Search Results (94)

This paper proposes a novel covert communication paradigm in which covertness emerges from network-induced structural uncertainty, eliminating the traditional reliance on pre-shared secret pilots in multi-user cooperative networks. Unlike conventional schemes that create information asymmetry through secret training sequences, we show that structural uncertainty naturally arises from user selection in spatially dispersed networks. Specifically, we consider a public pilot aided system under a worst-case adversarial assumption where Willie possesses full knowledge of all individual channel state information (CSI) but remains uncertain about the active subset of cooperative users. We prove that this selection-induced structural uncertainty renders different transmission states statistically indistinguishable from Willie’s perspective, thereby forcing the optimal detector to reduce to an energy-based test. The proposed framework demonstrates that robust covertness can be achieved without secrecy-based coordination, providing a scalable and practically viable alternative to secret pilot management in future wireless networks. Full article

Wi-Fi networks used in smart grids are essential for enabling communication between smart meters and data aggregation units. A key challenge, however, is the ability to hide the existence and traffic patterns of these communications, so that sensitive information exchanges cannot be easily detected or intercepted. Unfortunately, most existing solutions do not provide support for traffic prioritization and steganographic channel encryption. In this paper, we propose a novel covert channel with Quality of Service (QoS) and encryption support for smart grid environments based on the IEEE 802.11 standard. We introduce an original steganographic approach that leverages the backoff mechanism, the Enhanced Distributed Channel Access (EDCA) function, frame aggregation, and the StegoPaddingCipher algorithm. This design ensures QoS-aware traffic handling while enhancing security through encryption of the transmitted covert data. The proposed protocol was implemented and evaluated using the ns-3 simulator, where it achieved excellent performance results. The system maintained high efficiency even under heavily saturated network conditions with additional background traffic generated by other nodes. The proposed covert channel offers an innovative and secure method for transmitting substantial volumes of QoS-related data within smart grid environments. Full article

Unmanned aerial vehicles (UAVs) are pivotal for 6G ubiquity, yet their open line-of-sight channels increase vulnerability to interception, posing new challenges for covert communication. This paper proposes a joint optimization scheme for multi-UAV relay-assisted covert communication system with the maximum channel capacity relay selection (MCRS) criterion. Distinct from conventional single-UAV approaches, this scheme uniquely couples UAV geometric positions with the time-varying characteristics of the wireless channels, exploiting spatial diversity from UAV relays to mitigate small-scale fading in dense urban environment, and jointly optimizes the transmit power and UAVs’ altitude. Specifically, we first designed an optimal relay selection strategy and derived analytical expressions for detection error and outage probabilities over altitude-dependent Nakagami-m fading channels. Furthermore, we maximized the effective covert rate by jointly optimizing the UAVs’ hovering altitude and adaptive transmit power of source and relays, subject to covert constraints. Extensive numerical results demonstrate a near-perfect match between the derived theoretical expressions and Monte Carlo simulations and validate the accuracy of our theoretical model. Compared against conventional single-UAV and multi-fixed-altitude UAV benchmark schemes, simulations demonstrate that the joint optimization scheme with relay selection proposed significantly enhances the covert performance of UAV-assisted communication systems. Full article

Physical-layer covert communication is increasingly challenged by powerful detectors that exploit the fine-grained statistical structure of received signals. In realistic Radio Frequency (RF) front ends, signal-dependent impairments such as power amplifier (PA) nonlinearity and In-phase and Quadrature (I/Q) imbalance induce transmitter-specific, non-Gaussian emission statistics under which conventional Gaussian embedding rules cause detectable distribution drift. We propose ResDiff, a two-stage learn-then-embed framework that first trains a symbol-conditional diffusion prior to capture a hardware-consistent emission manifold, then embeds covert information through bounded, variance-adaptive residuals spread over a K-symbol block with coherent block decoding at the legitimate receiver. Simulations under a severe impairment profile in an Additive White Gaussian Noise (AWGN) channel show that ResDiff improves stealthiness while maintaining reliable covert recovery and that increasing K reduces detectability by lowering the per symbol embedding pressure. Overall, the results indicate that hardware-aware generative priors, combined with rate-controlled block embedding, provide a practical path to covert-in-cover-traffic communication under modern detection capabilities. Full article

Data exfiltration poses a major cybersecurity challenge because it involves the unauthorized transfer of sensitive information. Intrusion Detection Systems (IDSs) are vital security controls in identifying such attacks; however, their effectiveness in cloud computing environments remains limited, particularly against covert channels such as Internet Control Message Protocol (ICMP) and Domain Name System (DNS) tunneling. This study compares two widely used IDSs, Snort and Suricata, in a controlled cloud computing environment. The assessment focuses on their ability to detect data exfiltration techniques implemented via ICMP and DNS tunneling, using DNSCat2 and Iodine. We evaluate detection performance using standard classification metrics, including Recall, Precision, Accuracy, and F1-Score. Our experiments were conducted on Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances, where IDS instances monitored simulated exfiltration traffic generated by DNSCat2, Iodine, and Metasploit. Network traffic was mirrored via AWS Virtual Private Cloud (VPC) Traffic Mirroring, with the ELK Stack integrated for centralized logging and visual analysis. The findings indicate that Suricata outperformed Snort in detecting DNS-based exfiltration, underscoring the advantages of multi-threaded architectures for managing high-volume cloud traffic. For DNS tunneling, Suricata achieved 100% detection (recall) for both DNSCat2 and Iodine, whereas Snort achieved 85.7% and 66.7%, respectively. Neither IDS detected ICMP tunneling using Metasploit, with both recording 0% recall. It is worth noting that both IDSs failed to detect ICMP tunneling under default configurations, highlighting the limitations of signature-based detection in isolation. These results emphasize the need to combine signature-based and behavior-based analytics, supported by centralized logging frameworks, to strengthen cloud-based intrusion detection and enhance forensic visibility. Full article

Background: Decoding covert spatial attention (CSA) from dry, low-channel electroencephalography (EEG) is key for gaze-independent brain–computer interfaces (BCIs). Methods: We evaluate, on sixteen participants and three tasks (CSA, motor imagery (MI), Emotion), a four-electrode, subject-wise pipeline combining leak-safe preprocessing, multiresolution wavelets, and a compact Hybrid encoder (CNN-LSTM-MHSA) with robustness-oriented training (noise/shift/channel-dropout and supervised consistency). Results: Online, the Hybrid All-on-Wav achieved 0.695 accuracy with end-to-end latency ~2.03 s per 2.0 s decision window; the pure model inference latency is ≈185 ms on CPU and ≈11 ms on GPU. The same backbone without defenses reached 0.673, a CNN-LSTM 0.612, and a compact CNN 0.578. Offline subject-wise analyses showed a CSA median Δ balanced accuracy (BAcc) of +2.9%p (paired Wilcoxon p = 0.037; N = 16), with usability-aligned improvements (error 0.272 → 0.268; information transfer rate (ITR) 3.120 → 3.240). Effects were smaller for MI and present for Emotion. Conclusions: Even with simple hardware, compact attention-augmented models and training-time defenses support feasible, low-latency left–right CSA control above chance, suitable for embedded or laptop-class deployment. Full article

This article addresses a critical security challenge in Internet of Things (IoT) systems, which are vulnerable to traffic detection attacks due to their reliance on shared wireless communication channels. We propose a novel cooperative covert transmission strategy to enhance the security of IoT communications against these attacks through the implementation of physical-layer security mechanisms. Inspired by zero-forcing precoding techniques, the proposed approach enables cooperation between different IoT devices in the system to increase the likelihood of adversaries making incorrect conclusions about the communication activity of the targeted IoT device. The proposed covert communication strategy complements traditional security measures, provides a scalable solution, and is suitable for resource-constrained IoT environments. The numerical results in this article demonstrate significant improvements in protecting communications against traffic detection attacks, which contributes to the overall security and privacy of IoT systems. Full article

Network covert channels embed secret data into legitimate traffic, but existing methods struggle to balance undetectability, robustness, and throughput. Application-independent channels at lower protocol layers are easily normalized or disrupted by network noise, while application-dependent streaming schemes rely on handcrafted traffic manipulations that fail to preserve the spatio-temporal dynamics of real encrypted flows and thus remain detectable by modern machine learning (ML)-based classifiers. Meanwhile, with the rapid adoption of HTTP/3, Quick UDP Internet Connections (QUIC) has become the dominant transport for streaming services, offering stable long-lived flows with rich spatio-temporal structure that create new opportunities for constructing resilient covert channels. In this paper, a QUIC streaming-based Covert Channel framework, QuicCC-SMD, is proposed that dynamically Shapes Multi-Dimensional traffic features to identify and exploit redundancy spaces for secret data embedding. QuicCC-SMD models the statistical and temporal dependencies of QUIC flows via Markov chain-based state representations and employs convex optimization to derive an optimal deformation matrix that maps source traffic to legitimate target distributions. Guided by this matrix, a packet-level modulation performs through packet padding, insertion, and delay operations under a periodic online optimization strategy. Evaluations on a real-world HTTP/3 over QUIC (HTTP/3-QUIC) dataset containing 18,000 samples across four video resolutions demonstrate that QuicCC-SMD achieves an average F1 score of 56% at a 1.5% embedding rate, improving detection resistance by at least 7% compared with three representative baselines. Full article

Speculative execution attacks significantly compromise the security of modern processors by enabling information leakage. These well-known attacks exploit speculative cache-based covert channels to effectively exfiltrate secret data by altering cache states. Existing hardware defenses specifically designed to prevent cache-based covert channels are effective at blocking explicit channels. However, their protection against implicit attack variants remains limited, since these hardware defenses do not fully eliminate secret-dependent microarchitectural changes in caches. In this paper, we propose TrackRISC, a framework which comprises (i) a refined implicit attack flow model specifically for the exploration and analysis of implicit cache-based speculative execution attacks which severely compromise the security of existing hardware defenses, and (ii) a security-enhanced tracking and mitigation microarchitecture, termed TrackRISC-Defense, designed to mitigate both implicit and explicit attack variants that use speculative cache-based covert channels. To obtain realistic hardware evaluation results, we implement and evaluate both TrackRISC-Defense and a representative existing defense on top of the Berkeley’s out-of-order RISC-V processor core (SonicBOOM) using the VCU118 FPGA platform running Linux. Compared to the representative existing defense which incurs a performance overhead of 13.8%, TrackRISC-Defense ensures stronger security guarantees with a performance overhead of 19.4%. In addition, TrackRISC-Defense can mitigate both explicit and implicit speculative cache-based covert channels with a register-based hardware resource overhead of 0.4%. Full article

Covert channels enable hidden communication that poses significant security risks, particularly when smartphones are used as transmitters. This paper presents the first end-to-end implementation and evaluation of an electromagnetic (EM) covert channel on modern Samsung Galaxy S21, S22, and S23 smartphones (Samsung Electronics Co., Ltd., Suwon, Republic of Korea). We first demonstrate that a previously proposed method relying on zero-volume playback is no longer effective on these devices. Through a detailed analysis of EM emissions in the 0.1–2.5 MHz range, we discovered that consistent, volume-independent signals can be generated by exploiting the hardware’s recovery delay after silent audio playback. Based on these findings, we developed a complete system comprising a stealthy Android application for transmission, a time-based modulation scheme, and a demodulation technique designed around the characteristics of the generated signals to ensure reliable reception. The channel’s reliability and robustness were validated through evaluations of modulation time, probe distance, and message length. Experimental results show that the maximum error-free bit rate (bits per second, bps) reached 0.558 bps on Galaxy S21 and 0.772 bps on Galaxy S22 and Galaxy S23. Reliable communication was feasible up to 0.5 cm with a near-field probe, and a low alignment-aware bit error rate (BER) was maintained even for 100-byte messages. This work establishes a practical threat, and we conclude by proposing countermeasures to mitigate this vulnerability. Full article

Deep neural networks (DNNs) excel in image classification but are vulnerable to backdoor attacks due to reliance on external training data, where specific markers trigger preset misclassifications. Existing attack techniques have an obvious trade-off between the effectiveness of the triggers and the stealthiness, which limits their practical application. For this purpose, in this paper, we develop a method—chromatic channel-based implicit backdoor attack (CCIBA), which combines a discrete wavelet transform (DWT) and singular value decomposition (SVD) to embed triggers in the frequency domain through the chromaticity properties of the YUV color space. Experimental validation on different image datasets shows that compared to existing methods, CCIBA can achieve a higher attack success rate without a large impact on the normal classification ability of the model, and its good stealthiness is verified by manual detection as well as different experimental metrics. It successfully circumvents existing defense methods in terms of sustainability. Overall, CCIBA strikes a balance between covertness, effectiveness, robustness and sustainability. Full article

Linguistic steganography can be utilized to establish covert communication channels on social media platforms, thus facilitating the dissemination of illegal messages, seriously compromising cyberspace security. Synonym substitution-based linguistic steganography methods have garnered considerable attention due to their simplicity and strong imperceptibility. Existing linguistic steganalysis methods have not achieved excellent detection performance for the aforementioned type of linguistic steganography. In this paper, based on the idea of focusing on accumulated differences, we propose a two-stage synonym substitution-based linguistic steganalysis method that does not require a synonym database and can effectively detect texts with very low embedding rates. Experimental results demonstrate that this method achieves an average detection accuracy 2.4% higher than the comparative method. Full article

The covert nature of DNS covert channels makes them a widely utilized method for data exfiltration by malicious attackers. In response to this challenge, the present study proposes a detection methodology for DNS covert channels that employs a Deep Boltzmann Machine with Enhanced Security (DBM-ENSec). This approach entails the creation of a dataset through the collection of malicious traffic associated with various DNS covert channel attacks. Time-dependent grouping features are excluded, and feature optimization is conducted on individual traffic data through feature selection and normalization to minimize redundancy, enhancing the differentiation and stability of the features. The result of this process is the extraction of 23-dimensional features for each DNS packet. The extracted features are converted to gray scale images to improve the interpretability of the model and then fed into an improved Deep Boltzmann Machine for further optimization. The optimized features are then processed by an ensemble of classifiers (including Random Forest, XGBoost, LightGBM, and CatBoost) for detection purposes. Experimental results show that the proposed method achieves 99.92% accuracy in detecting DNS covert channels, with a validation accuracy of up to 98.52% on publicly available datasets. Full article

Modern x86 processors incorporate performance-enhancing features such as prefetching mechanisms, cache coherence protocols, and support for large memory pages (e.g., 2 MB huge pages). While these architectural innovations aim to reduce memory access latency, boost throughput, and maintain cache consistency across cores, they can also expose subtle microarchitectural side channels that adversaries may exploit. This study investigates how the combination of prefetching techniques and huge pages can significantly enhance the throughput and accuracy of covert channels in controlled computing environments. Building on prior work that examined the impact of the MESI cache coherence protocol using single-cache-line access without huge pages, our approach expands the attack surface by simultaneously accessing multiple cache lines across all 512 L1 lines under a 2 MB huge page configuration. As a result, our 9-bit covert channel achieves a peak throughput of 4940 KB/s—substantially exceeding previously reported benchmarks. We further validate our channel on AMD SEV-SNP virtual machines, achieving up to an 88% decoding accuracy using write-access encoding with 2 MB huge pages, demonstrating feasibility even under TEE-enforced virtualization environments. These findings highlight the need for careful consideration and evaluation of the security implications of common performance optimizations with respect to their side-channel potential. Full article

The massive use of end information in the end hopping system not only significantly improves the proactive defense capability but also reveals great potential for covert communication. However, the development of existing network covert channels is hindered by various elimination techniques and a lack of robustness guarantees. In this paper, we first present a novel network covert channel model based on end spreading (CCES) in the end hopping system. We then propose a CCES-based scheme using m-sequence in the hypothetical scenario and theoretically analyze its characteristics, including eavesdropping resistance, loss tolerance, and robust synchronization. To evaluate the performance of the CCES scheme, three evaluation metrics are adopted: non-detectability, robustness, and transmission efficiency. Experimental results show that CCES achieves a bit error rate (BER) below 5% under 30% packet loss, entropy values ranging from 0.15 to 0.82 (comparable to normal traffic), and a transmission efficiency of up to 800 bits per second. These results confirm the CCES scheme’s strong robustness and practical applicability, outperforming traditional covert channels in both reliability and stealth. Full article