Packet Flow Side Channel

US 20110069721A1
Filed: 09/30/2010
Published: 03/24/2011
Est. Priority Date: 11/03/2005
Status: Active Grant

First Claim

Patent Images

1. A method for embedding a covert side channel communication in an overt communication transmitted over a network using a packet stream comprising:

a. encoding one or more bits of a side channel communication by;

i. selecting more than one group of related packets from the overt communication being transmitted on a network, each group of packets including a same number of packets, the related packets being consecutive as well as non-consecutive packets; and

ii. relating a packet of one group to a packet of another group to form a pair of packets; and

iii. delaying the timing of at least one packet from each pair of packets.b. decoding a bit from the side channel communication by;

i. determining inter-packet delays that are the difference in timing between two packets in the pair of packets from the overt communication;

ii. determining at least one inter-packet delay difference between two or more determined inter-packet delays; and

iii. converting the at least one interpacket delay difference into at least one bit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A packet flow side channel encoder and decoder embeds and extracts a side channel communication in an overt communication data stream transmitted over a network. The encoder selects more than one group of related packets being transmitted on the network, relates a packet of one group to a packet of another group to form a pair of packets; and delays the timing of at least one packet from each pair of packets The decoder determines inter-packet delays that are the difference in timing between two packets in a pair of packets; determines at least one inter-packet delay difference between two or more determined inter-packet delays; and extracts a bit using the at least one interpacket delay difference.

23 Citations

View as Search Results

20 Claims

1. A method for embedding a covert side channel communication in an overt communication transmitted over a network using a packet stream comprising:
- a. encoding one or more bits of a side channel communication by;
  
  i. selecting more than one group of related packets from the overt communication being transmitted on a network, each group of packets including a same number of packets, the related packets being consecutive as well as non-consecutive packets; and
  
  ii. relating a packet of one group to a packet of another group to form a pair of packets; and
  
  iii. delaying the timing of at least one packet from each pair of packets.b. decoding a bit from the side channel communication by;
  
  i. determining inter-packet delays that are the difference in timing between two packets in the pair of packets from the overt communication;
  
  ii. determining at least one inter-packet delay difference between two or more determined inter-packet delays; and
  
  iii. converting the at least one interpacket delay difference into at least one bit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the encoding uses an encoding algorithm.
  - 3. The method of claim 1, wherein the decoding uses a decoding algorithm complementary to the encoding algorithm.
  - 4. The method of claim 1, wherein the encoding and the decoding use a shared secret.
  - 5. The method of claim 1, wherein the side channel communication includes a watermark.
  - 6. The method of claim 1, wherein the overt communication includes a Vol P communication.
  - 7. The method of claim 1, wherein the side channel communication identifies the overt communication.
  - 8. The method of claim 1, wherein the encoding and the decoding are performed on opposite sides of a router.
  - 9. The method of claim 1, wherein bits are redundantly encoded.

10. An apparatus for encoding one or more bits of a covert side channel communication transmitted over a network using a packet stream, comprising:
- a. a packet group selection module configured to select at least two groups of related packets from the overt communication being transmitted on a network, each group of packets including a same number of packets;
  
  ii. a packet relation module configured to relate a packet of one group to a packet of another group to form a pair of packets; and
  
  iii. a packet delay module configured to delay the timing of at least one packet from each pair of packets.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The apparatus of claim 10, wherein the packet group selection module, the packet relation module and the packet delay module implement an encoding algorithm.
  - 12. The apparatus of claim 10, wherein the selection module selects more than one group of packets in a random manner.
  - 13. The apparatus of claim 10, wherein the packet delay module delays the timing of the at least one packet without buffering the packets.
  - 14. The apparatus of claim 10, wherein the side channel communication includes a watermark.
  - 15. The apparatus of claim 10, wherein the overt communication includes a VoIP communication.
  - 16. The apparatus of claim 10, wherein the side channel communication identifies the overt communication.

17. An apparatus for decoding a bit from a covert side channel communication in an overt communication transmitted over a network using a packet stream, comprising:
- a. an inter-packet delay determination module configured to determine inter-packet delays that are the difference in timing between two packets in a pair of packets from the overt communication;
  
  b. a difference determination module configured to determine at least one inter-packet delay difference between two or more determined inter-packet delays; and
  
  c. a bit extraction module configured to convert the at least one interpacket delay difference into at least one bit.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17, wherein the inter-packet delay determination module, the difference determination module and bit extraction module implement a decoding algorithm.
  - 19. The apparatus of claim 17, wherein the overt communication includes redundantly encoded bits.
  - 20. The apparatus of claim 17, wherein the side channel communication identifies the overt communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
George Mason Intellectual Properties, Inc.
Original Assignee
George Mason University
Inventors
Wang, Xinyuan, Jajodia, Sushil, Chen, Shlping

Granted Patent

US 8,644,353 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/503
CPC Class Codes

H04L 65/70 Media network packetisation

Packet Flow Side Channel

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Packet Flow Side Channel

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links