is performed on the hidden information to be transmitted to obtain a binary string to be embedded into a data packet stream, such as the hidden information in the upper boxes of the 1 st frame, the 2 nd frame, the 3 rd frame and the 4 th frame in the first row in fig. 2: 1010.
step 2, acquiring the data packet of the 0 th frame, obtaining an initial timestamp 509547254, setting the sending time to be 0, and storing the time in a cache region;
step 3, acquiring a data packet of the next frame, obtaining a timestamp 509549774 and a sending time 28.3666923ms, and storing the data packet in a buffer area;
step 4, subtracting the timestamp of the previous frame from the timestamp of the current frame in the cache region to obtain a timestamp increment 2520, and storing the timestamp increment 2520 in a timestamp increment recording region;
step 5, subtracting the initial timestamp from the timestamp of the current frame in the buffer area to obtain 2520 which is 180%, adjusting the timestamp according to the current bit of the secret information being 1, and obtaining 2430 and 2610 which are optional modified timestamps according to the principle of minimum influence on the timestamp;
step 6, according to the statistical law recorded in the timestamp increment recording area (random selection if no record is recorded temporarily at the 1 st frame), comparing and selecting the change condition of the statistical law after each optional modification timestamp, and selecting a value with the smallest influence on the statistical law, wherein the value is 2610 at the moment;
step 7, the timestamp modifier is +90, so that the modified timestamp is 509549864, the timestamp values of all the data packets in the 1 st frame are changed from 509549774 to 509549774, and the embedding of the bit secret information is completed;
step 8, calculating to obtain a modulation value of sending time as +1ms according to the time stamp modification amount as +90, so that the sending time of all data packets in the 1 st frame is delayed by 1ms, and the first data packet is changed into 29.3666923 ms;
step 9, sending out all modified data packets of the 1 st frame according to the modulated sending time to finish the transmission of the bit secret information;
and 10, repeating the steps 3 to 9 until the transmission of the secret information of all bits is completed, wherein the modified timestamps are 509549864, 509552654, 509556344 and 509559854 in the example.
So far, the sender Zhang III has successfully embedded the secret information into the timestamp of the sending data packet, and the working process of the sender data embedding module is finished.
Example 2
This embodiment details a specific implementation process of the receiver data restoring module in the method for constructing a storage hidden channel based on a timestamp, that is, a working process of the receiver data restoring module in a VoLTE video call environment, as shown in fig. 3.
And after receiving the VoLTE data packet, the receiving party Li IV extracts the timestamp field, and the data restoring module starts to execute the extraction operation.
Step a, acquiring a data packet of a 0 th frame, obtaining an initial time stamp 509547254, and storing the initial time stamp 509547254 in a cache region;
step b, acquiring a data packet of the next frame to obtain a time stamp 509549864, and storing the time stamp 509549864 in a cache region;
step c, subtracting the initial timestamp from the timestamp of the current frame in the buffer area to obtain a current timestamp 2610, substituting the current timestamp into the concealed message extraction calculation to obtain 2610% A as 1, and therefore restoring the current bit concealed information as 1;
wherein, the hidden message extraction is to take the time stamp and the transmission parameter as the rest;
the value of the transmission parameter a is related to the number of bits embedded in each timestamp, and in this embodiment, each time one bit is embedded, the value of the transmission parameter a is 90 × 21=180;
Step d, repeating the steps b to c until the reception of the secret information of all bits is completed, wherein the recovered secret information is 1010;
thus, the receiver lie four obtains the secret message embedded by the sender zhang san, the working process of the recovery module is finished, and the transmission function of the time secret channel is completed. A third sending party modifies the timestamp information in the data packet in the normal VoLTE video call and embeds the secret message to be transmitted into the timestamp; and after receiving the data packet, the receiver plum IV processes the time stamp to obtain the secret message, and the transmission process is finished.
The above embodiments are preferred embodiments of the present invention, and are not intended to limit the present invention, and the present invention is not limited to the embodiments and the contents shown in the drawings. Any modification, equivalent replacement, and improvement made within the technical principle of the present invention are included in the scope of protection of the present invention.

Claims (5)

1. A method for constructing a hidden storage channel based on a timestamp is characterized by comprising the following steps: the supported system comprises a data embedding module of a hidden channel sender and a data restoring module of a hidden channel receiver;
the hidden channel sender data embedding module comprises a data packet caching unit, a time stamp feature unit, a time stamp recording unit, a time stamp calculating unit, a hidden channel coding unit and a data packet modulating unit;
the data packet caching unit is used for acquiring and caching a current data packet to be sent and providing the current data packet to the timestamp characteristic unit, the timestamp calculation unit and the hidden channel coding unit for access;
the time stamp feature unit is used for calculating the feature of the time stamp increment and providing the feature to the time stamp calculating unit;
the time stamp recording unit is used for recording the initial time stamps and the modification time stamps of all the data packets in the communication, calculating a statistical rule and providing the statistical rule for the time stamp calculating unit to access;
the timestamp calculation unit is used for calculating a modification timestamp set for the cached data packet through a secret information embedding formula, and selecting a modification timestamp value which enables the statistical rule of the modification timestamp to be closest to the statistical rule of the initial timestamp from the modification timestamp set according to the record in the timestamp recording unit;
the hidden channel coding unit is used for changing an initial timestamp in a cached data packet into a modified timestamp obtained in the timestamp calculation unit, so that the hidden data is embedded;
the data packet modulation unit is used for calculating a modulation value of the sending time according to the difference value of the modification timestamp and the initial timestamp and correspondingly modulating the sending time;
the data recovery module of the hidden channel receiver also comprises a data packet buffer unit and a hidden channel decoding unit;
the data packet cache unit is used for acquiring and caching a currently received data packet and providing the data packet for the hidden channel decoding unit to access;
the hidden channel decoding unit is used for calculating the timestamp value modified by the sender in the cached data packet, decoding the embedded hidden data and finishing the restoration of the hidden data;
the construction method of the hidden storage channel relies on the following connection relation of each unit in the system:
the data packet cache unit is connected with the timestamp feature unit, the timestamp calculation unit and the hidden channel coding unit; the time stamp feature unit is connected with the time stamp calculating unit; the time stamp calculating unit is connected with the hidden channel coding unit and the data packet modulating unit; the hidden channel coding unit is connected with the data packet modulation unit; the data packet buffer unit is connected with the hidden channel decoding unit;
the method for constructing the storage hidden channel comprises a working process of a hidden channel sender data embedding module and a working process of a hidden channel receiver data restoring module, wherein the dependence relationship of the hidden channel sender data embedding module and the hidden channel receiver data restoring module is as follows: the method comprises the following steps that a communication party and a communication party respectively execute a hidden channel sender data embedding module and a hidden channel receiver data restoring module, the hidden channel sender data embedding module is required to be executed before the hidden channel receiver data restoring module, and a data packet generated by the hidden channel sender data embedding module can only be restored by the hidden channel receiver data restoring module;
the working process of the hidden channel sender data embedding module, namely the embedding process, comprises the following steps:
step A, intercepting the content of a current data packet to be sent from a system kernel, putting the data packet to be sent into a data packet cache unit for caching, and adding an initial timestamp of the current data packet into a timestamp recording unit;
step B, in a time stamp calculation unit, taking the current hidden information to be embedded and the initial time stamp value of the current data packet as parameters, calculating a modification time stamp set through a hidden information embedding formula, and selecting an optimal modification time stamp value according to the statistical rule recorded in a time stamp recording unit;
the modification timestamp set is calculated through a secret information embedding formula, the initial timestamp is subtracted from the timestamp of the current frame in the cache region according to the principle of minimum influence on the timestamp, the current timestamp is obtained, and the timestamp is adjusted according to the current bit of the secret information, so that the optional modification timestamp set is obtained;
"select an optimal modification timestamp value according to the statistical rule recorded in the timestamp recording unit", specifically:
according to the statistical rule recorded in the timestamp increment recording area, comparing and selecting the change condition of the statistical rule after each optional modification timestamp is selected, and selecting a value with the minimum influence on the statistical rule;
step C, adding the optimal modified timestamp value obtained in the step B into a timestamp recording unit and updating the statistical rule recorded in the timestamp recording unit for use by subsequent data packets;
d, in the hidden channel coding unit, replacing the initial timestamp in the current data packet by the modified timestamp obtained in the step B to finish the embedding of the hidden data;
step E, in the data packet modulation unit, calculating a modulation value of the sending time according to the difference value of the modification timestamp obtained in the step B and the initial timestamp of the current data packet, and modulating the sending time of the data packet, specifically:
e.1, if the modulation value of the sending time is a positive number, delaying the sending time of the data packet by the modulation value;
e.2, if the modulation value of the sending time is a negative number, the sending time of the data packet is advanced by the modulation value;
e.3, if the modulation value of the sending time is zero, the sending time of the data packet is not changed;
the working process of the hidden channel receiver data recovery module comprises the following steps:
intercepting the content of a currently received data packet from a system kernel, and storing the content into a data packet cache unit for caching;
and step two, the hidden channel decoding unit calculates the timestamp value in the buffer data packet by using hidden message extraction to obtain hidden data embedded in the data packet.
2. The method for constructing the hidden channel based on the timestamp as claimed in claim 1, wherein: in step a, the content of the data packet includes the time stamp value and the transmission time of the data packet.
3. The method for constructing the hidden channel based on the timestamp as claimed in claim 1, wherein: in step B, the statistical rules include distribution rules of timestamp intervals.
4. The method for constructing the hidden channel based on the timestamp as claimed in claim 1, wherein: in step B, the optimal modification timestamp value is the modification timestamp value that makes the statistical rule of the modification timestamp closest to the statistical rule of the initial timestamp.
5. The method for constructing the hidden channel based on the timestamp as claimed in claim 1, wherein: in step one, the content of the data packet includes a time stamp value of the data packet.
CN201910648030.6A 2019-07-18 2019-07-18 Method for constructing hidden storage channel based on timestamp Active CN110392050B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910648030.6A CN110392050B (en) 2019-07-18 2019-07-18 Method for constructing hidden storage channel based on timestamp

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910648030.6A CN110392050B (en) 2019-07-18 2019-07-18 Method for constructing hidden storage channel based on timestamp

Publications (2)

Publication Number Publication Date
CN110392050A CN110392050A (en) 2019-10-29
CN110392050B true CN110392050B (en) 2020-11-27

Family

ID=68285146

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910648030.6A Active CN110392050B (en) 2019-07-18 2019-07-18 Method for constructing hidden storage channel based on timestamp

Country Status (1)

Country Link
CN (1) CN110392050B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113438257B (en) * 2021-08-26 2021-11-12 网御安全技术(深圳)有限公司 Time-based hidden channel feature acquisition method, system, equipment and storage medium
CN114095242B (en) * 2021-11-18 2024-02-06 东南大学 Storage type hidden channel construction method based on Tor hidden service domain name state
CN114553811B (en) * 2022-01-07 2023-04-28 中国人民解放军战略支援部队信息工程大学 High-capacity behavior steganography method based on timestamp modulation and carrier selection
CN115150067A (en) * 2022-05-10 2022-10-04 北京理工大学 TLS protocol construction method and system based on network covert channel

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040115A (en) * 2018-09-06 2018-12-18 中国科学院软件研究所 A kind of concealed communication method under block chain network environment
CN109547443A (en) * 2018-11-28 2019-03-29 甘肃农业大学 A kind of detection method of the hidden channel of network storage type

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11496173B2 (en) * 2010-09-16 2022-11-08 Benjamin J. Sheahan Apparatus and method for conversion between analog and digital domains with a time stamp
CN107332723B (en) * 2016-04-28 2020-09-04 华为技术有限公司 Detection method and detection equipment for hidden channel
GB2539100B (en) * 2016-05-31 2021-01-20 F Secure Corp Preventing security threats in a computer network
CN108259811B (en) * 2018-04-03 2020-06-05 北京理工大学 Time hidden channel device for packet position classification adjustment and construction method thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040115A (en) * 2018-09-06 2018-12-18 中国科学院软件研究所 A kind of concealed communication method under block chain network environment
CN109547443A (en) * 2018-11-28 2019-03-29 甘肃农业大学 A kind of detection method of the hidden channel of network storage type

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
A high bandwidth covert channel in network protocol;Mehdi Hussain 等;《2011 International Conference on Information and Communication Technologies》;20110724;全文 *
一种基于TCP协议的网络隐蔽传输方案设计;娄嘉鹏;《信息网络安全》;20160110(第01期);第18-23页 *
一种基于TCP时间戳选项的隐蔽信道方法;王鹏;《中国优秀硕士学位论文全文数据库 信息科技辑》;20160115(第01期);第I139-47页 *

Also Published As

Publication number Publication date
CN110392050A (en) 2019-10-29

Similar Documents

Publication Publication Date Title
CN110392050B (en) Method for constructing hidden storage channel based on timestamp
Zhang et al. A covert channel over volte via adjusting silence periods
Sultana et al. Secure provenance transmission for streaming data
EP2768182B1 (en) Method, base station, and terminal for communication surveillance
CN108632255B (en) Covert communication system based on random noise modulation
US8345871B2 (en) Fast authentication over slow channels
CN109040115B (en) Covert communication method under block chain network environment
CN109309644B (en) Network watermarking method and system based on biorthogonal carrier
CN107483192A (en) A kind of data transmission method and device based on quantum communication
CN103973937A (en) Information hiding method based on wireless multimedia sensor network
CN115348579B (en) Voice encryption method applied to wireless earphone and encryption type wireless earphone
CN109547663A (en) A kind of improvement LSB image latent writing method of combining cipher
CN108259811A (en) A kind of the covert timing channel device and its construction method of package location adjustment of classifying
CN103023630B (en) Method for hiding information of speech stream on basis of speech coding by pulse code modulation
CN116155477B (en) IPsec anti-replay method and system based on dynamic sliding window
CN109714295B (en) Voice encryption and decryption synchronous processing method and device
CN101296110B (en) Real-time monitoring apparatus and method
CN103138913A (en) Optical fiber web encryption communication system based on time hidden signal channel
US10129027B1 (en) Security alerting system with dynamic buffer size adaption
RU2552145C2 (en) Secure information transmission method
CN102857341A (en) Communication method for encrypted call
CN115150067A (en) TLS protocol construction method and system based on network covert channel
KR101571377B1 (en) System and method for beacon data
CN106454770A (en) Method and system for classifying, distributing and processing message on mobile terminal
CN112637442A (en) Method and device for encrypting circulating image by cloud server and local end

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant