![Page 1: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/1.jpg)
PHY Covert Channels: Can you see the Idles?
Ki Suh Lee Cornell University
Joint work with Han Wang, and Hakim Weatherspoon
1
첩자
Chupja
![Page 2: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/2.jpg)
첩자 (chupja)
2
![Page 3: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/3.jpg)
Network Covert Channels
• Hiding informaJon – Through communicaJon not intended for data transfer
3
![Page 4: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/4.jpg)
Network Covert Channels
• Hiding informaJon – Through communicaJon not intended for data transfer – Using legiJmate packets (Overt channel)
• Storage Channels: Packet headers • Timing Channels: Arrival Jmes of packets
4
![Page 5: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/5.jpg)
Network Covert Channels
• Hiding informaJon – Through communicaJon not intended for data transfer – Using legiJmate packets (Overt channel)
• Storage Channels: Packet headers • Timing Channels: Arrival Jmes of packets
5
![Page 6: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/6.jpg)
Goals of Covert Channels
• Bandwidth – How much informaJon can be delivered in a second
• Robustness – How much informaJon can be delivered without loss / error
• Undetectability – How well communicaJon is hidden
6
![Page 7: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/7.jpg)
Goals of Covert Channels
• Bandwidth – How much informaJon can be delivered in a second – 10~100s bits per second
• Robustness – How much informaJon can be delivered without loss / error – Cabuk’04, Shah’06
• Undetectability – How well communicaJon is hidden – Liu’09, Liu’10
7
ApplicaJon
Transport
Network
Data Link
Physical
![Page 8: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/8.jpg)
8
Current network covert channels are implemented in L3~4 (TCP/IP) layers
and are extremely slow.
![Page 9: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/9.jpg)
Chupja: PHY Covert Channel
• Bandwidth – How much informaJon can be delivered in a second – 10~100s bits per second
• Robustness – How much informaJon can be delivered without loss / error – Bit Error Rate < 10%
• Undetectability – How well communicaJon is hidden – Invisible to detecJon socware
9
ApplicaJon
Transport
Network
Data Link
Physical Physical
-‐> 10s~100s Kilo bits per second
![Page 10: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/10.jpg)
10
Chupja is a network covert channel which is faster than priori art.
It is implemented in L1 (PHY),
robust and virtually invisible to socware.
![Page 11: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/11.jpg)
Outline
• IntroducJon • Design • EvaluaJon • Conclusion
11
![Page 12: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/12.jpg)
Outline
• IntroducJon • Design
– Threat Model – 10 Gigabit Ethernet
• EvaluaJon • Conclusion
12
![Page 13: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/13.jpg)
Threat Model
13
ApplicaJon
Transport
Network
Data Link
Physical
ApplicaJon
Transport
Network
Data Link
Physical
ApplicaJon
Transport
Network
Data Link
Physical
ApplicaJon
Transport
Network
Data Link
Physical
Sender Receiver
Passive Adversary
Commodity Server Commodity NIC
![Page 14: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/14.jpg)
10 Gigabit Ethernet
• Idle Characters (/I/)
– Each bit is ~100 picosecond wide – 7~8 bit special character in the physical layer – 700~800 picoseconds to transmit – Only in PHY
14
Packet i Packet i+1 Packet i+2
ApplicaJon
Transport
Network
Data Link
Physical
![Page 15: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/15.jpg)
• Interpacket delays (D) and gaps (G)
• Homogeneous packet stream
– Same packet size, – Same IPD (IPG), – Same desJnaJon
Terminology
15
IPG
Packet i Packet i+1
IPD
Packet i Packet i+1 Packet i+2
![Page 16: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/16.jpg)
Chupja: Design
• Homogeneous stream
• Sender
• Receiver
16
Packet i Packet i+1 Packet i+2
G -‐ Ɛ G + Ɛ
D -‐ Ɛ D + Ɛ
‘0’ ‘1’
Packet i Packet i+2
Gi Gi+1
Di Di+1
‘0’ ‘1’ Packet i+1
Packet i Packet i+2
G G
D D
IPG IPG Packet i+1
![Page 17: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/17.jpg)
Chupja: Design
• With shared G – Encoding ‘1’: Gi = G + ε – Encoding ‘0’: Gi = G -‐ ε
17
Packet i Packet i+1 Packet i+2
G -‐ Ɛ G + Ɛ
D -‐ Ɛ D + Ɛ
‘0’ ‘1’
![Page 18: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/18.jpg)
ImplementaJon
• SoNIC [NSDI ’13] – Socware-‐defined Network Interface Card – Allows control and access every bit of PHY
• In realJme, and in socware
• 50 lines of C code addiJon
18
ApplicaJon
Transport
Network
Data Link
Physical
![Page 19: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/19.jpg)
Outline
• IntroducJon • Design • EvaluaJon
– Bandwidth – Robustness – Undetectability
• Conclusion
19
![Page 20: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/20.jpg)
EvaluaJon
• What is the bandwidth of Chupja?
• How robust is Chupja?
– Why is Chupja robust?
• How undetectable is Chupja?
20
![Page 21: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/21.jpg)
What is the bandwidth of Chupja?
21
![Page 22: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/22.jpg)
EvaluaJon: Bandwidth
• Covert bandwidth equals to packet rate of overt channel
22
1.E+02
1.E+03
1.E+04
1.E+05
1.E+06
1.E+07
1.E+08
0.01 0.1 0.5 1 3 6 9
Covert Cha
nnel Cap
acity
(bps)
Overt Channel Throughput (Gbps)
64B 512B 1024B 1518B
1518B 1Gbps 81kbps
![Page 23: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/23.jpg)
How robust is Chupja?
23
![Page 24: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/24.jpg)
Boston
Cornell (Ithaca)
Cornell (NYC) NLR (NYC)
Chicaco
Cleveland
Sender Receiver
SW1 SW1
SW2 SW2
SW3 SW4
Sender Receiver
EvaluaJon Setup
• Small Network – Six commercial switches – Average RTT: 0.154 ms
• NaJonal Lambda Rail – Nine rouJng hops – Average RTT: 67.6ms – 1~2 Gbps External Traffic
24
![Page 25: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/25.jpg)
EvaluaJon: Robustness • Overt Channel at 1 Gbps (D = 12211ns, G=13738 /I/s) • Covert Channel at 81 kbps
25
?
Sender Receiver
0
0.1
0.2
0.3
0.4
0.5
0.6
16 32 64 128 256 512 1024 2048 4096
BER
Ɛ (/I/s)
Small No Ext. Small Ext 3.6G NLR
7.7% 2.8%
8.9%
![Page 26: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/26.jpg)
?
EvaluaJon: Robustness • Overt Channel at 1 Gbps (D = 12211ns, G=13738 /I/s) • Covert Channel at 81 kbps • Modula=ng IPGS at 1.6us scale (=2048 /I/s)
26 Sender Receiver
0
0.1
0.2
0.3
0.4
0.5
0.6
16 32 64 128 256 512 1024 2048 4096
BER
Ɛ (/I/s)
Small No Ext. Small Ext 3.6G NLR
7.7% 2.8%
8.9%
![Page 27: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/27.jpg)
Why is Chupja robust?
27
![Page 28: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/28.jpg)
EvaluaJon: Why?
• Switches do not add significant perturbaJons to IPDs • Switches treat ‘1’s and ‘0’s as uncorrelated
– Over mul=ple hops when there is no external traffic. – With external traffic
28
![Page 29: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/29.jpg)
EvaluaJon: Why?
• Switches do not add significant perturbaJons to IPDs • Switches treat ‘1’s and ‘0’s as uncorrelated
– Over mul=ple hops when there is no external traffic. – With external traffic
29
Sender
Homogeneous 1518B at 1 Gbps
Receiver
Sender
Chupja (Ɛ = 256/I/s) 1518B at 1 Gbps
Receiver
![Page 30: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/30.jpg)
EvaluaJon: Why? • Switches do not add significant perturbaJons to IPDs • Switches treat encoded ‘0’ and ‘1’ as uncorrelated
– Over mul=ple hops when there is no external traffic.
30
0.000001
0.00001
0.0001
0.001
0.01
0.1
1.
11343.51515 12211.2 13078.88485 Interpacket Delayy (ns)
1 hop 3 hop 6 hop 9 hop 12 hop 15 hop 15 hop
D -‐ Ɛ
90% in D -‐ Ɛ ± 250ns
0.000001
0.00001
0.0001
0.001
0.01
0.1
1.
11343.51515 12211.2 13078.88485 Interpacket Delay (ns)
1 hop 3 hop 6 hop 9 hop 12 hop 90% in
D ± 250ns
Homogeneous stream Chupja stream ( Ɛ=256/I/s )
90% in D ± 100ns
90% in D – Ɛ ± 100ns
D + Ɛ
![Page 31: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/31.jpg)
EvaluaJon: Why?
31
Boston
Cornell (Ithaca)
Cornell (NYC) NLR (NYC)
Chicaco
Cleveland
• Most of IPDs are within some range from original IPD – Even when there is external traffic.
Encoded ‘Zero’ Encoded ‘One’
Sender Receiver
Ɛ (/I/s) (ns)
256 (=204.8ns)
512 (=409.6)
1024 (=819.2)
2048 (=1638.4)
4096 (=3276.8)
BER 0.367 0.391 0.281 0.089 0.013
![Page 32: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/32.jpg)
EvaluaJon: Why?
• Switches do not add significant perturbaJons to IPDs • Switches treat ‘1’s and ‘0’s as uncorrelated
– Over mul=ple hops when there is no external traffic. – With external traffic
32
?
Sender Receiver
1518B at 1 Gbps
With sufficiently large Ɛ, the interpacket spacing holds throughout the network, and BER is less than 10%
![Page 33: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/33.jpg)
How undetectable is Chupja?
33
![Page 34: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/34.jpg)
EvaluaJon: DetecJon Setup
• Commodity server with 10G NIC – Kernel Jmestamping
34
NLR Sender
Kernel Jmestamping
Receiver
NLR Sender
SoNIC Jmestamping
Receiver
![Page 35: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/35.jpg)
EvaluaJon: DetecJon
35
0.00001
0.0001
0.001
0.01
0.1
1.
1228 12211 23194 Interpacket Delay (ns)
HOM
1024
4096
0.000001
0.00001
0.0001
0.001
0.01
0.1
1.
1228 12211 23194 Interpacket Delay (ns)
HOM
1024
4096
• Adversary cannot detect paPerns of Chupja
Kernel Timestamping SoNIC Timestamping
Ɛ = 1024
Ɛ = 4096
Ɛ = 1024
Ɛ = 4096
![Page 36: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/36.jpg)
EvaluaJon: Summary
• What is the bandwidth of Chupja? – 10s~100s Kilo bits per second
• How robust is Chupja? – BER < 10% over NLR
– Why is Chupja robust? • Sufficiently large Ɛ holds throughout the network
• How undetectable is Chupja? – Invisible to socware
36
![Page 37: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/37.jpg)
Conclusion
• Chupja: PHY covert channel – High-‐bandwidth, robust, and undetectable
• Based on understanding of network devices – PerturbaJons from switches – Inaccurate endhost Jmestamping
• hvp://sonic.cs.cornell.edu & GENI (ExoGENI)!!!
37
첩자
![Page 38: PHY$CovertChannels:$ 자 - USENIX · PHY$CovertChannels:$ Can$you$see$the$Idles?$ Ki$Suh$Lee$ Cornell$University$ $ Jointwork$with$Han$Wang,$and$Hakim$ Weatherspoon$ $ 1 첩 자 Chupja’](https://reader034.vdocuments.us/reader034/viewer/2022052614/605f6a78ac25324c0e370bef/html5/thumbnails/38.jpg)
Thank you
38