An Entropy-based Method for Detection of Covert Channels over LTE

With the rapid development of mobile technologies, LTE is turning to be a wonderful carrier for covert channels. Existing detection for covert storage channel (CSC) are almost packet analysis based methods. In this paper, we present an entropy-based method for detecting CSC in Sequence Number (SN) fields of PDCP and RLC layer, which is seen as the most difficult to be detected. We simulate the LTE network in NS3 platform, and propose a Protocol Data Unit (PDU) based blind method to calculate the distance between the SN of PDU and its first left neighbor, instead of analyzing the packets or extracting the value of SN from the PDU. Our experimental results have demonstrated that the proposed detection method is sensitive to the hidden information in the SN fields of PDCP and RLC layer. It can detect them in an accurate manner, and can be conducted in both real-time online and offline storage detection.