Capacity Estimation of Non-Synchronous Covert Channels

Similar documents
Secure Transmission of Sensitive data using multiple channels

Calculation of the received voltage due to the radiation from multiple co-frequency sources

Digital Transmission

Parameter Free Iterative Decoding Metrics for Non-Coherent Orthogonal Modulation

To: Professor Avitabile Date: February 4, 2003 From: Mechanical Student Subject: Experiment #1 Numerical Methods Using Excel

Review: Our Approach 2. CSC310 Information Theory

PRACTICAL, COMPUTATION EFFICIENT HIGH-ORDER NEURAL NETWORK FOR ROTATION AND SHIFT INVARIANT PATTERN RECOGNITION. Evgeny Artyomov and Orly Yadid-Pecht

Uncertainty in measurements of power and energy on power networks

Performance Analysis of Multi User MIMO System with Block-Diagonalization Precoding Scheme

Adaptive Modulation for Multiple Antenna Channels

NATIONAL RADIO ASTRONOMY OBSERVATORY Green Bank, West Virginia SPECTRAL PROCESSOR MEMO NO. 25. MEMORANDUM February 13, 1985

Prevention of Sequential Message Loss in CAN Systems

A study of turbo codes for multilevel modulations in Gaussian and mobile channels

TECHNICAL NOTE TERMINATION FOR POINT- TO-POINT SYSTEMS TN TERMINATON FOR POINT-TO-POINT SYSTEMS. Zo = L C. ω - angular frequency = 2πf

Chaotic Filter Bank for Computer Cryptography

Information-Theoretic Comparison of Channel Capacity for FDMA and DS-CDMA in a Rayleigh Fading Environment

Passive Filters. References: Barbow (pp ), Hayes & Horowitz (pp 32-60), Rizzoni (Chap. 6)

High Speed ADC Sampling Transients

Space Time Equalization-space time codes System Model for STCM

antenna antenna (4.139)

Throughput Maximization by Adaptive Threshold Adjustment for AMC Systems

IEE Electronics Letters, vol 34, no 17, August 1998, pp ESTIMATING STARTING POINT OF CONDUCTION OF CMOS GATES

Walsh Function Based Synthesis Method of PWM Pattern for Full-Bridge Inverter

Traffic balancing over licensed and unlicensed bands in heterogeneous networks

Comparative Analysis of Reuse 1 and 3 in Cellular Network Based On SIR Distribution and Rate

HUAWEI TECHNOLOGIES CO., LTD. Huawei Proprietary Page 1

IEEE TRANSACTIONS ON WIRELESS COMMUNICATIONS, VOL. 13, NO. 12, DECEMBER

Efficient Large Integers Arithmetic by Adopting Squaring and Complement Recoding Techniques

Guidelines for CCPR and RMO Bilateral Key Comparisons CCPR Working Group on Key Comparison CCPR-G5 October 10 th, 2014

Control Chart. Control Chart - history. Process in control. Developed in 1920 s. By Dr. Walter A. Shewhart

1 GSW Multipath Channel Models

>>> SOLUTIONS <<< 5 pts each sub-problem. 3 pts for correct formulas and set-up for each sub-problem.

Figure.1. Basic model of an impedance source converter JCHPS Special Issue 12: August Page 13

Analysis of Time Delays in Synchronous and. Asynchronous Control Loops. Bj rn Wittenmark, Ben Bastian, and Johan Nilsson

Keywords LTE, Uplink, Power Control, Fractional Power Control.

Graph Method for Solving Switched Capacitors Circuits

The Stability Region of the Two-User Broadcast Channel

A Comparison of Two Equivalent Real Formulations for Complex-Valued Linear Systems Part 2: Results

Resource Allocation Optimization for Device-to- Device Communication Underlaying Cellular Networks

Distributed Uplink Scheduling in EV-DO Rev. A Networks

COOPERATIVE COMMUNICATIONS FOR WIRELESS INFORMATION ASSURANCE

Noisy Channel-Output Feedback Capacity of the Linear Deterministic Interference Channel

NOVEL ITERATIVE TECHNIQUES FOR RADAR TARGET DISCRIMINATION

Phasor Representation of Sinusoidal Signals

MTBF PREDICTION REPORT

A TWO-PLAYER MODEL FOR THE SIMULTANEOUS LOCATION OF FRANCHISING SERVICES WITH PREFERENTIAL RIGHTS

Joint Power Control and Scheduling for Two-Cell Energy Efficient Broadcasting with Network Coding

Evaluate the Effective of Annular Aperture on the OTF for Fractal Optical Modulator

A Simple Satellite Exclusion Algorithm for Advanced RAIM

Dynamic Optimization. Assignment 1. Sasanka Nagavalli January 29, 2013 Robotics Institute Carnegie Mellon University

A Fuzzy-based Routing Strategy for Multihop Cognitive Radio Networks

Understanding the Spike Algorithm

Define Y = # of mobiles from M total mobiles that have an adequate link. Measure of average portion of mobiles allocated a link of adequate quality.

Distributed Resource Allocation and Scheduling in OFDMA Wireless Networks

A MODIFIED DIRECTIONAL FREQUENCY REUSE PLAN BASED ON CHANNEL ALTERNATION AND ROTATION

N( E) ( ) That is, if the outcomes in sample space S are equally likely, then ( )

Revision of Lecture Twenty-One

Energy Efficiency Analysis of a Multichannel Wireless Access Protocol

Joint Adaptive Modulation and Power Allocation in Cognitive Radio Networks

High Speed, Low Power And Area Efficient Carry-Select Adder

The Performance Improvement of BASK System for Giga-Bit MODEM Using the Fuzzy System

Design of Shunt Active Filter for Harmonic Compensation in a 3 Phase 3 Wire Distribution Network

Customer witness testing guide

Power Control for Wireless Data

Hierarchical Generalized Cantor Set Modulation

Learning Ensembles of Convolutional Neural Networks

Multi-Robot Map-Merging-Free Connectivity-Based Positioning and Tethering in Unknown Environments

Robust Image Transmission Performed by SPIHT and Turbo-Codes

BER Performance Analysis of Multiuser Diversity with Antenna Selection in MRC MIMO Systems

Impact of Interference Model on Capacity in CDMA Cellular Networks. Robert Akl, D.Sc. Asad Parvez University of North Texas

Uplink User Selection Scheme for Multiuser MIMO Systems in a Multicell Environment

California, 4 University of California, Berkeley

A Current Differential Line Protection Using a Synchronous Reference Frame Approach

Application of Intelligent Voltage Control System to Korean Power Systems

A Novel GNSS Weak Signal Acquisition Using Wavelet Denoising Method

Rejection of PSK Interference in DS-SS/PSK System Using Adaptive Transversal Filter with Conditional Response Recalculation

4.3- Modeling the Diode Forward Characteristic

29. Network Functions for Circuits Containing Op Amps

On Sensor Fusion in the Presence of Packet-dropping Communication Channels

A NSGA-II algorithm to solve a bi-objective optimization of the redundancy allocation problem for series-parallel systems

Performance Analysis of Scheduling Policies for Delay-Tolerant Applications in Centralized Wireless Networks

Research of Dispatching Method in Elevator Group Control System Based on Fuzzy Neural Network. Yufeng Dai a, Yun Du b

Pulse Extraction for Radar Emitter Location

THE ARCHITECTURE OF THE BROADBAND AMPLIFIERS WITHOUT CLASSICAL STAGES WITH A COMMON BASE AND A COMMON EMITTER

location-awareness of mobile wireless systems in indoor areas, which require accurate

Multicarrier Modulation

Exact Probabilistic Analysis of the Limited Scheduling Algorithm for Symmetrical Bluetooth Piconets

Utility-based Routing

Estimation of spectrum requirements for mobile networks with self-similar traffic, handover, and frequency reuse

Optimizing Transmission Lengths for Limited Feedback with Non-Binary LDPC Examples

Tile Values of Information in Some Nonzero Sum Games

A Predictive QoS Control Strategy for Wireless Sensor Networks

The Dynamic Utilization of Substation Measurements to Maintain Power System Observability

Ensemble Evolution of Checkers Players with Knowledge of Opening, Middle and Endgame

Inverse Halftoning Method Using Pattern Substitution Based Data Hiding Scheme

Research on Controller of Micro-hydro Power System Nan XIE 1,a, Dezhi QI 2,b,Weimin CHEN 2,c, Wei WANG 2,d

Comparison of Two Measurement Devices I. Fundamental Ideas.

Two-Phase Cooperative Broadcasting Based on Batched Network Code

On High Spatial Reuse Broadcast Scheduling in STDMA Wireless Ad Hoc Networks

Approximating User Distributions in WCDMA Networks Using 2-D Gaussian

Transcription:

Capacty Estmaton of on-ynchronous s Zhenghong Wang and uby B. Lee Department of Electrcal Engneerng Prnceton Unversty {zhenghon,rblee}@prnceton.edu Abstract Capacty estmaton s an mportant part of covert channel analyss. It measures the severty of a covert channel by estmatng the maxmum nformaton rate attanable over t. Tradtonal capacty estmaton methods usually calculate the channel capacty based on a synchronous model, assumng that the channel s synchronous or there are mechansms that can be utlzed to synchronze the transmsson. The overhead for synchronzaton s gnored. In ths paper we argue that covert channels n general are non-synchronous and the overhead for synchronzaton s not neglgble. Instead of assumng a synchronous model, we propose to use the deletonnserton channel as a more general bass of capacty estmaton. Capacty estmaton s extended to be able to evaluate the overhead for overcomng nonsynchronous effects. Our study shows that relable communcaton over a non-synchronous channel s stll possble even wthout synchronzaton mechansms. uch non-synchronzed communcatons, however, are not as effectve as the synchronzed ones. The capacty degradaton due to the non-synchronous effects s derved. A tght upper bound of the capacty of synchronzed channels s also gven.. Introducton A covert channel s a communcaton channel that s nether desgned nor ntended to transfer nformaton at all []. Wth "legtmate" use of shared resources and operatons of a system, t allows leakage of senstve or prvate nformaton. Though usually slow, covert channels have been regarded as a serous rsk to data securty n computer systems and networks. The atonal Computer ecurty Center (CC) has ncluded the Analyss (CCA) as an mportant set n ts Trusted Computer ystem Evaluaton Crtera (TCEC). The severty of a covert channel s often measured n terms of how fast t can transmt nformaton. Mllen frst establshed a connecton between hannon s theory of communcatons and nformaton flow models [5]. The term capacty s borrowed from hannon s theory and s used as a synonym of the maxmum nformaton rate that could be acheved over a covert channel. Usng hannon s theory, a communcaton channel s often modeled as a mappng from the nput symbol space to the output symbol space. The capacty s then derved by maxmzng the mutual nformaton over the dstrbuton of the nput symbol space. uch a model however, mples a synchronous channel model: for each nput symbol, the channel always generates an output symbol n response. In other words, a transmtted symbol may be corrupted by nose, but t wll never get lost and the recever wll never receve extra symbols. There are also other ways to measure the capacty of a covert channel, e.g., the nformal method descrbed n [3]. Although dfferent methods other than hannon s nformaton theory are used n these methods, the synchronous property s also assumed ether explctly or mplctly. Assumng a synchronous model n communcaton systems s usually not a problem. Most communcaton systems are desgned to avod symbol loss and/or nserton wth lttle or no overhead. Ths concluson s not true for covert channels, however. Frst, there s usually no handy mechansm avalable for synchronzaton snce t s not desgned for nformaton transfer. econd, n systems where covert channels are a concern, the ncreasng awareness of covert channels has pushed the desgners to make the covert channels harder to explot. Ths may make the synchronzaton problem more severe. In ths paper, we focus our dscusson on capacty estmaton based on a non-synchronous channel model. We try to answer questons on the exstence, capacty and mechansms for covert communcatons over nonsynchronous channels. The rest of ths paper s organzed as follows. elated past work are revewed n secton. In secton 3, we model non-synchronous channels as deletonnserton channels. Capacty bounds of deleton-

Fgure. ynchronzaton mechansm usng two synchronzaton varables nserton channels are gven n secton 4. The synchronzed form of communcaton and possble synchronzaton mechansms are studed. Capacty degradaton due to synchronzaton overhead s also shown. In secton 5 we draw our conclusons.. elated work The noton of covert communcaton was frst ntroduced n []. It was then defned and analyzed n [][6]-[9]. Currently research n covert channels focuses on four dscplnes: covert channel dentfcaton, covert channel capacty estmaton, covert channel handlng and covert channel mtgaton. In measurng the sgnfcance of a covert channel, Mllen frst establshed a connecton between hannon s theory of communcatons and nformaton flow models [5]. The term channel capacty s borrowed from hannon s theory whch stands for the maxmum nformaton rate that could be acheved over a covert channel. In 989, Mllen modeled an mportant class of covert channels as fnte state machnes [5]. The covert channels that are noseless and have nonunform transton tmes are studed. Usng hannon s theory, he derved the channel capacty of such covert channels. Moskowtz [0] studed a class of covert channels that s dscrete, noseless and memoryless, called the mple Tmng Channels (TC) n 994. The capactes of such covert channels can be regarded as an upper bound for more complcated channels and may gve a worst case scenaro. The bounds of capactes of such channels were derved. In 996, he analyzed a class of covert tmng channel, called the tmed Z-channel, and showed the bound on ts capacty []. Comprehensve nformaton and examples about covert channel analyss can be found n Vrgl Glgor s Analyss gudelne [3] and McHugh s Analyss chapter [4]. Fgure. Inserton-Deleton channel wth probabltes P d, P, P t and P s, of deletons, nsertons, transmssons and substtutons. 3. on-synchronous covert channels 3.. Overvew Covert channels are often very dfferent from normal communcaton channels. Frst of all, unlke communcaton systems where synchronzaton s often specfcally desgned for relable and effcent communcaton, synchronzaton mechansms are usually not avalable for covert channels. econdly, n covert channels the communcatng partes often have lmted or even no control n choosng the proper tme to perform an operaton, e.g., send a symbol to the channel or sample the channel to receve a symbol, whch s not a problem n normal communcaton channels. Below s an example. Consder a unprocessor system where the communcatng subjects are processes. To transmt a symbol, the sender has to make a change n the system and the recever receves t by detectng the change. As there s only one CPU n the system, at any tme only one of the two processes can be actve. In other words, the sender has to relnqush the CPU after t sends a symbol so that the recever can get the CPU to read the symbol. In most operatng systems, the scheduler determnes when and who can gan the CPU. Dependng on the schedulng algorthm, t s very lkely that the sender s woken up twce wthout the recever beng able to run n between, or the recever s woken up twce wthout the sender beng able to run n between. In the former case a symbol s dropped whle n the later case an extra symbol s nserted. Fnally, coherent tme references are often unavalable n covert channels. Tme references are known as key components n explotng many covert tmng channels. Furthermore, as long as the local tmers at the two sdes of the channel are coherent enough, t s not dffcult to synchronze operatons performed by the sender and the recever. Beng aware of these facts, hgh assurance systems have made efforts to remove event sources that can serve as such tme references to user processes.

In summary, covert channels are nherently nonsynchronous n general, although there may be some exceptons. 3.. Capacty degradaton Though the operatons of sendng and recevng symbols are non-synchronous n most covert channels, one may stll synchronze the symbol transmsson wth certan technques. Fgure shows an example. The sender makes a change on the - varable once a symbol s sent; the recever checks the - varable and reads the symbol when ready; the recever then makes a change on the - varable to nform the sender; the sender checks the - varable and sends the next symbol once the last symbol has been receved. There may be other methods that can mantan the correct order of operatons, but n essence they do the same thng: let the sender know f the recever has read the prevous symbol and let the recever know f a symbol has arrved. Wth such nformaton, each tme when the sender s able to perform an operaton t can determne whether a new symbol can be sent. However, due to the non-synchronous nature of the covert channels, t s very lkely that the sender fnds that the prevous symbol has not been read by the recever and t has to gve up the CPU and wat for the next chance. In other words, some tme s wasted for watng and therefore the channel capacty s reduced. In prevous work, the synchronous model excludes ths part of the tme n symbol transmsson. Only the tme assocated wth transmtted symbols s taken nto account. In contrast, our method consders such wasted tme and gves more accurate estmatons. It can be regarded as a more general form of capacty estmaton where the methods based on a synchronous model are specal cases. Furthermore, unlke tradtonal methods whch calculate a sngle upper bound of the capacty, our method reflects the non-synchronous behavors whch are determned by the system mplementatons. Our method can be used to evaluate the effectveness of canddate system mplementatons, e.g., the scheduler, n reducng covert channel capactes. 3.3. Deleton-nserton channel on-synchronous operatons at the two sdes of the channel may lead to loss of real symbols and nserton of false symbols. uch a channel can be modeled as a deleton-nserton channel. We adapt the defnton n [3] as follows: Defnton : A bnary deleton-nserton channel s a channel wth four parameters: P d, P, P t and P s, whch denote the rates of deletons, nsertons, transmssons and substtutons, respectvely. The symbols to be transmtted are magned enterng a queue, watng to be transmtted by the channel. Each tme the channel s used, one of four events occurs: wth probablty P d the next queued bt s deleted; wth probablty P an extra bt s nserted; wth probablty P t the next queued bt s transmtted,.e., s receved by the recever, wth probablty P s of sufferng a substtuton error (see Fgure ). A deleton-nserton channel should not be confused wth an erasure channel. In an erasure channel, channel symbols may be corrupted or lost, whch s smlar to the substtuton or deleton n a deleton-nserton channel. However, the recever of an erasure channel knows exactly whch symbols are corrupted or dropped whle n a deleton-nserton channel, the recever knows nothng about any deleton, nserton or substtuton (corrupton) of symbols. Ths makes the recovery of a message much harder. 4. Capacty estmaton Our dscussons focus on two sets of questons:. Exstence and capacty: Wthout any form of synchronzaton, s relable communcaton stll possble? If the answer s yes, what s the capacty of such channels?. Constructon and capacty: How can relable synchronzaton mechansms be constructed for non-synchronous covert channels? What s the maxmum nformaton rate one can acheve over such channels? Compared wth the capacty of an nherently synchronous channel, what s the degradaton of nformaton rate due to the nonsynchronous effect? The frst queston s a theoretcal exstence or feasblty one, whle the second set of questons shows how such a covert channel can actually be constructed. It s worth notng that the frst queston ndeed s askng f synchronzaton s always necessary. Prevous work all assumes a synchronzed form of communcaton. But t s not clear f t s the only way for relable communcaton. In fact, another nterestng queston s: can a non-synchronous form of communcaton have hgher nformaton rate than the synchronous one as the overhead assocated wth synchronzaton s totally avoded? 4.. Capacty of deleton-nserton channels Intutvely a channel wth symbol nsertons and drop-outs s hard to use and not effcent. But as mantanng synchronzed communcaton also ntroduces overhead, we wsh to know how fast the nformaton can be delvered over such channels, compared to the synchronzed channels.

ender ecever ender ecever (a) Feedback Doburshn [7] frst showed that the fundamental theorem of nformaton theory concernng the exstence of an upper bound for the transmsson rate, for whch error probablty can be made arbtrarly small, holds. Ths mples that relable communcaton s possble even f no relable synchronzaton mechansms are avalable. However, explct expresson of the capacty of such a channel s generally not avalable. A varety of approxmatons of the capactes and numercal bounds can be found n [8][9]. The accurate capacty of a deleton-nserton channel s stll unavalable, accordng to the state-of-the-art research n ths area. Despte the unavalablty of an accurate capacty, we can gve an upper bound of the capacty for the purpose of comparson wth synchronzed channels. Consder a deleton-nserton channel and an erasure channel whch are dentcal except that n the erasure channel the locaton of symbol drop-outs and nsertons are known. It s not dffcult to show that the capacty of the deleton-nserton channel s no greater than the capacty of the erasure channel. Theorem. An upper bound of the capacty of a deleton-nserton channel s the capacty of the erasure channel: C max = (-P d ) () where s the number of bts per symbol and P d s the deleton probablty The dervaton of the capacty of a bnary erasure channel can be found n many nformaton theory textbooks such as [6] and t s straght-forward to generalze t to non-bnary cases. ote that here we use the term erasure channel to refer to the one that s dentcal to the correspondng deleton-nserton channel except that the locatons of symbol nsertons/drop-outs are known. In the rest of the paper, unless otherwse specfed, we wll use erasure channel to refer to ths specfc erasure channel. ather than gvng a formal proof of theorem, we gve a more ntutve explanaton. The two channels have the same symbol drop-outs and nsertons, but the erasure channel knows more nformaton: t knows whch symbols are deleted or nserted. The erasure channel therefore has equal or hgher capacty than that of the deleton-nserton channel. Fgure 3. Two general synchronzaton mechansms E (b) Common Events The above capactes are only upper bounds of the channel capacty. They are very hard, f not mpossble, to acheve n practce. Usng exstng codng schemes such as convolutonal code and watermark code, some work [-4] have shown relable communcaton over such channels. However, they all showed that the capacty s qute low and n practce sophstcated codng technques are requred. 4.. ynchronzaton and capacty estmatons Unlke our frst queston on theoretcal exstence and capacty, past lterature does not provde any clues to answerng our second set of questons. We present new work on how synchronzaton mechansms can be constructed for nherently non-synchronous covert channels and what capacty can be acheved. We wll consder two general ways to acheve synchronzaton: usng feedback or usng common events, as shown n Fgure 3. We assume that the feedback path and the two paths from the event source E to the sender and the recever are perfect. Ths smplfes the analyss, and s also a requrement for dervng the maxmum nformaton rate. To focus on the synchronzaton problem, we assume that the channel s noseless. Let p d and p denote the probablty of deleton and nserton respectvely. 4... Channels wth feedback We now show that the capacty of a channel wth deletons can acheve the capacty of an erasure channel by utlzng feedback. We then extend the result to a channel wth nsertons. Theorem. The upper bound of the capacty of a deleton channel wth perfect feedback s the capacty of the erasure channel. Proof: Consder a deleton channel wth a deleton probablty p d and ts correspondng erasure channel. Add perfect feedback path to both of them. nce the erasure channel knows where the symbol drop-outs occurs whch the deleton channel does not know, the erasure channel knows more nformaton than the deleton channel. Therefore the erasure channel wth feedback wll gan equal or hgher capacty than the deleton channel wth feedback. nce an erasure

ender ecever ender ecever E (a) Common Events Fgure 4. Usng common events won t get better capacty than usng feedback channel s a memoryless channel and t s well known that addng feedback wll not ncrease the capacty of a memoryless channel [6], the upper bound of the capacty of a deleton channel wth perfect feedback s the capacty of the erasure channel. In theorem we only show an upper bound of the capacty, we now show that the bound s tght. Theorem 3. The capacty of a deleton channel wth perfect feedback equals the capacty of the erasure channel. Proof: Here we construct a protocol by whch the capacty of the erasure channel can be acheved. The protocol s as follows: let the recever notfy the sender va the feedback path once t receves a symbol. The sender wll keep resendng the symbol untl t knows that the symbol has been receved. Therefore no dropouts wll occur. Whle the probablty of deleton s p d, a symbol gets through wth probablty of - p d, therefore the effectve nformaton rate s (-p d ), whch s the capacty of an erasure channel wth an erasure probablty p d. nce the upper bound of the capacty can be acheved, t s the actual capacty. When symbol nsertons are present n the channel, a theorem smlar to theorem can be proved. We frst defne an extended erasure channel as follows: Defnton : An extended erasure channel s a channel where symbols may be nserted and/or dropped but the locatons of all nsertons and dropouts are known. Theorem 4. The upper bound of the capacty of a deleton-nserton channel wth perfect feed back s the capacty of the equvalent extended erasure channel,.e., C upper-bound = (-P d ). The proof s smlar to that for Theorem. A lower bound of the capacty can also be derved wth a constructve protocol. It can be shown that under certan condtons, ths lower bound and the upper bound shown n Theorem 4 asymptotcally converge. Theorem 5. A lower bound of the capacty of a deleton-nserton channel wth perfect feed back s: Pd Clower bound = C () conv P where Cconv = αp log ( ) H ( αp ) (3) α = (4) H( p) = p log p ( p) log ( p) (5) s the number of bts contaned n each symbol. A smple protocol s constructed to prove Theorem 5. The above capacty can be acheved usng ths protocol and therefore s a lower-bound of the actual capacty. A detaled proof can be found n Appendx A. To show the asymptotcal convergence, let P = P d and!, we then have Clower bound = Cconv ( Pd ) H ( Pd ) (6) C lower bound ( Pd ) H ( Pd ) lm = = (7) C ( P ) lupper bound 4... Channels wth common event source There may be several ways to explot a common event E for synchronzaton. For example, E can be a self-ncrementng counter whch serves as a common clock for the sender and recever. However, as we show below, explotng E wll not get hgher capacty than usng a feedback path n general. If one more path from to E s added, as shown n Fgure 4(b), E may gan more nformaton. Therefore an equal or hgher nformaton rate may be acheved than wthout the added path. In the best case, E and communcate wth each other wthout any overhead,.e., they ndeed can be regarded as one sngle party and such a confguraton actually becomes the synchronzaton method usng feedback. Therefore a smlar system usng feedback wll get equal or better performance for channel capacty. 4.3. emarks (b) Common Events + Feedback We have answered the two sets of questons we posed: () elable communcaton over nonsynchronous channels wthout synchronzaton s possble, but t s not as effectve as synchronzed communcaton and requres complcated codng schemes. () The capacty degradaton due to nonsynchronous effects s roughly proportonal to P d, the probablty of deletons. Accordng to the above dscusson, wth a good feedback path, synchronzaton s not a problem for a covert channel n general. Furthermore, wth the help d E

of the feedback, the theoretcal capacty of the channel can be practcally acheved usng a very smple protocol. Ths has nterestng mplcatons for a multlevel securty (ML) system. nce the legal nformaton flow (from low to hgh) can serve as a perfect feedback path, one may always explot t to acheve the channel capacty. In other words, covert channels n ML systems are relatvely easy to explot n general and tend to be fast. ote that the capacty (-P d ) we derved above s not a physcal nformaton rate. It s a relatve rato of the physcal capacty estmated usng tradtonal methods. Therefore for a gven covert channel, one could frst use tradtonal methods to estmate the physcal capacty C. The probablty of deleton P d should then be estmated. The real capacty can then be estmated as C(-P d ). ote also that the capacty degradaton modeled n our method s ndependent of the synchronzaton mechansms used and does not nclude any specfc overhead ntroduced by such mechansms. uch degradaton s nherent due to the non-synchronous nature of operatons. It s unavodable even f effcent mechansms are deployed. Fnally, although our results are derved n the context of capacty estmaton of covert channels, t may provde meanngful nsghts to researchers n other areas. ecently some ongong work [0] n the communcaton communty also shows nterest n the capacty bounds of channels wth asynchronous behavors. Although the problems and models are dfferent, smlar nsghts may apply. It would be nterestng to study the connectons n our future work. 5. Conclusons In ths paper we consdered the effect of nonsynchronous operatons n the capacty estmaton of covert channels. We argue that covert channels n general are non-synchronous and the tme taken for synchronzaton s not neglgble. To model such effect n capacty estmaton, we propose usng the deletonnserton channel as a more general bass for covert channel capacty estmatons. Our study shows that relable communcaton over a non-synchronous channel s stll possble, though such non-synchronzed communcatons are not as effectve as the synchronzed ones. In the case of synchronzed communcaton, we show that the capacty degradaton due to the non-synchronous effects s roughly proportonal to the probablty of synchronzaton errors. 6. eferences [].A. Kemmerer, hared esource Matrx Methodology: An Approach to Identfyng storage and Tmng Channels, ACM Transactons on Computer ystems, vol., ssue 3, pp. 56-77, August 983. [] B.W. Lampson, A ote on the Confnement Problem, Communcatons of the ACM, vol. 6, ssue 0, pp. 63-65, October 973. [3] atonal Computer ecurty Center, A Gude to Understandng Analyss of Trusted ystems, CC-TG-30, ovember 993, avalable at http://www.radum.ncsc.ml/tpep/lbrary/ranbow/. [4] John McHugh, Analyss: A Chapter of the Handbook for the Computer ecurty Certfcaton of Trusted ystems, December 995, avalable at http://chacs.nrl.navy.ml/publcatons/handbook/. [5] J.K. Mllen, Capacty, Proceedngs of the IEEE ymposum on esearch n ecurty and Prvacy, pp. 60-66, Aprl 987. [6].B. Lpner, A Comment on the Confnement Problem, Operatng ystems evew, vol. 9, ssue 5, pp. 9-96, ovember 975. [7] M. chaefer, B. Gold,. Lnde, and J. ched, Program Confnement n KVM/370, Proceedngs of the 977 Annual ACM Conference, pp. 404-40, October 977. [8] J.C. Huskamp, Covert Communcaton Channels n Tmesharng ystems, Techncal eport UCB-C-78-0, Ph.D. Thess, Unversty of Calforna, Berkeley, CA, 978. [9] D.E. Dennng, Cryptography and Data ecurty, Addson-Wesley, eadng, Massachusetts, 983. [0] I.. Moskowtz and A.. Mller, mple Tmng Channels, Proceedngs of IEEE Computer ymposum on esearch n ecurty and Prvacy, pp. 56-64, May 994. [] I.. Moskowtz,.J. Greenwald, and M.H. Kang, An Analyss of the Tmed-Z Channel, Proceedngs of IEEE Computer ymposum on ecurty and Prvacy, pp. -, May 996. [] K.h. Zgangrov, equental Decodng for A Bnary Channel wth Drop Outs and Insertons, Problemy Peredach Informats, vol. 5, ssue, pp. -30, 969. [3] M.C. Davey and D.J.C. Mackey, elable Communcaton over Channels wth Insertons, Deletons, and ubsttutons, IEEE Trans. on Informaton Theory, vol. 47, no., pp. 687-698, February 00. [4] Dave Legh, Capacty of Inserton and Deleton Channels, Project eport, 00, avalable at http://www.nference.phy.cam.ac.uk/s/papers/ [5] J.K. Mllen, Fnte-tate oseless s, Proceedngs of the Computer ecurty Foundatons Workshop II, pp. 8-86, June 989. [6] T. Cover and J. Thomas, Elements of Informaton Theory, John Wley & ons Inc., ew York, 99.

[7].L. Doburshn, hannon s Theorems for Channels wth ynchronzaton Errors, Problemy Peredach Informats, vol.3, o.4, pp.8-36, 967 [8].D. Vvedenskaya and.l. Doburshn, The Computaton on a Computer of The Channel Capacty of a Lne wth ymbol Drop-out, Problemy Peredach Informats, vol.4, o.3, pp.9-95, 968. [9] A.. Dolgopolov, Capacty Bounds for a Channel wth ynchronzaton Errors, Problemy Peredach Informats, vol.6, o., pp.7-37, 990. [0] J. Luo, A. Ephremdes, "On the Throughput, Capacty and tablty egons of andom Multple Access", submtted to IEEE Trans. on Informaton Theory, February 005. Appendx A: A Proof of Theorem 5 A protocol s constructed based on whch a capacty can be derved. The recever keeps a counter that records the number of symbols that t has receved. Each tme when the recever gets the chance to perform an operaton, t reads the channel and beleves that a symbol s receved. It then updates the counter and nforms the sender how many symbols t has receved. At the sender sde, the sender keeps a counter that records how many symbols of the message have been sent or skpped. Each tme when the sender gets a chance to perform an operaton, t checks the number of symbols the recever has receved. If the number s smaller than ts own counter, t means that a symbol sent n the sender s last operaton has not been receved by the recever. The sender then does nothng and wats for the next opportunty. If the two numbers are equal, t means that last symbol has been receved. The sender then sends the next symbol and updates ts own counter. If the number s larger than the sender s counter, t means that some symbols have been nserted. To synchronze the transmsson, the sender skps some symbols n the message so that the next symbol to be sent wll appear n the same locaton n the receved message at the recever s sde as n the orgnal message. The sender then sends ths symbol and updates the counter wth the locaton of the symbol next to the one that was just sent. Usng such a protocol, the sender can always ensure that the number of symbols receved by the recever equals the number of symbols t sent. For symbol nsertons, snce the sender skps the same number of symbols to be sent, n the receved symbol sequence the skpped symbols are replaced by those nserted Fgure 5. Converted channel model ones. Also, snce the sender wll not send a new symbol untl at least one symbol s receved, no symbol deleton can occur. Therefore the resultng channel s a synchronous channel, but wth some symbols replaced. To calculate the capacty of such a channel, hannon s theory can be used. For the sake of smplcty, we assume that the data channel s noseless,.e., P s = 0. We also assume the channel s memoryless. Fgure 5 shows the channel model. It s ndeed an M- ary symmetrc DMC (dscrete memoryless channel) wth the followng transton probabltes: ( p when x = y P( y x) = ) () p when x y where s the number of bts of the data channel and P s the nserton probablty. It s straght forward to get the followng capacty: Cconv = αp log ( ) H ( αp ) () where α = (3) ( p) p log p ( p) log ( p H = ) (4) when s large, C p ) H ( p ) (5) conv X -p( ) p(y x) ( ote that the above calculaton s based on the synchronous model where the tme wasted for watng s not taken nto account and the tme for skpped symbols ndeed should be 0, we need to adjust the above results wth a coeffcent. It s not dffcult to show that ths coeffcent should be (- P d )/(- P ), therefore the actual capacty should be P C = d C (6) conv P where C conv s gven n () and (5). As the above capacty can be acheved wth a real protocol, t s the lower bound of the actual capacty. Y

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback