Return of the Covert Channel, Data Center Style

Abstract

This work characterizes an interference-based covert timing channel in a highly virtualized, active data center. The adversary leaks sensitive data from a compromised machine without any direct TCP/IP communication pathway between it and the channel's external sink. The attack exploits a publicly facing innocuous and uncompromised commercial server in a shared resources attack. This victimized server unwittingly partakes in a stealthy operation by providing the exfiltration medium. The channel exhibits a one bit per second data rate that can increase proportionally with the decrease in the victim's content transmission time. The channel operates 24x7 in a major university's Computer Science department's data center that experiences highly dynamic loads. Bit Error Rate and capacity are evaluated with the application of spreading gain, a technique used in wireless spread spectrum designs. Additionally, time synchronization drift characterization and channel tolerance to clock skew are demonstrated. A technique for identifying symbol discrimination thresholds requiring no a priori knowledge of truth is demonstrated.