Hakim Weatherspoon, Cornell University & University of Cambridge
Abstract
Network covert timing channels embed secret messages in legitimate packets by modulating interpacket delays. Such channels are normally implemented in higher network layers (layer 3 or above), are often fairly slow, and can be easily detected or prevented. In this talk, I will present a new approach, Chupja (Korean for spy), which is a very effective covert timing channel that works over the Internet. It is implemented in the physical layer of the network stack and is many orders of magnitude faster than prior art while being very robust and virtually invisible to software endhosts. Key to our approach is software and real-time access and control over every bit in the physical layer of a 10 Gigabit network stack (a bit is 100 picoseconds wide at 10 gigabit per seconds), which allows us to modulate and interpret interpacket spacings at sub-microsecond scale. In the talk, I will discuss when and how a timing channel in the physical layer works, how hard it is to detect such a channel, and what is required to do so.
About the speaker
Hakim Weatherspoon is an Associate Professor in the Department of Computer Science at Cornell University. He is on a one year sabbatical at the University of Cambridge, Computer Laboratory. His research interests cover various aspects of fault-tolerance, reliability, security, and performance of large Internet-scale (and rack-scale!) systems such as cloud computing and distributed systems. He received his Ph.D. from University of California at Berkeley and B.S. from University of Washington. He is an Alfred P. Sloan Fellow and recipient of an NSF CAREER award, DARPA Computer Science Study Panel (CSSP), IBM Faculty Award, the NetApp Faculty Fellowship, Intel Early Career Faculty Honor, and the Future Internet Architecture award from the National Science Foundation (NSF).