Whispers in End Hopping: High-Robustness Network Covert Channel Based on End Spreading

Abstract

The massive use of end information in the end hopping system not only significantly improves the proactive defense capability but also reveals great potential for covert communication. However, the development of existing network covert channels is hindered by various elimination techniques and a lack of robustness guarantees. In this paper, we first present a novel network covert channel model based on end spreading (CCES) in the end hopping system. We then propose a CCES-based scheme using m-sequence in the hypothetical scenario and theoretically analyze its characteristics, including eavesdropping resistance, loss tolerance, and robust synchronization. To evaluate the performance of the CCES scheme, three evaluation metrics are adopted: non-detectability, robustness, and transmission efficiency. Experimental results show that CCES achieves a bit error rate (BER) below 5% under 30% packet loss, entropy values ranging from 0.15 to 0.82 (comparable to normal traffic), and a transmission efficiency of up to 800 bits per second. These results confirm the CCES scheme’s strong robustness and practical applicability, outperforming traditional covert channels in both reliability and stealth.

1. Introduction

With the proliferation of network technology, increasing attention has been paid to information transmission security [1,2]. It is essential not only to detect and block malicious content such as attack traffic, viruses, and Trojan horses, but also to safeguard the security and privacy of legitimate communications, including commercial and personal data. Network covert channels are extensively utilized by new technology thanks to the characteristics of covert communication [3,4,5]. In addition, radio frequency fingerprint identification (RFFI) has emerged as a promising technique for enhancing internet of things (IoT) cybersecurity by leveraging unique physical layer characteristics of device signals for reliable authentication and anomaly detection. Recent works have demonstrated that deep learning methods, such as SE-enhanced CNNs, can effectively identify abnormal events in complex surveillance scenarios [6], while large language models (LLMs) are being explored for their potential to autonomously handle cryptographic tasks and enhance reasoning in security applications [7].

Network covert channels are typically divided into two broad categories: covert storage channels and timing covert channels. Covert storage channels conceal hidden data in unused or reserved elements of protocol data units (PDUs), such as packet headers, while timing covert channels exploit packet intervals or the arrival times of data packets to transmit secret information [8,9]. Although both types of covert channels have proven useful, they are not without their limitations. For example, network covert storage channels are highly susceptible to content-based detection techniques that inspect packet headers and look for anomalies in the data structure, such as irregular TCP flag distributions detected via relative entropy [10] or unusual sequence/ID field values filtered by tools like NetWarden [11], and extensive studies on IP-header-based covert channels [12]. Timing covert channels are often affected by network performance issues such as latency, packet loss, and noise, making them vulnerable to disruption. For example, network interference and pump could eliminate network timing covert channels with ease [13].

Moreover, recent advancements in countermeasures designed to mitigate covert channel communication have made it increasingly difficult for these channels to evade detection. Techniques such as traffic normalization [14], which alter packet patterns to mask covert channels, and network interference methods, which introduce random delays or noise, are often effective in neutralizing traditional covert channels [15,16]. Despite these challenges, the need for robust covert communication channels that can operate effectively in high-speed and hostile network environments remains pressing.

In light of these issues, this paper introduces a novel approach for constructing a highly robust network covert channel that leverages end spreading in end hopping systems. End hopping, which is inspired by frequency hopping communication [17], introduces an innovative mechanism to secure network communication by dynamically changing end information (such as IP addresses, source/destination ports) in a pseudo-random manner. As an extension of end hopping, end spreading [18] draws further inspiration from frequency hopping spread spectrum (FHSS) and is designed to achieve authentication and synchronization in high-speed end hopping systems, offering enhanced confidentiality and robustness. This paper proposes the CCES (covert channel based on end spreading) model, which addresses the critical challenges faced by existing network covert channels, namely, their low robustness, poor concealment, and vulnerability to detection.

Although hopping techniques have been studied, this work focuses on the robust and quantifiable analysis of end spreading. The CCES model offers several key differences from previous methods:

Eavesdropping Resistance: The secret messages are embedded into end spreading sequences, which are independent of each other. Even if part of the sequences is intercepted, the remaining sequences are nearly impossible to decipher without the proper decoding mechanism.

Loss Tolerance: The CCES scheme converts the secret message into multiple sequences using end spreading, which enhances its ability to maintain communication even under adverse network conditions such as packet loss or network interference. The redundancy of end spreading sequences allows for the recovery of the original message despite packet loss, providing robustness against environmental disturbances.

Robust Synchronization: Unlike traditional synchronization methods that rely on reference clocks, the CCES scheme employs end spreading sequences to synchronize communication between the sender and receiver. This mechanism is robust against network latency and jitter, ensuring reliable communication even in high-speed end hopping systems [18].

In summary, the proposed CCES model represents a significant advancement in covert communication systems by leveraging end spreading to address the vulnerabilities of existing covert channels. This model offers a powerful solution for secure communication in modern network environments, where resilience, confidentiality, and resistance to detection are essential.

The rest of this paper is organized as follows: In Section 2, we review the related work regarding network covert channels and proactive network defense technologies. The model sketch of CCES and scheme implementation is described in Section 3. Section 4 introduces the evaluation metrics used to evaluate the covert channel of the network. Section 5, we implement extensive experiments to validate the channel characteristics practically. We conclude this paper in Section 6.

2. Related Work

In this section, we introduce some related work in network covert channels and proactive network defense technologies.

2.1. Network Covert Channel

Network covert channels were originally studied in [19], and two typical classes of network covert channels are timing and storage channels. The former modulates packet timing [20] and the latter embeds data inside packet headers [21]. As an example of the former, an attacker could use the data packet intervals or the arrival time of packets to convey hidden information [8].

The detection and mitigation of network covert channels are of increasing interest in light of the research of their defects or weaknesses, which is summarized as follows.

The detection of network covert channels: Xie et al. [22] proposed a novel DomEye method based on throughput spoofing defects to detect domain name spoofing through traffic-level analysis and machine learning. This method achieves efficient detection of covert channels with a lower false alarm rate and computational overhead. Lin et al. [23] proposed a detection method based on the isolation forest algorithm, which can effectively identify covert channels disguised as legitimate traffic and doped with abnormal features, and improve the detection performance of various covert channels.

The mitigation of network covert channels: Gonzalez et al. [24] proposed a system-aware defense method that combines heuristics and machine learning strategies to effectively defend against power-based covert channel attacks through task migration and intelligent DVFS adjustment. Taking advantage of the dynamic nature of Quick UDP Internet Connection (QUIC) protocol traffic and the encapsulation capabilities of proxy services, Huang et al. [25] proposed a covert communication system, QuicCourier. This method successfully achieved high-speed, highly concealed information transmission and verified its superior anti-detection performance on a large amount of real traffic.

Few covert storage channels could rely on the features of the carrier to guarantee robustness [15] and timing covert channels are susceptible to network performance (e.g., congestion, packet loss, noise, etc.) or limited to the channel capacity [26]. Depressed by low robustness, poor concealment, and being eliminated with ease, we are eager to construct a novel covert channel with high robustness and good performance against existing detection or mitigation technologies; then, we turn towards end spreading.

2.2. End Hopping and Spreading

In recent years, end hopping has also drawn considerable attention and has been applied in multiple fields. Motivated by FHSS for military communication, end hopping hides the service identity and performs proactive network defense by constantly altering end information in a pseudo-random way [17]. Since focusing on the change over the network layer, end hopping could be regarded as a special case of moving target defense (MTD). Jafarian et al. [27] presented an effective address randomization technique, called random host address mutation (RHM), that turns end hosts into untraceable moving targets and achieves maximum efficacy by allowing address randomization to be highly unpredictable and fast, and adaptive to adversarial behavior, while incurring low operational and reconfiguration overhead.

Mazurczyk et al. [28] proposed a pattern classification framework for network information hiding methods. By constructing an “information hiding pattern” system, they systematically abstractly describe and hierarchically divide network covert channels. The core of their framework is to divide covert channels into storage type and time type according to the data embedding method (such as inter-packet delay modulation, etc.), and further support advanced features such as pattern combination and hopping. However, the pattern system focuses more on the classification and understanding of methods, and pays less attention to key issues such as robustness and synchronization mechanisms. Their method is particularly lacking in the characterization and support of behavioral covert channels in highly dynamic network environments. In contrast, CCES takes the end spreading as the core, combines m-sequence with end hopping, and constructs a hybrid channel with both storage characteristics and behavioral hiding characteristics, showing excellent robustness and synchronization performance in a high-packet-loss environment.

However, resorting to the advanced and automated attack tools, sophisticated attackers could still perform thorough reconnaissance with great ease to enumerate assets of the end hopping system that stays at a low-speed mutating rate. Consequently, pursuing a high-speed end hopping rate has become a research hotspot recently [18]. Taking this as our goal, we need to improve the synchronization mechanism that is linked closely to the hopping rate in the end hopping system. Clock synchronization [29] and timestamp synchronization [30] are both traditional tracking synchronization mechanisms whose performance, however, is seriously influenced by network packet disorder or time delay and limits the end hopping rate at the order of hectosecond or decasecond; such a rate provides skilled adversaries sufficient time to reconnoiter the whole system and reuse the collected reconnaissance information in various stages of attack planning and execution. To get rid of the above quagmire, researchers eagerly seek a novel mechanism for the high-speed end hopping system.

In FHSS, the communication session is conducted by converting the narrowband information signal to a signal with a much wider band. Specifically, by significantly expanding the bandwidth used, FHSS allows communication parties to work with a much smaller ratio of signal strength to the noise power, resulting from Shannon’s theorem as follows:

$$C=B·{log}_2(1+S/N),$$

(1)

where C, B, S, N, and $S/N$ represent the channel capacity, channel bandwidth, average received signal power, average noise power, and signal-to-noise ratio (SNR), respectively. It is easy to conclude that the more the noise dominates the signal, the wider the band the signal must occupy to receive it correctly. Put simply, the signal gains higher robustness, but this comes at the expense of bandwidth [31].

Enlightened by the above idea, end spreading was proposed as a novel mechanism to accomplish the synchronization in high-speed end hopping systems while helping to accelerate the end hopping rate to the order of decisecond, or even millisecond [18]. Different from utilizing the reference clock, end spreading initiates the communication session by expanding the authentication message into end spreading sequences composed of one or more items of end information and then transmitting them to the receiver. Choosing IP address and port as the specific end information, we can present the end spreading sequences (ESs) as in Equation (2) and the schematic diagram of end spreading as in Figure 1.

$$\begin{array}{cc}\hfill & ESs=\{(sI{P}_1,sPor{t}_1,dI{P}_1,dPor{t}_1),(sI{P}_2,sPor{t}_2,dI{P}_2,dPor{t}_2)\cdots (sI{P}_m,sPor{t}_m,\hfill \\ \hfill & dI{P}_m,dPor{t}_m\left)\right\}.\hfill \end{array}$$

(2)

where $sI{P}_m,sPor{t}_m,dI{P}_m,dPor{t}_m$ stand for source IP address, source port , destination IP address and destination port in the mth end spreading sequence, respectively.

As we introduced in detail before, there are three major attributes of end spreading: asynchronization, confidentiality, and robustness. Meanwhile, abundant end information and raw materials can be modulated to carry the secret message, which shows great potential in leveraging end spreading for constructing a network covert channel with high robustness and good performance. However, the end spreading sequences generated by the existing generation algorithm can not load messages directly, and the statistical distribution has obvious regularity, thereby being discovered by detectors easily. Therefore, our paper is devoted to addressing the problems above.

3. Model and Scheme

In this section, we formally describe the CCES that consists of the message sender, message receiver, original message, and message transmission. We assume the communication scenario and propose a CCES-based scheme in the end hopping system.

3.1. Model of CCES

CCES means the network covert channel model based on end spreading, which can be represented as:

$$\langle P_s,P_r,M,T_{s,r}\rangle ,$$

(3)

where $P_s$, $P_r$, M, and $T_{s,r}$ stand for message sender, message receiver, original message, and message transmission, respectively.

In CCES, the goal is to deliver the original message M from sender $P_s$ to receiver $P_r$ through a transmission operator $T_{s,r}$. $T_{s,r}$ can be formulated as a mapping:

$$T_{s,r}:(P_s,M^{\prime })\mapsto (P_r,M^{\prime \prime })$$

(4)

where $M^{\prime }$ represents the preprocessed and modulated form of the original message M and $M^{\prime \prime }$ denotes the reconstructed message at the receiver side.

Message preprocessing is a conversion process in which M is converted into $M^{\prime }$ by $F_1$, as shown in (5):

$$\begin{array}{c}\hfill F_1\left(M\right)\iff M\to M^{\prime }\iff M\to (m_1^{\prime },m_2^{\prime },\cdots ,m_k^{\prime },\cdots ,m_t^{\prime }),\end{array}$$

(5)

where $F_1$ is the encoding rule being shared by $P_s$ and $P_r$, $M^{\prime }$ is the converted M, and $m_k^{\prime }$ is the subgroup in $M^{\prime }$.

Pseudo-random sequence modulation means that the pseudo-random sequence (PRS) generated by a pseudo-random sequence generator is modulated by $m_k^{\prime }$ in $M^{\prime }$ in turn. Thus,

$$\begin{array}{cc}\hfill M_{PRS}& =F_2(M^{\prime },PRS)\hfill \\ \hfill & =\left\{{\left(m_{prs}\right)}_1,\cdots ,{\left(m_{prs}\right)}_k,\cdots ,{\left(m_{prs}\right)}_t\right\},\hfill \end{array}$$

(6)

where $F_2$ represents the modulation algorithm.

End spreading sequence generation is the conversion process from $M_{PRS}$ to end spreading sequences (ESs) in which $M_{PRS}$ is processed by $F_3$. Thus,

$$\begin{array}{cc}\hfill ESs& =F_3\left(M_{PRS}\right)\hfill \\ \hfill & =\left\{ES{s}_1,ES{s}_2,\cdots ,ES{s}_l,\cdots ,ES{s}_u\right\},\hfill \end{array}$$

(7)

where end spreading sequence generation algorithm is denoted by $F_3$. Assuming the end spreading degree is e, the length of ESS in the above equation is u (where $u=e·t$)

End spreading sequence demodulation is the inverse conversion process of end spreading sequence generation and pseudo-random sequence modulation in which end information is extracted from ESs and demodulated to $M^{\prime }$ by F, as shown in Equation (8):

$$M^{\prime }=F(ESs,PRS),$$

(8)

where F means the demodulation algorithm and PRS is generated by the same pseudo-random sequence generator in pseudo-random sequence modulation.

Message reverting is the reverse conversion process of message preprocessing in which $P_r$ decodes $M^{\prime }$ and recovers M by $F_1^{-1}$, as shown in Equation (9):

$$M=F_1^{-1}\left(M^{\prime }\right),$$

(9)

where $F_1^{-1}$ is the inverse function of $F_1$.

In summary, CCES is a kind of hybrid network covert channel, characterized by storage and behavior. The original message is not only loaded on the end information of the packet header but also relies upon the behavior of sequences. As far as we know, few detection or mitigation technologies have discussed this type of covert channel since the end information is the stationary opponent in the packet header and a large amount of end information is utilized in the end hopping system. The CCES model is depicted in Figure 2.

3.2. Scheme Implementation

3.2.1. The Communication Scenario

We first suppose a communication scenario for the CCES scheme in which message sender $P_r$ wants to covertly communicate with the message receiver, but an attacker locates and launches serious threats to the system, including scanning the active server host to collect intelligence, eavesdropping and analyzing network traffic, and launching denial of service (DoS) attacks to compromise server hosts or congest the network. The communication scenario is shown in Figure 3.

In this communication scenario, the end hopping client acts as the message sender, while the end hopping server serves as the message receiver. The two parties achieve covert communication through the transmission of end spreading sequence from the sender. During this process, the server remains silent and captures end spreading sequence by monitoring processes. This mechanism prevents attackers from determining the host status through scanning attacks, thereby thwarting attempts to launch targeted attacks and effectively protecting the server.

Scanning and Reconnaissance: The attacker can perform reconnaissance by scanning the network to gather information about active server hosts. This can help the adversary understand the system’s structure and potentially exploit vulnerabilities.

Eavesdropping and Traffic Analysis: The adversary can engage in eavesdropping on the network traffic. By intercepting packets, the attacker attempts to analyze the data being transmitted between the sender and receiver. This could allow the attacker to detect the covert communication or extract sensitive information from the packets.

Denial of Service Attacks: The adversary can launch DoS attacks against the network, which would attempt to block or disrupt the communication between the sender and receiver. This could overwhelm the network with traffic, preventing the legitimate communication from being transmitted effectively or causing packet loss.

Network Congestion: The attacker might also attempt to induce network congestion by flooding the network with excessive traffic or through other malicious techniques. This can degrade the performance of the covert channel and cause communication delays or failures.

3.2.2. The CCES-Based Scheme

We propose a CCES-based scheme under the above scenario, taking m-sequence as the pseudo-random sequence $PRS$.

M-Sequence Generation

As a kind of typical pseudo-random binary sequence used in radio communication, m-sequence has complete characteristics of $PRS$ and a broad range of applications, like FHSS, code division multiple access (CDMA), encryption, etc. m-sequence represents the longest sequence generated by the linear feedback shift register (LFSR) shown in Figure 4a.

In Figure 4a, $c_i$ represents the connection state and $c_i\in \{0,1\}$ where 0 and 1 mean $disconnected$ and $connected$, respectively, and $a_i$ represents the shift register. A necessary and sufficient condition for the sequence generated by an LFSR to be m-sequence is that its $f\left(x\right)$ is a primitive polynomial [32].

Message Preprocessing

In this section, the original message M will be converted into $M^{\prime }$ by the encoding rule $F_1$. Supposing the original message M is “hello”, we first gain the decimal value of each character according to the ASCII table, then convert them to binary. Since the printable characters’ range in ASCII is $[32,126]$, the maximum binary is “0b1111110” with a length of 7 and the minimum is “0b100000” with a length of 6. To unify the format and process conveniently, we fix the binary length as 7 and left-pad it with zeroes. Considering that the primitive polynomials’ orders are different, we appropriately merge the converted binary values and right-pad them with zeroes. At this stage, the necessary prerequisite communication data elements, including cryptographic keys, are distributed by a Certificate Authority (CA) or a trusted third party to ensure secure initialization.

M-Sequence Modulation

In this section, m-sequence will be modulated by $m_k^{\prime }$ in $M^{\prime }$ in turn, which is depicted in Figure 4b. It is worth mentioning that the initial values of $a_i$ in LFSR are used as the PRS generation key shared by $P_s$ and $P_r$, namely $PRSkey$. For instance, we select $f\left(x\right)=x^7+x^3+1$ as the primitive polynomials to generate m-sequence and $PRSkey$ is “0b1010101”. Thus, the unmodulated m-sequence $PRS$ is: 0b101010100001011011110011100101011001100000110110101101000110010001000000100100110100111101110000111111100011101100010100101111. where the period of $PRS$ is 127 and the length of ${\left(m_{prs}\right)}_k$ is 889.

End Spreading Sequence Generation

In this section, the raw material $M_{PRS}$ will be fabricated to gain the end spreading sequences. $DstPort$ (i.e., destination port), $DstIP$ (i.e., destination IP), and .222222222222222222222222222222222222222222.$SrcPort$ (i.e., source port) are picked as the carrier of $M_{PRS}$, verification field to identify the legal pieces of end spreading sequences, and framing flag to distinguish different ${\left(m_{prs}\right)}_k$, respectively.

Firstly, ${\left(m_{prs}\right)}_k$ needs to be divided into m ($m={\displaystyle \frac{p}{n}}$) groups where p, n, and m means the length of ${\left(m_{prs}\right)}_k$, the unit length (i.e., the number of bits per element), and the number of subgroups in ${\left(m_{prs}\right)}_k$, respectively. Then, each subgroup needs to be converted from binary to decimal, thereby deriving the $DstPor{t}_k$ sequences corresponding to ${\left(m_{prs}\right)}_k$. Eventually, based on the pseudocode shown in Algorithm 1, we can also gain the corresponding $DstI{P}_k$ and $SrcPor{t}_k$ sequences.

Following the above assumption, we divide ${\left(m_{prs}\right)}_k$ into 127 subgroups, respectively, and the results are shown in

Table 1. The partial results of $DstPor{t}_k$ sequences.

${\left({\mathit{m}}_{\mathit{prs}}\right)}_{\mathit{k}}$	${\mathit{DstPort}}_{\mathit{k}}$ Sequences
${\left(m_{prs}\right)}_1$	$\begin{array}{c}\hfill DstPor{t}_1=\{94,33,95,35,91,42,73,14,0,29,38,80,60,100,85,55,114,120,108,69,23,50,121,\cdots \}\end{array}$
${\left(m_{prs}\right)}_5$	$\begin{array}{c}\hfill DstPor{t}_5=\{46,81,47,83,43,90,57,126,112,109,86,32,76,20,37,71,2,8,28,53,103,66,9,30,\cdots \}\end{array}$

. Based on Algorithm 1, we assume that the $mappingkey$ is 85, $DstI{P}_{pool}$ is $\{192.168.1.91,\cdots ,192.168.1.100\}$, and the $binlen$ is 8; then, the generated $DstI{P}_k$ sequences are displayed in Figure 5 and $SrcPor{t}_k$ sequences are displayed in

Table 2. The partial results of $SrcPor{t}_k$ sequences.

${\left({\mathit{m}}_{\mathit{prs}}\right)}_{\mathit{k}}$	${\mathit{SrcPort}}_{\mathit{k}}$ Sequences
${\left(m_{prs}\right)}_1$	$\begin{array}{c}\hfill SrcPor{t}_1=\{282,221,283,223,279,230,261,202,188,217,226,268,248,288,273,243,302,308,\cdots \}\end{array}$
${\left(m_{prs}\right)}_5$	$\begin{array}{c}\hfill SrcPor{t}_5=\{139,174,140,176,136,183,150,219,205,202,179,125,169,113,130,164,95,101,\cdots \}\end{array}$

, where the length of $DstI{P}_k$ and $SrcPor{t}_k$ sequences are both 127.

Algorithm 1 The pseudocode of $DstI{P}_k$ and $SrcPor{t}_k$ sequence generation algorithms.

Require:  ${\left(m_{prs}\right)}_k$; p; n; $DstI{P}_{pool}$: the set of $DstIPs$ shared by $P_s$ and $P_r$; $ke{y}_{xor}$, $le{n}_{bin}$: the temporary secrets negotiated by $P_s$ and $P_r$.   Ensure:  $DstI{P}_k$, $SrcPor{t}_k$ 1: for all  ${(m-Seq)}_i\in {\left(m_{prs}\right)}_k$ do 2:     Divide ${(m-Seq)}_i$ into $num=p/n$ binary segments of length n 3:     Convert each binary segment to decimal to obtain ${\left(DstPor{t}_k\right)}_i$ 4: end for 5: $DstPor{t}_k\leftarrow \{{\left(DstPor{t}_k\right)}_1,{\left(DstPor{t}_k\right)}_2,\cdots \}$ 6: for all  ${\left(DstPor{t}_k\right)}_i\in DstPor{t}_k$   do 7:     for all  $dstport\in {\left(DstPor{t}_k\right)}_i$  do 8:          $xor\leftarrow dstport\oplus ke{y}_{xor}$ 9:          $index\leftarrow xormod|DstI{P}_{pool}|$ 10:        $dstIP\leftarrow DstI{P}_{pool}\left[index\right]$ 11:        Append $dstIP$ to ${\left(DstI{P}_k\right)}_i$ 12:     end for 13:     Extract the first $le{n}_{bin}$ bits of ${(m-Seq)}_i$ and convert to decimal, denoted as $random$ 14:     for all  $dstport\in {\left(DstPor{t}_k\right)}_i$ do 15:        $srcpor{t}_i\leftarrow (random+dstport)$ mod 65535 16:       Append $srcpor{t}_i$ to ${\left(SrcPor{t}_k\right)}_i$ 17:     end for 18: end for 19: $$ 20: return $DstI{P}_k$, $SrcPor{t}_k$

However, the number of corresponding SrcPort-DstIP-DstPort combinations is too large to transmit practically. In the CCES scheme, we merely successively select e (SrcPort, DstIP, DstPort) pairs to indicate ${\left(m_{prs}\right)}_k$, which not only greatly reduces the quantity of SrcPort-DstIP-DstPort combinations, but also brings little transmission accuracy disturbance. Here, e represents the end spreading degree that plays a crucial role in the robustness of the CCES scheme. The higher end spreading degree makes the CCES scheme gain more resistant against attack or hostile network environment, but has lower transmission efficiency, which will be proved theoretically and experimentally validated. Assuming e is 3, the corresponding SrcPort-DstIP-DstPort combinations of ${\left(m_{prs}\right)}_k$ are shown: ${\left(m_{prs}\right)}_1$: 282,192.168.1.92,94; 221,192.168.1.97,33; 283,192.168.1.91,95. ${\left(m_{prs}\right)}_5$: 139,192.168.1.94,46;174,192.168.1.95,81; 140,192.168.1.93,47.

$M_{PRS}$ is eventually converted into $e·t$ combinations where t is the amount of $m_k^{\prime }$ in $M^{\prime }$. After embedding them into packet headers, end spreading sequence generation is accomplished.

End Spreading Sequence Demodulation

After synchronization, $P_r$ is prepared to receive the end spreading sequences through the monitoring event. Firstly, $P_r$ effectively filters the irrelevant packets, which benefits from the collaboration relationship between DstIP–DstPort pairs. Next, $P_r$ derives the $DstPor{t}_k$ sequences through SrcPort-DstPort pairs. Given the known LFSR order n, $PRSkey$, and the length of $m_k^{\prime }$, $P_r$ could generate the correct m-sequence $PRS$ and modulate it by all possible $m_k^{\prime }$ with the number of $2^b$. After comparing the $DstPor{t}_k$ sequences with all possible modulation outcomes, $P_r$ could determine the $m_k^{\prime }$ and then derive $M^{\prime }$. Finally, $M^{\prime }$ is decoded to M, which is contrary to the message preprocessing.

3.2.3. Characteristic Analysis

The CCES scheme is characterized by high robustness, including eavesdropping resistance, loss tolerance, and robust synchronization. Now, we give its theoretical analysis.

Loss Tolerance

Loss tolerance means $P_r$ could still demodulate the fragmentary end spreading sequences to obtain M with high accuracy. When being converted into e end spreading sequences, $m_k^{\prime }$ obtains loss tolerance at the expense of becoming redundant or occupying more resources. However, the left number of pieces is required; otherwise, $m_k^{\prime }$ can not be demodulated correctly with too few end spreading sequences. The maximum number of loss packets is known as the loss tolerance degree, denoted by $\tau$. Obviously, the greater end spreading degree has greater loss tolerance performance, but it is hard to give a fixed $\tau$ value for different e due to the various $PRS$ and M, which allows us to adjust $\tau$ according to the actual situation.

The usage of framing flags $SrcPort$ guarantees that there is little association among the end spreading sequences of $m_k^{\prime }$ and no chain reaction even if partial end spreading sequences were damaged.

Eavesdropping Resistance

We denote M by $e·t$ end spreading sequences which have no apparent regularity observed on the surface; hence, it is hard for eavesdroppers to conjecture the rest of end spreading sequences if they were partially monitored. Considering the worst case that the eavesdropper pilfers all the end spreading sequences, we show the following analysis of their success probability Q to obtain the original message M.

Since there is no difference in modulation and demodulation among subgroups $m_k^{\prime }$ of $M^{\prime }$, we regard Q of $m_k^{\prime }$ as the Q of $M^{\prime }$ or M. Assuming that the eavesdropper obtains $\alpha$ packets from the network, including $\beta =e·t$ legal packets, it first needs to determine at least $(e-\tau )$ legal end spreading sequences via hyper-geometric distribution. Accordingly, the probability P that it successfully obtains at least $(e-\tau )$ legal pieces in the space $\alpha$ in $\eta$ draws can be given by:

$$P=\{\begin{array}{cc}0,\hfill & 0<\eta <(e-\tau )\\ & ore<\eta <\alpha .\\ \\ \frac{{\displaystyle \sum _{i=0}^{\tau }}\left(\genfrac{}{}{0pt}{}{e-i}{\beta }\right)\left(\genfrac{}{}{0pt}{}{\eta -e+i}{\alpha -\beta }\right)}{\left(\genfrac{}{}{0pt}{}{\eta }{\alpha }\right)},& (e-\tau )\le \eta \le e.\end{array}$$

(10)

The $\alpha$ packets obtained by the eavesdropper consist of e legal packets and $(\alpha -e)$ irrelevant packets, so the legal packets account for ${\displaystyle \frac{e}{\alpha }}.$ What $P_s$ hopes is that the eavesdropper collects as many irrelevant packets as possible, thus implementing covert communication during normal communication greatly reduces the P for eavesdropper ($P\approx 0, e\ll \alpha$). The eavesdropper has to loop through $\eta$ in the range of (0, $\alpha$] due to lacking the knowledge of e and the usage of framing flags. The reasonable range accounts for ${\displaystyle \frac{\tau }{\alpha }}$; therefore, $\tau$ is inversely correlated with P.

Now, supposing the eavesdropper has already learnt about e, the final success probability Q can be given by:

$$Q={\displaystyle \frac{1}{2^{n+b}}}P=\frac{{\displaystyle \sum _{i=0}^{\tau }}\left(\genfrac{}{}{0pt}{}{e-i}{\beta }\right)\left(\genfrac{}{}{0pt}{}{\eta -e+i}{\alpha -\beta }\right)}{2^{n+b}\left(\genfrac{}{}{0pt}{}{\eta }{\alpha }\right)},(e-\tau )\le \eta \le e,$$

(11)

where n and b means the length of PRSkey and the length of $m_k^{\prime }$, respectively. Obviously, the increase in n and b leads to an exponential decline in Q. In summary, conducting covert communication during normal communication, using the smaller $\tau$, and generating the longer m-sequence protects the covert communication from eavesdropping well.

However, every coin has two sides. As we mentioned before, a smaller $\tau$ implies a smaller e, which exerts negative effects on the loss tolerance, and the longer m-sequence also increases the burden for demodulation. Hence, we need to dynamically adjust the CCES scheme for the practical scenario.

Robust Synchronization

As an indispensable mechanism for covert communication, synchronization is of great significance in ensuring the integrity of the message. In the proposed CCES scheme, $P_s$ utilizes end spreading sequences with the specific meaning shared by $P_s$ and $P_r$ to inform $P_r$ to initialize the receiving event, which guarantees the optimum reception of end spreading sequences and makes the process of constructing more robust against network attacks.

4. Evaluation Metrics

As proposed in [33], the evaluation framework of covert channels, including channel capacity, robustness, and stealth, can be applied to both storage and timing covert channels, where capacity means the quantity of data that each packet transports, robustness means how easily the covert channel can be eliminated and how robust it is against channel noise, and stealth means how different the covert traffic is from normal traffic. In [34], robustness, rate, and non-detectability refer to the ability of a covert channel to not be indistinguishable from the overt channel, the ability against noise, and the number of bits delivered by each data packet, respectively.

Based on the above related work, we also propose three evaluation metrics for the CCES scheme: non-detectability, robustness, and efficiency. Non-detectability refers to the undiscovered ability during covert communication, measured by entropy; robustness refers to the capability against the attacker or hostile network environment, measured by bit error rate (BER); efficiency refers to the number of binary bits transmitted in unit time, measured by bits per second (BPS).

4.1. Non-Detectability

Hopping patterns and hopping rates are key features of the end hopping system. The former is generated with pseudo-random sequences and the latter is dynamically controlled according to the current network environment [18]. To mimic the normal end hopping (i.e., the overt channel) as much as possible, the CCES scheme has to behave similarly to the above key features of end hopping. Since the CCES scheme is insensitive to the timing, it could stay completely consistent with the hopping rate during the normal end hopping communication, thereby evading the detection or elimination methods used for the timing covert channels with great ease. To mimic the hopping pattern, the CCES scheme utilizes the original message to modulate the pseudo-random sequences, hoping to present the approximate pseudo-randomness of the hopping pattern. We introduce the entropy to measure the pseudo-randomness.

Originating from thermodynamics and proposed by Shannon in 1948 [35], entropy is a quantitative measure of the randomness for random variables [36]. The formula of entropy is as follows:

$$EN\left(X\right)=-\sum _{i=1}^n{p}_i{log}_2{p}_i.$$

(12)

where $p_i$ represents the probability of each event occurring in the system. By calculating and comparing the corresponding end information sequence entropy in both normal end hopping and the CCES scheme, we could judge whether the CCES scheme’s pseudo-randomness is significantly different from that of normal end hopping, thus evaluating its non-detectability.

4.2. Robustness

The robustness of the CCES scheme refers to the capability against an attacker or hostile network environment, which negatively affects the quality of covert communication. We utilize the bit error rate (BER) to measure the robustness, as defined below:

$$BER={\displaystyle \frac{S_{error}}{S_{all}}},$$

(13)

where $S_{error}$ and $S_{all}$ represent the number of error bits and the total number of transmitted bits, respectively.

Here, we propose another definition of BER with the end spreading degree e and the loss tolerance degree $\tau$. In the CCES scheme, $P_s$ denotes $m_k^{\prime }$ by e$DstPort$ sequences (i.e., $DstPor{t}_k$) and $P_r$ regains it during the demodulation the end spreading sequences, namely $DstPor{t}_k$. However, whether $DstPor{t}_k^{\prime }$ could be demodulated correctly relies on the loss tolerance degree of $DstPor{t}_k^{\prime }$. Suppose the number of same elements in $DstPor{t}_k$ and $DstPor{t}_k$ is denoted as $ϵ$ and the function $\Gamma$ means whether $DstPor{t}_k^{\prime }$ can be demodulated correctly, as indicated by 0 or 1. Thus,

$$\Gamma (DstPor{t}_k,DstPor{t}_k^{\prime })=\{\begin{array}{c}0,\hspace{1em}e-\tau \le ϵ<e\\ \\ 1,\hspace{1em}0\le ϵ<e-\tau \end{array}$$

(14)

When $ϵ\in [0,e-\tau )$, the $DstPor{t}_k^{\prime }$ can not be demodulated correctly; thus, the BER could also be defined as:

$$BER={\displaystyle \frac{{\sum }_{i=1}^t\mathsf{\Gamma }(DstPor{t}_i,DstPor{t}_i^{\prime })}{t}},$$

(15)

where t means the number of $m_k^{\prime }$ in $M^{\prime }$.

4.3. Efficiency

Transmission efficiency of the CCES scheme is defined as the amount of error-free bits transmitted in unit time, measured by bits per second ($BPS$), as shown in (16).

$$BPS={\displaystyle \frac{N\left(\mu \right)}{\mu }},$$

(16)

where $N\left(\mu \right)$ represents the number of error-free bits transmitted in $\mu$ seconds.

We also introduce another novel representation for BPS. Since $m_k^{\prime }$ is converted into e end spreading sequences and supposing the length of $m_k^{\prime }$ is b, the bits carried by each legal piece is ${\displaystyle \frac{b}{e}}$. Thus,

$$BPS=r{\displaystyle \frac{b}{e}},$$

(17)

where r means the number of legal pieces demodulated correctly by $P_r$ per second. Obviously, e is inversely related to $BPS$.

5. Experiment Analysis

To practically verify the performance of the proposed CCES scheme, the prototype system was built under the end hopping system in [18], including an extra adversary $P_{atk}$, who can launch a network attack to thwart the covert communication. All of the communication participants are deployed on Linux PCs, and the specific PC configurations are shown in

Table 3. Configurations of Linux PCs.

Role	CPU	OS	Memory	Storage
$P_s$	Core i5-5200U	Ubuntu16.04	8G	512G
$P_r$	Core i7-7700	Ubuntu16.04	8G	1T
$P_{atk}$	Core i7-6700	Ubuntu16.04	8G	512G

.

Based on the evaluation metrics proposed in Section 4, three kinds of performance tests were conducted, and below is the specific experimental analysis.

5.1. Non-Detectability Test

As the basic property, concealment is a prerequisite for covert channels in practice. In the normal end hopping, the hopping pattern of end information keeps appearance irregularity (i.e., pseudo-randomness), resulting in bewildering attackers proactively. Hence, only when the CCES scheme equips approximate pseudo-randomness can it avoid arousing the adversary’s attention and gain great non-detectability. So, we modulated the m-sequences with the original message to increase the non-detectability. In Section 4, we propose to measure the pseudo-randomness with entropy and test the non-detectability of the CCES scheme by comparing the entropy difference between the CCES scheme and normal end hopping.

Firstly, we collected about 1,000,000 packets from the normal end hopping and divided them into 100 groups. Extracting the end information used in the CCES scheme separately, we obtained 100 combinations of SrcPort-DstIP–DstPort sequences. After calculating their entropy, the entropy ranges of $SrcPort$, $DstIP$, and $DstPort$ are [0.15, 0.82], [0.40, 0.75], and [0.2, 0.8] separately.

Then, we measured the corresponding entropy ranges of the CCES scheme. Since the end information entropy is greatly affected by the m-sequences and the end spreading degree in the CCES scheme, we conducted the measurement with different combinations of n and e, where $n\in \{7,9,14,16\}$ and $e\in \{2,3,4,5,6,7,8,9,10\}$. For each $(n,e)$, we took the same step with the normal traffic to obtain the entropy range of $SrcPort$, $DstIP$, and $DstPort$ separately. The final results are shown in Figure 6.

We can observe from Figure 6 that different $(n,e)$ pairs present various entropy distributions. To develop the non-detectability of the CCES scheme, the $(n,e)$ pairs whose entropy ranges of $SrcPort$, $DstIP$, and $DstPort$ all within the corresponding normal entropy range ought to be utilized to generate end spreading sequences. Obviously, our scheme provides various alternative $(n,e)$ pairs accorded with the above requirement, like $(7,e),e\in \{4,5,6,7,8,9,10\},(n,4),n\in \{7,9,14,16\}$, etc., which allows $P_s$ to generate the appropriate end spreading sequences for covert communication.

Without loss of generality, we select several typical $(n,e)$ pairs to perform the following tests, including $(14,e),e\in 4,5,6,7,8,9$, and the experimental process is also applicable to other pairs.

5.2. Robustness Test

In our hypothetical communication scenario, the communication environment is getting worse due to the attack by $P_{atk}$, including launching the DoS attack to thwart the covert communication and cause the severe packet loss, which sets a still-higher demand for the CCES scheme in terms of robustness. Compared with the scheme proposed in [37], we designed the following test.

Loss Tolerance Test

In this section, we discuss the impact on the CCES scheme when suffering from packet loss caused by DoS or a bad network environment. Netem is a network simulation function module provided by Linux 2.6 and above, used to simulate complex network environments, like low-bandwidth, transmission delay, packet loss, etc. Command $\#tcqdiscadddeveth0rootnetemloss1\%$ means randomly discard 1% of data packets. We set the packet loss rate (PLR) in the range of $(0\%,40\%)$ and the final results are shown in Figure 7a.

There are five schemes in the test: the James Gimbi scheme in [37] (regarding the value difference among the $SrcPorts$ as the covert channel), the scheme without end spreading (i.e., loading M directly over end information), and the proposed CCES schemes with three different values of e. As shown in Figure 7a, since it merely relies on the relationship among $SrcPort$ and lacks loss tolerance, the James Gimbi scheme has the worst robustness with the increase in PLR. Although the scheme without end spreading performs better than James Gimbi’s due to the independence among end information, the BER still rises rapidly under the higher PLR. However, the CCES schemes achieve better robustness, especially in the higher end spreading degree, which benefits from the inherent loss tolerance. Therefore, the test results are consistent with the theoretical analysis above.

Anti-Interference Test

To defend against the attack intended to obstruct the covert communication, the covert channel ought to be equipped with robust anti-interference capability. In this section, SYN-Flood, a typical kind of DoS attack, was launched by Hping3 to build a network environment glutted with irrelevant packets. The attack strength of SYN-Flood is from $0\left(Mbps\right)$ to $50\left(Mbps\right)$, and the final performance of the five schemes is shown in Figure 7b.

For the James Gimbi scheme, the irrelevant packets set off a chain reaction with ease due to a lack of filtering mechanisms; thus, the BER increases dramatically. On the contrary, since the usage of framing flags and verification field, the BER of the CCES scheme is far below that of others, which indicates great anti-interference.

Although a larger e can improve performance, it also brings a significant drawback: a substantial reduction in communication efficiency. As e increases, the amount of redundancy or spreading grows, resulting in a lower effective data transmission rate.

5.3. Efficiency Test

The efficiency of the CCES scheme is not only greatly affected by the end spreading degree e, but also limited by the hopping rate of normal end hopping. Hence, we designed two types of efficiency tests by means of controlling variates: the relationship between efficiency and hopping rate under fixed e and the relationship between efficiency and e under fixed hopping rate. The robustness tests are conducted under two kinds of network environments, respectively, and in this section, we propose mixing and grading them to build multiple environments while making our test closer to reality. The detailed introduction is shown in

Table 4. Network environment grading.

Grades:	Level 0	Level 1	Level 2	Level 3	Level 4
DoS (Mbps):	0	(0,20]	(20,40]	(40,60]	(60,80]
PLR (%):	0	(0,10]	(10,20]	(20,30]	(30,40]

.

Efficiency and Hopping Rate Test

As one of the significant features of the normal end hopping, hopping rate determines the transmission rate of our end spreading sequences to maintain the non-detectability in terms of timing attribute. To test the efficiency of the CCES scheme, we set $e=4$ and the hopping rate from 1 (hops/s) to 200 (hops/s); the final test results are shown in Figure 8a.

It is clear that as the hopping rate increases, so too does efficiency. However, the efficiency is greatly affected by the environment, such as the efficiency under Level 4 is 450 (bits/s), which is merely about half of that under Level 0.

Efficiency and End Spreading Degree Test

According to the novel definitions of robustness and efficiency, we learn that the end spreading degree is closely but contradictorily related to them. The larger end spreading degree makes the end spreading sequences more robust against network attacks, but meanwhile, makes them less efficient. To describe it intuitively, we fixed the hopping rate at 100 (hops/s) and gained the following results.

In Figure 8b, the efficiency is inversely related to e and tends towards stability to a larger degree, even though the environment gets worse. On the contrary, the accuracy rate (AR, $AR=1-BER$) is getting better with the increase in e and also tends towards stability at the larger e. In other words, we gain great communication quality at the expense of efficiency.

Summary: Based on the evaluation metrics proposed in Section 4, we tested the performance of the CCES scheme, and the results show that the CCES scheme has great non-detectability with appropriate $(n,e)$ pairs and performs well in terms of robustness tests. With the increase in the end spreading degree, efficiency and robustness become steady, which is little-affected by the environment. While our CCES scheme improves synchronization through asynchronization and end spreading, the reliance on distributed nodes for sequence reception may pose scalability challenges in large-scale environments. Furthermore, although our design is robust against delays, decryption across decentralized receivers may require secure key distribution and channel coordination, which we acknowledge as potential areas for future improvement.

6. Conclusions

In this paper, we first introduce a novel network covert channel model based on end spreading in the end hopping system, namely CCES, and then propose a CCES-based scheme. According to the evaluation metrics, we implement experiments to practically verify the performance of the proposed CCES scheme, and the results are inspiring. In recent years, bandwidth is no longer the only public requirement for communication; information transmission security is being paid increasing attention to. As a kind of novel network storage and behavior covert channel with high robustness, CCES could transmit messages covertly and safely under a hostile environment, which provides a new perspective for communication security.

We are currently experimenting with improving the transmission efficiency of CCES, such as the use of data compression and end information multiplexing. Additionally, we also focus on the research of autocorrelation among end spreading sequences, thereby realizing multi-user communications without the need for authentication. Except for end hopping, the application fields of CCES could also be promoted from end hopping to include IPv6, software-defined networks, and so on. In the future, we aim to deploy our system in real-world scenarios to validate its effectiveness and practical value.