A Covert Channel Based on Web Read-time Modulation
This addresses a security vulnerability in network monitoring for detecting covert channels, though it appears incremental as it adapts timing-based methods to a specific web context.
The paper tackled the problem of detecting covert network channels by introducing a method that modulates web read-time, which is immune to typical detection techniques, achieving covert communication without altering deterministic protocol attributes.
A network covert channel is created that operates by modulating the time between web resource accesses, with an 'average web user' read-time used as a reference. While the covert channel may be classified as timing based, it does not operate by changing deterministic protocol attributes such as inter-packet delay, as do most timing based network covert channels. Instead, our channel communicates by modulating transaction level read-time, which in the web browsing case has significant non-deterministic components. The channel is thus immune to methods typically used to detect timing based network covert channels.