Covert channels are used as a means of secretly transferring information when there is a need to hide the fact that communication is taking place. With the vast amount of traffic on the internet, network protocols have become a common vehicle for covert channels, typically hiding information in the header fields of packets. Domain name service (DNS) packets contain a 32-bit time to live (TTL) fields for each response record. This is the number of seconds the entry is valid for before caching servers remove the entry. There is no prescribed value for this field making it an ideal covert carrier.
Date of creation, presentation, or exhibit
Department, Program, or Center
Information Sciences and Technologies (GCCIS)
Hoffman C., Johnson D., Yuan B., and Lutz P., A Covert Channel in TTL Field of DNS Packets. In SAM'12 - The 2012 International Conference on Security and Management (Las Vegas, NV, USA, July 2012)
RIT – Main Campus