Covert Channel Vulnerabilities of Online Marketplaces – Impact on Antitrust Laws

Type: MA thesis

Status: finished

Supervisors: Siming Bayer, Andreas Maier

Antitrust laws (also referred to as competition laws) are developed to promote vigorous competition, and has the purpose to protect consumers from predatory business practices. The paramount objectives of antitrust law are to guarantee working mechanism of markets as well as ensure a fair competition. A prominent example of infringement of antitrust law is illegal price fixing. By definition, it is an agreement among competitors that stabilize prices or other competitive terms, therefore violating the principle of price establishing mechanism through free-market forces. A typical attribute of illegal price fixing practice is the provable communication (written or oral) between human market participants.

However, in the era of digitalization and e-commerce, the detection of this illegal practice is facing new challenges, since the price establishing mechanism is partially or fully automated (i.e., automated dynamic pricing) and the market participants are not necessarily human beings. Consequently, new technological opportunities are available to hide illegal pricing politics. One possible scenario/risk is to utilize the so-called covert channel to transfer information that facilitate the illegal price fixing practice.

A communication channel is called covert, if it is not originally designed for the communication purpose [1]. Generally, it can be categorized into two groups, namely resource and time channel. To date, it is known as one of the most challenging phenomena in the cyber security. Several publications have demonstrate the applications that use covert channel to transfer critical information [2][3]. The goal of this thesis is therefore to investigate the vulnerability of online market places with regard to illegal price fixing practices under covert channel attack. Following aspects have to be included in this work:

  • Literature review of state-of-the-art with regard to covert channel,
  • Simulate a price fixing scenario on an e-commerce market place utilizing covert channel to transfer information,
  • Comparison of covert channel and conventional communication channel,
  • Derive implications and consequences for antitrust law.

[1] Hans-Georg Eßer, Felix C. Freiling. Kapazitätsmessung eines verdeckten Zeitkanals über HTTP, Univ. Mannheim, Technischer Bericht TR-2005-10, November 2005

[2] Freiling F.C., Schinzel S. (2011) Detecting Hidden Storage Side Channel Vulnerabilities in Networked Applications. In: Camenisch J., Fischer-Hübner S., Murayama Y., Portmann A., Rieder C. (eds) Future Challenges in Security and Privacy for Academia and Industry. SEC 2011. IFIP Advances in Information and Communication Technology, vol 354. Springer, Berlin, Heidelberg.

[3] Davide B. Bartolini, Philipp Miedl, and Lothar Thiele. 2016. On the capacity of thermal covert channels in multicores. In Proceedings of the Eleventh EuroSys ’16. Association for Computing Machinery, New York, NY, USA, Article 24, 1–16.