Exploiting Geometrical Structure for Forensic Applications of Timing Inference Channels

Exploiting Geometrical Structure for Forensic Applications of Timing Inference Channels

Bilal Shebaro (Department of Computer Science, University of New Mexico, Albuquerque, NM, USA), Fernando Pérez-González (Signal Theory and Communications Department, University of Vigo, Vigo, Pontevedra, Spain) and Jedidiah R. Crandall (Department of Computer Science, University of New Mexico, Albuquerque, NM, USA)
Copyright: © 2013 |Pages: 16
DOI: 10.4018/jdcf.2013010104


Timing inference channels are a well-studied area of computer security and privacy research, but they have not been widely applied in digital forensic applications. Timing signatures (for example, of movies) are not robust against variations in the machine, the encoder, the environment, and other factors that affect timing, and unfortunately such issues have limited many researchers from using timing inference channels for revealing hidden data, detecting machine behavior, or even forensic analysis. The authors develop a geometrical interpretation in a high dimensional space of timing signatures for movies as an example of pattern-like software. The results suggest that timing signatures can be made robust against different machines, different encoders, and other environmental conditions by exploiting geometrical structure in this space. This geometrical structure helps identify the behavior of running pattern-like software that is useful for identifying digital crimes, privacy invasion matters, and network behaviors. This paper is focused on a thought experiment: how much information can an unprivileged process learn by just running on a system and observing its own timing? Although installing administrative software is the most frequent approach for understanding system behavior and detecting running software, the results show that it is feasible that such goals could be still achieved without any administrative privileges.
Article Preview


Our experiments were applied on movies that were encoded in MPEG format. It is essential to understand how MPEG movies are encoded and decoded, as well as the standards used for audio and video compression, because this is the CPU load that we are trying to infer through timing analysis. Different algorithms are used in the field of video compression and are used to encode to what is referred to as picture types or frame types. I, P and B frames are three major video frame types that are most commonly used by encoding algorithms for video compression.

Video frames are compressed using different algorithms such as picture types or frame types that are directly related to data compression, each with different advantages and disadvantages, with I, P and B frames being the major picture types:

  • I-frames are the least compressible but do not require other video frames to decode.

  • P-frames use data from previous frames to decompress and are more compressible than I-frames.

  • B-frames use both previous and next frames for data reference to get the highest amount of data compression.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 11: 4 Issues (2019): Forthcoming, Available for Pre-Order
Volume 10: 4 Issues (2018)
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing