Covert timing channel over HTTP cache-control headers

The problem of detecting covert channels is known for a long time, but the detection of such channels over HTTP protocol, as one of the most used protocols, is still interesting for researchers. Known examples of covert timing channels over HTTP require changing the structure of HTTP request or modifying the web server, so it is important to discover covert channel for which there is no need to do it. Some of such channels are covert timing channels based on the cache-control headers family of HTTP protocol. The purpose of the work is the development and implementation of the covert timing channels over HTTP cache-control headers Last-Modified and ETag. As a result of the work, it is found that theoretical maximum speed of the channels based on Last-Modified (via Last-Modified value, If-Modified-Since and If-Unmodified-Since headers) is 1 bit/s. That speed is reachable in practice if latency between remote hosts allows to do the request via HTTP and to get the response in 1 second. Accuracy of implementations of the channels is 99.82 % with 1 bit/s speed. Theoretical maximum speed of the channels based on ETag header (via ETag value, If-Match and If-None-Match headers) with default configuration of web server is the same as for Last-Modified covert channels. But usage of PHP language features allows to speed up channel to 1 bit per $(2L+T)$ seconds, where $L$ is a latency between remote hosts and $T$ is a time that is needed for auxiliary operations (as matching headers, storing bits, calculating sleep time etc.). These covert channels' implementations were tested on 2 bit/s speed and showed 99.55 % accuracy.