DYST ( Did You See That? ): An Amplified Covert Channel That Points To Previously Seen Data

—Covert channels are stealthy communication channels that enable manifold adversary and legitimate scenarios, ranging from stealthy malware communications to the exchange of confidential information by journalists. We present DYST, which represents a new class of covert channels we call history covert channels jointly with the new paradigm of covert channel amplification . All covert channels described until now need to craft seemingly legitimate flows or need to modify third-party flows, mimicking unsuspicious behavior. In contrast, history covert channels can communicate by pointing to unaltered legitimate traffic created by regular network nodes. Only a negligible fraction of the covert communication process requires the transfer of actual covert channel information by the covert channel’s sender. This information can be sent through different protocols/channels. This allows an amplification of the covert channel’s message size, i.e., minimizing the fraction of actually transferred secret data by a covert channel’s sender in relation to the overall secret data being exchanged. Further, we extend the current taxonomy for covert channels to show how history channels can be categorized. We describe multiple scenarios in which history covert channels can be realized, analyze the characteristics of these channels, and show how their configuration can be optimized.


I. INTRODUCTION
This is a pre-print.The final version of this paper was published by IEEE Transactions on Dependable and Secure Computing (TDSC) and is available here (open access): https://doi.org/10.1109/TDSC.2024.3410679C OVERT channels are policy-breaking and stealthy com- munication channels that are not foreseen in a system's design [1]- [3].Such channels are regularly used to transfer secret information, e.g., for the purpose of data exfiltration or malware communications [4]- [7].However, covert channels can also be applied for censorship circumvention, e.g., by journalists [4], [8].Covert channels have been investigated for different environments, including networks [4], [9], [10], cyber-physical systems [11]- [14], local processes/systems [15]- [17] and in out-of-band scenarios, such as sound, light, vibration, radio-frequency, magnetic fields or temperature [5], [18]- [22].Similarly to covert channels, some physical-layer security (PLS) methods also aim at providing confidential communication, e.g., through introduction of friendly jamming/noise [23], [24].Covert channel signals also aim to hide within noise.The core difference to PLS is that an adversary is explicitly assumed to be aware of the artificial noise, while a covert channel aims to prevent that the presence of a secret communication is perceptible to the adversary.
All known covert channels embed secret messages into flows.Since their first appearance in the 1970s [1], authors have performed one of two embedding actions: (1) they either relied on the creation of own traffic (so-called active sending), into which they embed the secret data; or (2) they modified legitimate traffic (or its characteristics) transmitted by thirdparty nodes to embed the secret data (called passive sending).In both cases, the embedding of secret information renders a channel slightly detectable.This aspect is the central limitation of all previously known covert channels.
To amend this limitation, it would need a covert channel that (at least partially) transfers secret data through unmodified legitimate traffic generated by third-party nodes.In other words, it would require the covert channel's sender to craft only a small fraction of the secret traffic (or modify only a small fraction of third-party traffic) while taking advantage of traffic it neither generates nor modifies.
In this paper, we present a new covert channel called DYST (Did You See That?) that fulfills this criterion for the first time since Lampson founded this research area in 1973.In particular, our contributions are as follows: 1) Novel Class of Covert Channels and Concept of Covert Channel Amplification: We introduce history covert channels.These covert channels advance over state-of-the-art as they do not modify existing traffic and generate only minimal covert channel traffic.This traffic is solely used for informing (signaling) a receiver that a secret message appears, while no own data traffic (represents the actual secret message) is transferred.This is used to amplify the size of the secret message, i.e., the signal is smaller than the actual secret message and thus more challenging to detect.2) Scenario Provision: We provide multiple scenarios for local network and remote communications to show where the application of history covert channels can be beneficial.In particular, we show that history covert channels can be applied in highly constrained environments, where arXiv:2212.11850v4[cs.CR] 7 Jun 2024 a covert sender is incapable of creating any new/modifying any existing traffic and is thus only allowed to send packets with pre-defined content.These features render history channels challenging to detect.3) Taxonomy Extension: We extend the existing taxonomy for network covert channels with a new category called fully-passive sending to reflect all components of this new class of covert channels.4) Functionality Description for Multiple Methods: As history covert channels comprise a whole family of variants, we provide a description of their functionality using different variants called DYST-Basic (for local networks), DYST-Ext (also for local networks), DYST-Remote-Smarthome (for local-to-remote connections) and DYST-Remote-RTCP (for local-to-remote connections).5) Theoretical Analysis: We conduct a theoretical analysis of the performance and optimization of DYST.6) Implementation: We describe several ways to implement a history covert channel in a network environment.As an example, we provide the first implementations of such a channel for DYST-Basic and DYST-Ext.Our implementations contain a data channel that requires no own or modified traffic and a signal channel that consists solely of rarely sent packets with legitimate content (representing only 1 covert bit).7) Evaluation: Using both local network implementations, we evaluate DYST's robustness, detectability, and optimization under different settings and show that DYST-Basic and DYST-Ext allow the transfer of variable secret data bits through only 1 covert signaling bit, which state-of-the-art covert channels do not achieve.We further simulate a remote version of DYST-Basic called DYST-Remote-Smarthome to show the feasibility of history channels outside of local networks as well as a throughput-enhanced multi-pointer variant.The remainder of this paper is structured as follows.Sect.II provides background information and discusses related work while Sect.III presents the functioning as well as the theoretical description and optimization of DYST.We describe our experimental testbed and the evaluation of DYST in local networks in Sect.IV.Next, we conduct a feasibility-analysis of a remote scenario for DYST in Sect.V and discuss a performance optimization in Sect.VI.A discussion is provided through Sect.VII.Finally, Sect.VIII concludes.The electronic supplement covers additional optimization aspects of DYST.

II. BACKGROUND & RELATED WORK
Covert Channels: A Covert Channel exchanges information in a stealthy manner between a covert sender (CS) and one or more covert receiver(s) (CR).A covert channel is one that is not foreseen in a system's design [1] and relies on the concept of policy-breaking communication [2].If the covert information can be received by more than one CR, the communication can be considered as a multicast or even broadcast covert channel.In computer networks, the covert channel nests into a network protocol, e.g., by manipulating bits of a packet header or by adjusting the delays between successive network packets.Similar to covert channels, some physicallayer security methods utilize nearby network nodes' emitted (artificial) noise [23], and steganography tools typically aim to hide within noise, which also applies to DYST's signaling channel (but not its data channel).
In [25]- [27], Cabuk et al. propose the idea of an advanced version of a covert channel based on delays between packets: the covert channel transmits the hidden data by modulating the delays between consecutive network packets.The advanced version of their covert channel mixes covert transmissions with sections of real, legitimate network traffic.This helps to skew the statistics and makes the detection of the covert channel harder.The difference to our approach is that Cabuk et al. use sections of legitimate traffic solely to introduce noise into the actual covert channel signal.The legitimate traffic carries no hidden information at all.
Several additional methods work similarly to the one of Cabuk et al.For instance, JitterBug by Shah and Molina [28] adds random delays to legitimate Telnet traffic.Walls et al. proposed Liquid [29], an extension of JitterBug, in which they split the channel into "transmitting" and "shaping" delays (shaping delays carry no information but manipulate the statistics of traffic).Similarly, Gianvecchio et al. [30] tailor traffic automatically based on the statistical characteristics of legitimate traffic.In all these cases, artificial modifications are performed to transfer secret information, even if based on legitimate traffic, which is the key difference to DYST.
There are also approaches that work on a more abstract level.Yarochkin et al. [31] proposed the so-called network environment learning phase.This approach was used solely to determine which protocols occur regularly in a network to succeedingly exploit only these protocols for covert communication.No work is known that exploits legitimate traffic for a covert channel.Moreover, the covert channel of Yarochkin et al. did not split the covert channel's control channel from its data channel as we do.
Image steganography uses a variant called cover selection, where a database of images is used, a hash function is applied to each image, and if the secret message matches the hash value, the image is sent by the covert sender [32].Several methods have been proposed to conduct or optimize the cover selection process, e.g., [33]- [38].Similarly, coverless image steganography utilizes a database of image patches to (partially) reconstruct an original secret message using image patches, see, e.g., [39] and [40].In contrast to cover selection and coverless image steganography, our method operates in a network and it relies on network traffic that is transmitted anyway, i.e., independent of the steganographers, and only uses signals, e.g., ARP or RTCP requests, instead of generating extra traffic such as images, even if those images are innocent.
The Address Resolution Protocol (ARP) is used to associate a link layer address, e.g., MAC (Medium Access Control) address to an IPv4 address, and to this end uses request and reply packets on the link layer.ARP had been utilized in [41] to implement a local covert channel by encoding covert information into the target IP field of an ARP request, sending the request directly to the covert receiver.Another approach utilizing ARP for covert communication had been described in [42], wherein ARP requests are exploited to store covert information within ARP tables of uninvolved intermediary third-party nodes.The covert information have to be fetched by the covert receiver utilizing SNMP.The Real-Time Protocol (RTP) and the Real-Time Control Protocol (RTCP) are used for media streaming.We use these protocols for our PoC remote scenario.These protocols had been exploited in [43]- [45] for covert communication.In [43] , the authors utilized various ways to directly send covert information to a covert receiver by crafting and manipulating RTP traffic.The techniques include beside others the manipulation of timing behavior, and embedding information in the padding, the extension, and the sequence number field.In [44], the jitter field is manipulated for directly sending information to the covert receiver, and in [45], the authors significantly improve RTP and RTCP based timing channels.While all these covert channels had been implemented with ARP or RTP/RTCP, every former implementation had to craft or manipulate packets of these protocols to transport covert information to covert receivers.The approach described in our paper significant differs from these former implementations as there is no need to craft a packet carrying the covert data to transmit to the covert receiver, as legitimate packets carry the covert, but still legitimate information that are solely signalled to be part of a secret message.
There is one method that actually splits the control channel from the data channel: as shown by Wendzel and Keller in [46], several covert channels propose to utilize internal control protocols.Therefore, a covert channel is nested into the utilizable bit areas of a network packet.Some of the utilizable bits are used for the control protocol, while others are used for the data channel.However, that approach has a major limitation compared to ours as both, the control and the data channel, reside in the same packet and modify legitimate packets or craft new packets instead of exploiting solely unaltered legitimate traffic for the data channel.
Finally, there is one proposal by Caviglione et al. from botnet research that works by waiting for a pre-defined network packet sequence [47].If the sequence occurs, the botnet nodes would perform a certain action.The idea was solely described on a conceptual level and was not implemented by the authors.Further, their concept did not involve the option to influence which secret message is transferred, which makes it fundamentally different from our history channels.
HICCUPS [48] points to data within a network packet.Therefore, a sender corrupts a frame checksum, which indicates the presence of a secret message in the frame's payload.HICCUPS is tied to LAN environments and the frame-level.It further does not point to historic data but solely places the pointer and the secret data inside the packet (instead of finding matching third-party data).Thus, HICCUPS is not a history covert channel and provides no amplification.
Network Covert Channel Detection: Several detection methods for covert channels have been proposed throughout the years.Popular ones are, e.g., compressibility score [26], ϵsimilarity [27], regularity metric [27], a method from Berk et al. [49], as well as classical methods, such as Kullback-Leibler divergence test [50], Kolmogorov-Smirnov [50] or entropy-based analyses [10].All of these methods require at least a few hundred covert channel packets to provide somehow reliable detection of covert channel flows.In contrast, history channels send few signaling packets per time, resulting in only a minimal influence on a flow while the data flow of history channels is entirely legitimate and thus indistinguishable.We evaluate two common detection methods on DYST in Sect.IV.

III. THE HISTORY COVERT CHANNEL METHOD
In this section, we first discuss the requirements of our history covert channel, followed by a description of the detailed functionality of DYST.Further, we explain the chosen parameters for DYST, including the optimization, and finally extend the existing taxonomy of active and passive covert channels.
Definition 1.A history covert channel is one that points to already existing (live or stored) data that matches a secret message instead of sending a secret message itself.The only covertly transferred information is the pointer.■ Data, such as packets, that do not match a secret message, are not processed further by a covert sender, i.e., no pointer will refer to these.Note that pointers may be considered as a modification of third-party or a crafting of own traffic.However, the content that is pointed to is legitimate.Sending small-bit pointers to secret data with more bits thus minimizes the fraction of covert traffic to be sent/modified in comparison to covert data transferred overall, which we believe is a key novelty in this domain.This means that history covert channels perform a form of covert message size amplification.We call the size-increasing factor for the covert message the covert amplification factor (CAF).The functioning of a history covert channels that uses legitimate broadcasts as a data channel is visualized in Fig. 1.Note that non-broadcast data channels can be used too, which we will detail for remote scenarios in Sect.III-A.
Common Network (passively monitored by CS and CR): legitimate nodes broadcast here.The broadcasts are used as the covert channel's data channel (by pointing to it through the signal channel).

Legitimate Nodes
(generating traffic for the data ch.)Fig. 1.General functioning of a history covert channel that uses broadcasting.The amplification is achieved by sending small pointers that refer to larger data pieces (e.g., packets or their hash values) of the data channel.
Note.We chose the specific proof-of-concept (PoC) implementation discussed in the remainder to simplify experiments and explanations.We note, however, that history covert channels are not restricted to local networks and more variants are possible, cf.Sect.VII.

A. Threat Model and Requirements
We assume that it is beneficial for a CS to send as few secret information bits to a CR as feasible.In particular, we consider a scenario where only legitimate-content messages (e.g., regular ARP broadcasts with their unaltered content) are allowed to be sent from CS to CR, and that only the timing of these legitimate-content messages is used as a referrer to some third-party packets containing the actual secret content.Thus, we assume a hybrid covert channel, split into a signaling channel (from CS to CR) and a data channel (traffic of third party nodes) that both contain solely legitimate content (see Fig. 1).Our channel does not match any of the recent patterns of indirect covert channels found in [51].Several scenarios are imaginable where using such a covert channel would be beneficial: Local scenario 1/1 (DYST-Basic and DYST-Ext): Highly constraint LAN environments, where a CS cannot freely craft the content of network packets at will due to a filter and can barely manipulate the timing of some legitimate messages.This scenario is shown in Fig. 2  (alternatively on a router or on the path to the destination) and where CR would be located down-path outside the LAN, e.g., in the public Internet, close to the destination or residing directly at the destination.In other words, CR must have direct access to the traffic sent by the legitimate sender.This scenario is shown in Fig. 3.Note that no broadcast traffic could be used in this scenario as it would not reach the CR.Therefore, CS needs to wait for regular unidirectional (or multicast) messages (step 1a) from the legitimate sender to a destination where the traffic passes CR or where CR is the destination.As in the local scenario, CR records all recent packets of interest (PoI) in a local database (step 1b).Afterward, CS needs to send some unprohibited signaling packet observable by CR (step 2a), such as a whitelisted (i.e., not filtered) DNS or HTTP request.For instance, if CR is a web service that has the current news or the current canteen menu on its webpages, then CS could time the specific allowed request to CR. 1 Alternatively, if CS is not allowed to send packets to CR directly, CS might send data to a third-party node observed by CR.For instance, CS and CR could use a network entity, e.g., a feed where CS is allowed to "like" postings (but not posting any content) so that the timestamp of a like is observable by CR to establish the signal channel.Finally, CR interprets the last observed packet's secret content (step 2b) to extract the secret message.Remote scenario 2/2: Censorship circumvention using RTCP (DYST-Remote-RTCP).This scenario is a special form of remote scenario 1 and added solely to underpin the existence of this option.This scenario is called DYST-Remote-RTCP and can be imagined in settings where sender and receiver can establish a communication which includes at least a partial time synchronization, e.g., a media communication via RTP in conjunction with RTCP [52].The PoI comprise the media traffic itself which is transported via RTP.A time synchronization is achieved via Sender Reports (SR) in RTCP which are regular messages that include a Network-Time Protocol (NTP) timestamp and counters for how much traffic has been sent in the last period.Pointers are signalled within such SR.CS and CR listen for traffic on both protocols, and CR records from RTP (which hosts the majority of data traffic) all PoI of the time interval since the last SR.CS only needs to signal within such an SR if a suitable piece of information has been sent within a PoI since the last SR.The pointer to this information may consist of an offset, or may be a part of the information itself that is sufficient to uniquely identify the information within all PoI since the last SR.Thus, the history channel at least reduces the fraction of secret bits that the covert sender needs to transfer explicitly through such a covert channel in contrast to a covert channel that uses RTCP alone (cf., e.g., [53]), and still has no need to modify traffic in RTP protocol itself.
Environment Characteristics for History Covert Channel: DYST relies on some characteristics of the environment in which CS and CR operate: 1) CS and CR must be able to observe some messages which they both receive (almost) at the same time.There are different options to achieve that: i) CS and CR could read broadcast messages in a local WiFi network that both of them receive; ii) CS and CR could only evaluate messages that pass through the routing path of CS and CR (e.g., when both act as routers); iii) CS and CR are members of a multicast-group, receiving frequent updates (for instance IGMP, like exploited for an active indirect covert channel in [54]).In any case, CR must be able to store information about the recently received packets in a local database (older packets can be discarded from the database); 2) To assign the same secret data to observed packets, CS and CR need to utilize the same procedure.This means that they need to read the same input parameters (i.e., which packets and which header and body fields of these packets, timestamps, and so forth are used) of the network traffic and also calculate the same function over these data (e.g., a hash can then represent secret data); 3) Moreover, CS must be able to send the signal so that it is observable by CR in a timely manner, e.g., CS might be able to send a legitimate ARP (or, e.g., DHCP, ICMPv6) broadcast to the local WiFi network or a remote message.While it is not within our scope, CS might alternatively use some an out-of-band covert channel [5] to signal CR.
Optionally, CS and CR may even reside on two existing legitimate nodes as there is no need for CS and CR to utilize their own dedicated nodes.The above-mentioned conditions can also be fulfilled outside the scope of networks.
Adversary Capabilities: We assume that the adversary

B. Functioning of DYST
In this section, we primarily describe two essential variants of DYST: first, we explain DYST-Basic, a simple variant where all bits of an observed hash need to match the chunk of the covert message.Second, we will describe DYST-Ext, which is an extended variant capable of transferring correct information, though the hashes are not matching perfectly.This approach creates more variants to choose from in the tradeoff between steganographic bandwidth and detectability.Further, we describe derivatives of DYST-Basic: DYST-Remote-Smarthome and DYST-Remote-RTCP for the remote scenarios 1 and 2 (matching Fig. 3).Note that an overview of the notations used in this paper is given by Tab.I. Further, Tab.II summarizes how each DYST variant is handled in this paper.
1) DYST-Basic: For DYST-Basic, the following steps must be performed continuously until a whole message is transferred (see Fig. 4): 1) CS and CR both record legitimate traffic with their network interfaces connected to a shared network.2) For each packet of interest p i that both CS and CR can observe (e.g., broadcast messages), they apply a hash function H() to the input values they have agreed on, to generate a hash value h i = H(p i ) of length h.CS and CR can exchange a secret message in a bidirectional manner.In the remainder, we describe the sending process from CS to CR.However, CR can simultaneously operate as a CS and CS as a CR to send/receive data.
The sending process can be described as follows (see Fig. 4) and requires that each secret message M to be sent has the length h.To transfer a secret message of length k • h, k ∈ N, k ≥ 2, the message must be split into k fragments and the sending process must be performed successively for each of the k fragments.
1) To signal a secret message of length h, CS waits for a packet of interest p i with a hash value h i = H(p i ) which equals M .2) After the CS observed such a packet, it sends a signal to CS.In our example, we use legitimate ARP requests with which CS asks for the address of some legitimate node (e.g., a router) in the network.DYST's example ARP request can be replaced by any other seemingly legitimate unicast, broadcast, multicast, or anycast message, observable by the CR.Other possibilities for signals are discussed in Subsections III-B3 and III-B4.Finally, the receiving process is conducted as follows: 1) CR interprets the occurrence of the signal message from CS as a prompt that the expected message can be observed in the data channel.2) CR interprets the hash value of the previous packet of interest that represents the covert message.Obviously, the channel is noisy and requires error detecting (and correcting) bits or mechanisms to ensure a robust transmission of the correct information.
Moreover, CS reaches multiple CR simultaneously, if desired, rendering the channel a multicast or broadcast covert channel.
The major advantage of such a history covert channel's sending procedure is that CS needs to send only one bit of covert information (represented by the existence of the signal message, e.g., an ARP request or RTCP packet) to transfer h bits of secret content, i.e., the CAF for the covert message's size is h (or a fraction of h if more than one signaling bit must be sent).DYST modifies the inter-packet gaps by introducing signal messages, while existing timing channels modify timing of existing packets to transmit a bit of the secret message.We will treat this in more detail when analyzing detectability, cf.Sect.IV-E.
Assuming that each of the 2 h possible hash values is equally likely, then on average an exact match between secret message M and hash value h i will be achieved after 2 h packets.If an exact match is not required but up to t bits can be wrong, i.e. the hamming distance between secret message M and hash value h i can be at most t, then the chance of such a partial match would increase by a factor t i=0 h i .To enable the CR to still decode the message correctly, the message would have to be encoded with an error-correction code that allows correction of up to t bit errors.This means that only h − c bits are available for the secret message itself and the remaining c bits are used for the error-correction bits [55].
For a binary block code, we have c > 2t as c = 2t is a bound achieved by maximum distance separable (MDS) codes, which however only exist in trivial form for binary 2 codes [56, Prop.9.2].Furthermore, besides a strong restriction on the number of message bits (the larger c, the smaller h − c), only some combinations of h, c, and t are available for applicable code families such as binary Bose-Chaudhuri-Hocquenghem (BCH) code, see e.g.[55, App.A].Our initial investigations revealed that error-correction codes only in some cases match the performance (in terms of bandwidth and average signal distance) of DYST-Basic, and mostly perform worse.Yet we carried over the idea of using partial matches to using checksums instead of error-correction codes, creating an extended version of DYST.
2) DYST-Ext: The functionality of DYST-Ext works similarly to DYST-Basic, but the secret message M now only comprises h − c bits (this reduces the CAF by c bits in comparison to DYST-Basic), and is concatenated by CS with a c-bit checksum to an encoded message M of length h.When comparing M with h i , CS allows up to t non-matching bits.Thus, the advantage of DYST-Ext comes from the fact that it can utilize a larger fraction of observed messages, leading to a shorter waiting time for fitting packets.
CR, upon receiving a signal (such as an ARP request) indicating a secret message transfer, again picks up the latest hash value h i from the hash database.It then tries out all possibilities to flip up to t bits in h i , until the checksum of the first h − c bits in the modified h i matches the last c bits in modified h i (called a hit) for the first time.CR accepts the first h − c bits as secret message M . 2 Using non-binary codes decreases match probabilities further and thus is no option, either.CS knows the order in which CR will apply modifications to the hash value h i .Thus, CS can check if the first hit really will produce the message M .CS will only send an ARP request as a signal for CR if at most t bits of h i and M do not match and the first hit found by CR will produce M .So, not all t bits matching packets can be utilized for this approach.
Fig. 5 illustrates the working of DYST-Ext.Formally, if C : {0, 1} * → {0, 1} c is the checksum function, and d(x, y) is the hamming distance between two bitvectors x and y of equal length, CS first checks if If so, CS enumerates the set in a pre-defined order, i.e., it generates a sequence of distinct bitvectors x (1) , x (2) , . . .that together form S hi .Let extmsg(x) be a function to extract the first h − c bits from a bitvector of length h, while extchksm(x) extracts the last c bits.For j = 1, 2, . . ., and stops with the first hit at index j * .If then CS sends an ARP request.Upon receiving such an ARP request, CR looks up h i , and also enumerates S hi according to Eq. ( 2), does the computations from Eq. ( 3) and stores secret message M according to Eq. ( 4).
Please note that both DYST-Basic and DYST-Ext are families of variants, because they are parameterized in H and h, c, t, respectively.).In the hash value h i with h = 5 bits, only t = 1 bit do not match (step 2).CS thus checks all modifications of the hash value until a hit between the reconstructed message and reconstructed checksum occurs (steps 3 to 5, flipped bits marked by dashed circles, order of bit flips: right to left).As the reconstructed message equals message chunk M (step 6), CS will send an ARP request to CR. CR will perform the same computation and reconstructs M .For message chunk M = 110 (same checksum), the same fit would apply but not reconstruct M , and no ARP is sent.
3) DYST-Remote-Smarthome: In case of DYST-Remote-Smarthome, the same considerations apply as for DYST-Basic with the exception that no local broadcasts are considered as PoIs and no ARP broadcasts are sent as signal packets.Instead, PoIs are solely such messages that can be observed by both, CS and CR, i.e., both must be on the path of a third-party packet.Further, signal packets can be any legitimate packets generated by CS that pass CR directly (e.g., if CR is a router) or that can be inferred by CR (e.g., because CS pulls a Git code repository while CR can monitor such pulls).
4) DYST-Remote-RTCP: Finally, we like to highlight the imagined scenario for a censorship circumventing channel that uses RTP/RTCP.This is another approach to transform DYST-Basic into a remote scenario.It can be realized via a media communication, where CS only signals if the first PoI in the time interval since the last SR is the one that serves as the actual secret message.Alternatively, CS might include a short index which of the PoIs in the time interval is the one to be used as the actual secret message.Assume for example that the complete communication on RTP is split into pieces of length 2h bits each, and the PoIs are comprised of the h-bit hash values of those pieces.For a data rate of r bits per second and an SR interval of t seconds (usually 5 seconds [52]), there are T = rt/(2h) PoIs of h bits each.To uniquely describe the intended PoI, log 2 T bits are necessary.Thus, to really save bandwidth compared to a direct covert channel of h bits, we require log 2 T ≪ h.Given r and t, a suitable value for h can be determined.

C. Parameter Choice
This section explains the optimization of DYST-Basic and -Ext.Since DYST-Remote-Smarthome and DYST-Remote-RTCP are solely deviations of DYST-Basic, their optimization is not detailed separately.
1) DYST-Basic: We first consider the situation of DYST-Basic, where CS signals to CR if the hash value of a network packet matches the secret message exactly.If the hash function H has optimal properties, each bit of the hash value has a value of 0 or 1 with probability 50%, respectively.The probability that h i equals a given secret message M then is 2 −h , as all bits of the hash value can be considered independent.As the hash values of the different packets can be considered uniformly distributed and independent, the number of packets until a match between hash value and secret message occurs follows a geometric distribution with success probability 2 −h , i.e., with expectation 2 h .
2) Pareto-optimal variants: A covert channel such as DYST-Basic can be characterized by two properties: the distance, i.e., the average number of observed packets between two signal messages, which will influence detectability, and the steganographic bandwidth, i.e., the number of secret message bits transmittted via one signal message in relation to the distance.Thus, DYST-Basic with parameter h is a family of covert channels with distance dist basic (h) = 2 h and bandwidth bw basic (h) = h/2 h .The unit of distance is number of packets of interest, while the unit of bandwidth is number of bits of the secret message per packet of interest.By multiplying the bandwidth with the number of packets of interest per hour in a particular scenario, cf.Sect.IV-B, an absolute bandwidth is obtained in number of bits of the secret message transported per hour.Similarly, distance must be divided by the frequency of PoI to obtain an absolute distance between signal messages measured in hours.
We would like to maximize both: signaling distances because there is a threat of detectability when signal messages such as ARP requests occur too often, and bandwidth to increase applicability. 3 Yet, increasing distance will reduce bandwidth and vice versa.
Hence, to achieve an optimal compromise between the two parameters, we search for a Pareto front, i.e., a set of nondominated variants 4 .Alternatively, we impose a constraint on one parameter and search the optimal value of the other parameter, i.e., we cut the Pareto front with a vertical or horizontal line into two halves, and search the point on the front closest to the border (in the "allowable" half).It is obvious that variants of DYST-Basic with different values for h do not dominate each other, as improving one parameter makes the other worse.
3) DYST-Ext: In DYST-Ext, only h − t or more bits of the hash value must match the encoded message, comprised of message chunk and checksum.The number of matching bits is a random variable X that is binomial distributed with h trials and success probability 0.5, and thus the probability that at most t of the h bits do not match is CS and CR must try out possible modifications of the hash value.For each, the chance that the checksum of the message part of such a modified hash value equals the checksum part of the modified hash value, i.e., the chance that Eq. ( 3) is fulfilled, is 2 −c .Thus, the number of trials until a fit will occur is geometrically distributed with parameter 2 −c , yet with a limited range of T h,t trials.The chance that the true message has the first fit thus is As both events (at most t non-matching bits, secret message chunk is re-constructed in first fit) can be considered independent, the chance that a message transfer can be signaled by a signal message is their product, Taking Eq. ( 6) into account, we see that this product is approaching 2 h−c , the probability of a signal in DYST-Basic with a message of length h − c, yet the additional solutions can still be non-dominated.As the product probability is independent of the particular hash value, the number of packets until a signal occurs is again geometrically distributed, with the expectation and the covert channel has a bandwidth as h−c bits of the secret message can be decoded by CR with each signal.4) Pareto Front: We have computed distance and bandwidth for DYST-Basic with h = 14, . . ., 20 and for DYST-Ext with h − c = 14, . . ., 18, c = 6, . . ., 10 and t = 1, . . ., 5, both analytically, and supported by simulations of 5 • 10 7 hash values, where we counted how often CS signals in each variant considered.The hash values in simulations were generated by successively encrypting a 128-bit value with AES and a fixed 128-bit key, starting with value 0 and using the first h bit of the value as hash value.We used three different checksum functions in simulations (we only use first c bits of longer results): SHA-3, CRC8, and a handcrafted function that cuts the encoded message into pieces of length c, adds those pieces as binary numbers, adds 9, and takes the c lowermost bits of the result.All simulations were repeated with a second seed and results were manually compared to exclude the possibility of artifacts, which however did not show.Raw data, Pareto front data, and the simulation code are available via a repository: https://github.com/NIoSaT/DYST The values for h, t, c were chosen to allow comparison between different variants in a restricted range, and to illustrate development of distance and bandwidth over the range for a particular parameter.Fig. 6(left) provides all of the above variants as points in the plane with distance on the x-axis and steganographic bandwidth on the y-axis, as defined in Section III-C2.All points are quite close together, so we do not have a point "cloud" but still a bit "thicker" line.Thus, DYST-Ext extends DYST-Basic in the sense that the user has more choices in the tradeoff between distance (stealthiness) and steganographic bandwidth than with DYST-Basic alone.This is illustrated in Fig. 6(mid) and (right) that depict zooms into (10 6 , 0.1) and (10 5 , 0.001), respectively.The points that represent variants of DYST-Ext (blue) fill the gaps between the points representing variants of DYST-Basic (red).Fig. 6(right) depicts the region of interest, i.e., the region where the actual tradeoff between distance and bandwidth can be seen.Put otherwise, this is the region with the bend in the bottom-left quadrant of Fig. 6(mid).
The Pareto front contains only about one-third of the variants.As its shape is similar to Fig. 6(left), we refrain from showing another figure.Among the DYST-Ext variants in the Pareto front, both SHA-3 and ad hoc checksums show quite often.CRC8 shows only seldomly.CRC8 and BCH are often doubles, i.e., they have the same distance and bandwidth as DYST-Basic or -Ext with SHA-3.Quite some variants from the theoretical analysis are not on the Pareto front, indicating that sometimes the simulations gain a little in practice.

D. Throughput-optimized DYST Using Multiple Pointers
For DYST-Basic and DYST-Ext, only one hash is calculated per PoI and eventually pointed to.DYST's throughput can be increased by using multiple pointers, signalling that a secret message might be found after calculating one of multiple hashes using a counter i, so that H 1 = H(M ||i = 0), . . ., H n = H(M ||i = n − 1), i.e., the signal (if sent) tells the receiver what counter i needs to be used to obtain the secret message.This requires n pointers in the form of n distinguishable inter-packet times between PoI and signaling packet (or a classical covert storage channel with log 2 n pointer bits).

E. Taxonomy
Existing publications on network covert channels exclusively focus on network traffic that is live traffic to be modified or generated.Some covert channels also replay traffic recordings enhanced with secret data.History covert channels point to secret data in a carrier that was transmitted in the past (Fig. 7), i.e., the carrier traffic of the data signal is not altered.While not a core aspect of this paper, we still like to point out that it would be imaginable to create prediction covert channels, which point to anticipated future data.For instance, ARP requests in LANs and sensor value readings in CPS occur on a regular basis and are thus possible to predict and utilize.The only difference between prediction and history covert channels is whether they point to old or upcoming data.However, predictions of future traffic are less reliable than pointing to already-seen traffic.For this reason, we solely focus on history channels.Fig. 6.Simulation results for DYST-Ext (left), and zooms for DYST-Basic and DYST-Ext, respectively.Axes give distance, i.e., the average number of observed packets between signalled transmission of secret message parts, and steganographic bandwidth, i.e., the number of secret message bits transmitted with one signal in relation to the distance.The literature differentiates covert channels into active and passive ones (Fig. 8).An active sender generates the traffic in which the secret data is embedded while a passive sender modifies third-party traffic for this purpose.Usually, a passive sender is an intermediate network node, such as a router.The receiving process can also be performed in an active or passive manner.Here, the terminology considers a receiver as active if it is also the destination of the overt traffic.If it passively observes the traffic (which is directed to another hop), the receiver is considered passive.Lamshöft and Dittmann recently added a further differentiation in [57], which is also shown in Fig. 8.They consider covert channels as semi-active if the covert sender is active but the covert receiver is passive.In contrast, a channel is called semi-passive if the covert sender is passive but the covert receiver active.
As the current differentiation between active and passive covert channels does only represent the signaling channel of DYST, we add a new category of covert communication, which we call fully-passive because of its truly passive handling of third-party traffic (which is not modified).Because of the broadcast nature of the utilized messages, the receiver of DYST's data channel is a passive one.
As our channel's sending and receiving processes are decoupled in a way that the sender does not directly address the receiver, our data channel can further be considered as an indirect one, while the signaling channel can be considered as a direct covert channel.
Finally, a covert channel could also be a fully-and-semipassive one, which is at least theoretically feasible and reflects a channel where the covert receiver waits for pre-defined packets directed to it by some third-party node (fully-passive covert sender).Such a channel could be configured by having DYST to operate with directed messages instead of broadcast messages and would be less functional.

IV. EVALUATION USING LOCAL NETWORK SETUP
This section presents the evaluation of the DYST implementations Basic and Ext for local area networks using two different scenarios: a private smart home network and a university network.After presenting our implementation and the experimental setups for different scenarios in which we evaluated DYST, we analyze the robustness and detectability of our covert channel.

A. Implementation
The PoC for DYST using local area networks (DYST-Basic/-Ext) was implemented with Python 3 and utilizes the scapy library for eavesdropping legitimate traffic and crafting signal packets.Our implementation utilizes the following packets as they can be received by CS and CR when residing in the same network: • IPv6 anycast packets with IPv6 destination ff0 * :: or to IPv6 link layer address 33:33: * • IPv4 broadcasts to the subnet broadcast address • ARP requests to broadcast addr.ff:ff:ff:ff:ff:ff For hashing, we utilized the SHA3 hash algorithm with a bit length of 512, provided by the Python 3 library hashlib.The input values contained the source IPv4 and IPv6 address, depending on the packet type.As the same input of a hash function results in the same hash, we additionally utilized the CS and CR packet receiving timestamp in seconds.The utilization of the timestamp results in a new hash for the same source addresses each second.As packets are not received at the same time by all devices in a network, we filtered packets that were received closer than 0.05 seconds to a full second, i.e. having a fractional time value of less than 0.05 or higher than 0.95 seconds, to minimize the possibility of CS and CR using a different timestamp when hashing.
For signaling, we utilized an ARP broadcast request, sent by the CS requesting the MAC address containing the target IPv4 address of an uninvolved third-party system.The CR interpreted this request as the signal to extract the latest hashed value.The process of the CS implementation is shown in Alg. 1.An additional check for PoI-collisions is performed with and without activated robustness mode (cf.Sect.IV-D).

B. Scenarios and Testbed
To evaluate DYST under different circumstances, we came up with several scenarios which provide different traffic characteristics.These scenarios are described in detail in the following paragraphs.
a) Scenario 1: University Network: Traffic for this scenario was recorded in a university network from regular office workstations.We did not use any port mirroring or a prominent location in the network to see how a regular device would see traffic.The environment itself is composed of 75 to 100 devices, around 50 of which are used on a daily basis.The network mostly consists of office laptops, printers, and some smart devices.All major operating systems (Linux, macOS, Windows) are present.For our intents and purposes, the university network resembles that of a company, thus this scenario applies to use cases in both settings.
Example use case: In an APT, an attacker might infect multiple clients in the network and use DYST as a means of internal communication between the compromised clients.If one infected machine got access to an account with higher privileges, it could share the credentials with all other instances in the network for a faster spread of malware.Similarly, DYST could be used as a command and control channel between multiple compromised clients.
b) Scenario 2: Home Network: This scenario represents a typical home network with mixed devices, permanently connected to a WiFi router.The utilized router was a Speedport Smart 3 with current firmware, extended by two mesh repeaters to cover a larger area.In total, up to 30 devices were connected simultaneously, consisting of classical IT devices (three laptops, two raspberries, a network printer, smartphones), IoT devices (SmartTV, vacuum cleaning robot, coffee machine) as well as home automation (various Google Nest Mini).All devices were commonly used and, except for laptops and smartphones, connected permanently to the home network.All devices were connected within one /24 IPv4 subnet.
Example use case: Several compromised smart home devices exchange information under the radar, e.g., to collaboratively collect surveillance data and profile inhabitants.It is not probable that such a network is monitored for covert channel detection, so a less sophisticated approach will also be applicable.Anyhow, we decided to analyze this scenario because it shows the flexibility of DYST, even if there are few changing devices.In this scenario, especially the throughput of DYST can be optimized as there are no wardens.
Note that further scenarios are imaginable, e.g., journalists exchanging secret information through a WiFi hotspot in a bullet train or at a public airport.

C. Match Distribution
The utilized input parameters of the hash function generate different hashes h i for each modified bit, i.e., new packet, if the hash function is collision-resistant.These generated hashes h i are compared by the CS to a specific pattern M (the data it wants to signal), which is constant until a suitable match is found.As explained in the derivation of Eq. ( 5), the number of matching bits follows a binomial distribution with h trials and a success probability 0.5.
We compare the actual frequency for the number of matching bits in relation to the total number of hashes generated to the expected results in Fig. 9 for both scenarios.Therefore, we searched for one specific pattern equal to 8 bits and expected the distribution to follow the binomial distribution with N = 8 and p = 0.5, which is represented by the gray histogram.Further, we assume that the more hashes are observed, the more the actual distribution will follow the expected distribution.The black and red bars represent the actual distribution of matching bits in the home and university network scenarios, respectively.Both actual distributions follow the expected distribution, however, the university network scenario differs slightly.This can be explained by the number of observed hashes (89,959 observed hashes for the home network; 2,075 for the university network), drawing both assumptions correct.This points out our hash-generation methodology is correct.Besides the evaluation in our testbeds, also the number of matches for different bit lengths is evaluated.As the CS is searching for a 100 percent match in DYST-Basic, we calculated P h (X ≥ h).As for DYST-Ext also partial matches can be utilized, we add P h (X ≥ 0.8 • h) for at least 80% matching bits, both calculated by Eq. ( 5).The results of the example experiments for the home network scenario are presented in Tab.III.The 8-bit and 16-bit experiments were performed in a live scenario, while the 12bit and 21-bit match distributions were simulated.The results indicate that for h = 8 bits, slightly more hashes than expected show h matching bits, while for at least 80% matching bits, slightly less were observed.According to the deviation, 281 perfect matches should be detected, while actually 343 were detected.For the DYST-Ext mode, 3,232 potential matching hashes should be detected, while actually 3,162 were detected.For our h = 12 bit experiment, the hit rate for both 100 and (at least) 80 percent matches slightly performed worse than expected, resulting in 150 matches instead of 164 and 1,068 instead of 1,086, respectively.For h = 16 bit and a 100 percent match, the observed rate neared the expected value, while the number of actual 80 percent matches was slightly higher than expected.There should have been 5 matches, while actually 5 had been found for DYST-Basic and for DYST-Ext potential 2,379 hashes with at least 80 percent match should be observed, while 2,413 were actually detected.For our h = 21 bit experiment, no matches were found.As 0.43 packets are expected for the number of observed packets, the expectation is met.Further, 152 packets had at least 80% matching bits, while there should have been 170 packets.

D. Robustness
The main concern for the robustness of DYST lies in which messages are seen and interpreted as signaling.As DYST only uses legitimate network packets, it relies on the general robustness of network transmissions (e.g., Ethernet frame checksums) and timestamps (ensured by time synchronization mechanisms like NTP for example).Such effects are caused by active and inactive jitter-influencing factors causing disorder, retransmissions, dropouts, and delays amongst others.Neither CS nor CR can control jitter factors of their transmission as they are not directly communicating with each other.To mitigate such factors caused by the physical layer we need to introduce the so-called robust mode.
We evaluated the jitter in our two local network environments for DYST-Basic by investigating the delays between ARP requests and the corresponding replies.Fig. 10 shows the results for the university and home network.

University
Home network 10 −5 We can see that the mean values and standard deviations for the ARP delays, which are by nature two-way-delays, are orders of magnitude lower than the waiting periods that were used for the robustness measure (see further below).The standard deviation for the university is at 9.1•10 −3 s and for the home network at 2.1 • 10 −5 s.While the university network has generally higher values, we still only have 35 outliers above 0.1s out of over 18,500 measurement points.Therefore, we can conclude that the jitter of our test networks did not have a relevant impact on the robustness of DYST.Further, it is also viable to adjust the waiting periods for sending signal packets according to the characteristics of the network in which one chooses to deploy DYST.
If the same packet arrives at CS and CR, we can assume that the content will be the same, resulting in the same input parameters for the hashing function.We do have other concerns about the robustness of DYST that need to be addressed: a) CS and CR must receive the same PoI.b) CS and CR must receive the PoIs in the same order.c) Consecutive PoIs must have a sufficient delay to allow reliable signaling.a: To address this issue, we have to carefully select which packets are used by DYST to ensure that both CS and CR receive the same packets.Depending on the deployment scenario, we might choose different sets of packets to achieve this goal: In a local scenario like a university network, a smart home network or an open Wi-Fi like a café, we can focus on local broadcast packets.If DYST is used between two routers, we can use our knowledge about the routing topology to filter for packets that will pass through both CS and CR.Similarly, if both CS and CR are part of the same multicast group, one could filter for packets from that group to ensure synchronization.Moreover, there is a tolerance regarding the received PoI.As only a fraction of the packets are actually used for signaling, a packet received by CR but not received by CS would simply not be checked for a match and thus also not used as a carrier.However, if CS receives a packet and both of the following conditions are met: CR does not receive the packet and CS actually points to this packet for signaling, then CR might receive an incorrect message as it interprets the wrong packet (see point b)).All in all, it is possible to choose a robust set of packets to be used with DYST, with only a little prior knowledge about the deployment scenario.
b: This variable is outside the control of DYST as we cannot influence the routing or buffering behavior of other parts of the network.We performed an evaluation in a home network by running DYST between two different clients on the same network.During our evaluation, we observed significant problems when testing our scripts.In our first test, 3 of 65 characters of the message were transmitted correctly.This was due to the fact that a significant portion of the PoIs did not arrive in the same order for the CS and the CR.These PoI packets were in the wrong order because of their tight succeeding timing and different networking delays for CS and CR.Therefore, two additional configuration parameters for DYST control the mandatory delay between received packets to reduce this issue: If the CS receives two or more PoIs in less than D milliseconds, the CS will ignore all PoIs received in that timeframe.So only isolated PoIs will be considered for DYST.If only one PoI is received in D milliseconds, the CS will send out the signal.The CR will ignore all PoIs that arrived less than R milliseconds before the signal and only interpret earlier PoIs.This gives the CS enough time to calculate and send the signal without risking a race condition (see part c) below).Fig. 11 illustrates this process.Fig. 11a, shows the side of the covert sender.This example uses two packets that arrive close to each other, which leads to them being ignored by the CS and not considered for DYST.Fig. 11b shows the receiver-side.
Here we can see that the receiver ignored a packet that arrived too close to the signal and instead interpreted the older one.This will decrease the potential throughput, as we ignore more packets that could potentially be useful.But we significantly decrease potential errors in cases where packets arrive in a different order at the CS as at the CR.Varying scenarios will require differently tuned values for D and R, see Electronic Supplement.Additionally, we can counter possible errors with an error-correcting code that covers multiple transmissions.Different approaches are possible, e.g., simply transmitting the same message multiple times and taking a majority vote on gained hash values, can increase robustness.
c: Similarly to b), DYST might encounter errors if many PoIs arrive in a short amount of time.The CS might receive a PoI that creates a hit.While the CS is evaluating and preparing to send out the signal, another PoI arrives at the CR even before the signal from the CS reached the CR.In such a case, the CR would interpret the latest PoI and not the correct one.This error source is also countered by the option R of the multistage delay introduced in b).Since DYST only considers PoIs that are isolated and the CS has R milliseconds to perform the signaling, it is far less likely for this race condition to appear for any PoIs that can be seen by CS and CR.Similar to b), a larger delay will result in a lower bandwidth but higher robustness.Depending on the scenario, drastically different configurations for D and R are possible.If CS and CR are both routers with a fixed route between them, it is easy to see that the CS will have better knowledge about the order and delays in which the CR will receive the PoIs and can therefore choose a lower value for D and R.
Impact of Robustness: We evaluated the timing between PoIs in both scenarios of our local network testbeds to get an overview of network behavior and the impact of our robustness measure.Fig. 12 shows the plots for the different scenarios.
We can see that both scenarios show a generally similar picture: the mean value for the inter-packet delays (IPDs) of the PoIs for DYST-Basic is close to 0 with a significant number of outliers.The outliers are beneficial for the robustness of DYST, as they separate PoIs.If we look at the delays with the robustness filter (D = 0.5s, the simulation only happened for the CS side), we again see a similar image for all scenarios.We generally see higher delays between PoIs, as DYST ignores some PoIs and therefore the delays between evaluated PoIs are higher.This means that DYST will have fewer packets at its disposal to transmit the message, but we gain in reliability (see Electronic Supplement for details).
We evaluated the effectiveness of our robustness approach in the home network and university network scenarios.Tab.IV shows the results for two scenarios (home and university network).For each scenario, we conducted a test run with and without robustness measures and recorded the percentage of characters that were correctly transmitted.
We can see that the home network had significant problems without robustness measures, while the university network setup had no problems during our tests.The university network setup showed very little activity, i.e., very low frequency of We further tested the parameters D = 0.5 s and R = 0.3 s, which resulted in 56% correctly signaled characters.We can therefore see that the home network setup benefits from more aggressive configurations.However, the robustness would increase using a higher D or additional robustness measures, such as the redundant transfer of secret messages.In Tab.V, we show how many PoIs were observed in a simulated offline run.We used real recordings and ran the pcaps through an offline version of DYST (only CS side is simulated).We can see that in all scenarios, the number of usable PoIs is significantly reduced.This means there will be fewer PoIs available for DYST, which in turn can reduce the potential bandwidth of the covert channel.It is noticeable that the home network setup suffered more than the university network setup, this can be explained by the higher activity in the home network compared to the university network.This again explains the worse performance in the home network without robustness measures.
On the other hand, a reduction of possible bandwidth aids the undetectability, by spreading signals even further apart.

E. Detectability
Detectability of a timing channel is analyzed by comparing the distributions of inter-packet gaps of packet streams with and without timing channel.This can be done with statistical and information-theoretic means.We have used Kolmogorov-Smirnov-test for the former and Cabuk's compressibility score for the latter.The results of these tests are not absolute: the timing channel can only be detected if the difference between results with and without timing channel is larger than the variation of test results for different packet streams without timing channel.
To evaluate the detectability of DYST, we gathered legitimate reference and covert channel recordings from two different scenarios and with six different configurations for the covert channel: 1 and 2 byte basic mode (h has 8 or 16 bits, respectively), 1 and 2 byte robust mode (also 8 and 16 bits), and 1 and 2 byte extended mode (where h is also 8 or 16 bits, respectively.The checksum of length c is added on top).We performed recordings in two different networks, a home network and a university network (see Tab. VI for an overview).As the data channel itself cannot be detected, a defender relies on detecting the signal channel.Since our DYST implementation uses ARP requests for signaling, our detection focuses on the IPDs of ARP requests.
1) KS-test: To gauge the potential detectability, we chose a two-sample KS-test [58].The KS-test is a general measure of similarity between two samples, with high test results indicating difference of the samples [59].Given empirical cumulative distribution functions F 1 and F 2 for random variables X 1 and X 2 , i.e., F i (a) = P (X i ≤ a), the similarity of the two functions is computed by sup a |F 1 (a)−F 2 (a)|, with sup being the supremum of the set of distances over all real values a [59].
We use the KS-test to measure the similarity between the ARP IPD distribution of two recordings.In addition to our original recordings, we also filtered the covert channel recordings to remove any signals produced by the covert channel to produce a second (but synthetic) source of legitimate traffic.We then performed a cross validation between all possible recordings of a scenario (home and university networks).This provides us with 3 different classes of combinations, which we considered important for our analysis: (1) covert vs. filtered recordings, (2) pairs of legitimate recordings, and (3) covert vs. legitimate recordings.To get a better understanding of the detectability, we focused on several combinations, which we describe separately.
First, we compared different legitimate recordings against each other, while excluding exact matches.For this, we used several legitimate recordings from the home network.This gives us a mean p-value of 3.84 • 10 −11 with a standard deviation of 4.01 • 10 −10 and a mean D-value of 0.19 with a standard deviation of 0.13.The results for the legitimate university network scenario are almost exactly the same.This points towards a significant difference between all the legitimate recordings.With that, we can already see that legitimate traffic drastically varies depending on the time of day and the activity of participating nodes that do not follow repetitive behavior.This already points to a low possibility of detection.
Next, we compared the covert channel recordings with the corresponding filtered covert channel recordings.This gives us a mean p-value of 0.99 with a standard deviation of 0.04 and a mean D-value of 0.0008 with a standard deviation of 0.001.This on the other hand shows that our covert channel barely alters the characteristics compared to legitimate traffic.
If we compare covert channel recordings with legitimate recordings, we obtain a mean p-value of 1.53 • 10 −95 ∼ 0 with a standard deviation of 1.12 • 10 −94 ∼ 0 and a mean D-value of 1.87 • 10 −1 with a standard deviation of 1.31 • 10 −1 .These results again point towards significant differences between the two scenarios.However, these differences are comparable to those of two legitimate recordings.
Fig. 13a shows the p-values of the KS-tests and we can see a strong similarity of the CC vs. filter scenario and a strong dissimilarity for the other two scenarios.Fig. 13b, 13c and 13d show exemplary histogram plots for the ARP request IPDs for each of the considered scenarios from the home network setup.Again, we can determine a high level of similarity between the covert channel recording and the filtered recording and slight differences between two legitimate recordings as well as between covert and legitimate recordings.
These three results in combination point towards an almost impossible detection of DYST, as the differences between different legitimate recordings are larger than the difference between covert channel and filtered recordings.
2) Compressibility Score: In addition to the KS-test, we also used a widely known detection method from covert channel research: the compressibility score as proposed by Cabuk et al. [25].Again, we used the IPDs of ARP requests for the detection and focused on the same three classes of combinations with the same recordings.To calculate the compressibility score, we divided the recordings in windows of fixed length (1,000 IPDs).Each window was then transformed into a string representation S of concatenated IPDs, which was compressed using a compressor ℑ, in our case gzip.The final compressibility score κ = |S|/|ℑ(S)| for a window is the compression ratio between the original string and the compressed string.Since covert timing channel flows use similar IPD values in a re-occurring manner, their compressibility score is typically higher than the score of legitimate flows.
Fig. 14a shows the compressibility scores for all recordings.Here we can see a nearly identical values for legitimate and covert channel recordings, which already points towards a challenging detectability of DYST.Figs.14b, 14c and 14d show exemplary histograms with pairwise plots for the distributions of the compressibility scores of the home network.As can be seen, we found a large overlap of compressibility scores when comparing covert channel and filtered recordings.This again points towards a strong similarity of the two recordings.The comparison of two legitimate recordings of the home network shows significant differences in the distributions while we would expect two matching plots, indicating a high dependence on the current status of a network (daytime etc.).Moreover, the comparison between the covert channel and the legitimate recording shows even smaller differences than the two legitimate recordings.When determining optimal thresholds for the detection of DYST, our experiments revealed that the compressibility metric (and the related AUC scores for ROC charts) fluctuated based on time of day, network load or other factors, rather than the presence of DYST.This is rooted in the fact that DYST sends only very few messages.Thus, similar to the KS-test, we observed that there is no clear threshold for the κ-value to discriminate between legitimate and covert channel recordings.This fact leads to the conclusion that DYST is not detectable with the compressibility score.
3) Evaluation of Different Covert Channel Configurations: We also evaluated the detectability of DYST when only focusing on a single configuration at a time (e.g., 1 byte basic or 2 byte extended modes).We found that the compressibility score performed no different than before, still producing overlapping κ-values.Similarly, the KS-test performed comparable (figures omitted due to space reasons).This was expected, as the detectability of DYST relies primarily on the number of signals sent.
To further evaluate detectability, we ran our multi-pointer variant of Sect.III-D while allowing different pointer counts.Fig. 15 shows the detection results using the compressibility score.
As can be seen, the approaches with two, and even 32 pointers perform very close to DYST-Basic with only one pointer (AUC close to 0.5).Only when the number of pointers was increased to ≥ 128, we were able to provide reasonably good detectability that would be useful in practice.
We conclude that DYST's detection depends on the chosen configuration.A configuration with ≤ 32 pointers (i.e., high CAF, but few matches and low bitrate) was undetectable.A configuration with ≥ 64 pointers sacrifices is detectable and offers a low CAF but provides a higher bitrate (cf.Sect.VI).
V. FEASIBILITY STUDY OF REMOTE VARIANT So far, we analyzed DYST-Basic and DYST-Ext in a local network.We now study the feasibility of DYST-Remote-both scenarios (i.e., pointing to either 1 or 2 bytes per match), DYST has the advantage over the direct embedding up to the point where the pointer size matches (or exceeds) the size of the message being pointed to.The maximum bitrate with amplification was 29.12 (7 bit pointer to 8 bit message) and 58.75 (15 bit pointer to 16 bit message), respectively.

VII. DISCUSSION
Our approach provides room for several follow-up developments in terms of alternative methodology.We have studied how one can point to the content of previously seen packets.However, other hiding patterns [10] could probably be useful, too.For instance, the inter-packet times hiding pattern could be used to point to a series of inter-packet gaps, the size modulation pattern could be used to point to a sequence of packet sizes and so forth.Further, by neglecting the context of network traffic and discarding the use of a hash function, we have recently shown that a history channel can be used to point to textual elements on the Internet (e.g., content from Wikipedia pages) to bypass censorship [60].A similar scenario could be a social media service, where legitimate users submit postings, such as Facebook, Twitter, or any form of blog or platform that generates a massive amount of content (e.g., Dropbox, Google Drive or Github).Signaling for these scenarios is not bound to the same service, which means that signals can be sent out-of-band, for example via a different platform or a network protocol.Moreover, one could use history covert channels to point to previously seen content in audio/video streams.Finally, DYST could be applied for stealthy communication between local processes of a secure operating system by monitoring hardware events.

VIII. CONCLUSION
We introduced history covert channels, jointly with the paradigm of covert channel amplification.History covert channels send secret messages by pointing to unaltered legitimate data.They can be applied in extremely hostile environments, i.e., where a covert sender is unable to send any other message than previously whitelisted ones.We introduced different variants and an implementation called DYST.Our results indicate a limited but variable throughput dependent on the number of bits signaled at once.We analyzed the robustness and also have shown that traditional heuristics are unable to provide satisfying results unless many pointers are employed.IX.ACKNOWLEDGEMENTS S. Wendzel and S. Zillien have been supported by the "Innovative University" programme, a joint initiative of the Federal Government and the German States (project EMPOWER, FKZ 03IHS242D).This open access article was supported by the HS Worms library funds.X. FURTHER NOTES ON THE OPTIMIZATION OF DYST Fig. 17 presents the transmission of 1,000 bits with DYST with 1 to 6 bits transferred at once.The theoretical number of hashes necessary to transmit a Message M with DYST-Basic can be calculated by dividing len(M ) h and P h (X ≥ h), resulting in len(M ) • 2 h /h.The number of necessary packets to transmit a Message M with a length of 1,000 bits is visualized in Fig. 17a and shows that the more bits shall be submitted at once, the more packets need to be observed.The number of packets grows exponentially with the number of bits to transmit in one chunk.This represents one packet for each observed match, disregarding robustness and stealthiness considerations.Further, the number of necessary signals decreases with the number of bits transferred in one chunk.This leads to a tradeoff between stealthiness and throughput.The stealthiness also increases with robustness, as for a robust transmission from CS to CR some packets need to be ignored as already described.Henceforth, the more robust the channel, also the stealthier DYST will be, however, the throughput suffers.This trade-off is also presented in Figs.17b-17d for the transmission of the message M consisting of 1,000 bits with a maximum number of 6 bits signaled at once.In the case of a throughput-optimized DYST implementation, for each matching hash, a signal is sent.Fig. 17b visualizes this configuration where the number of signals to be sent decreases as the number of bits encoded in one matching hash increases (dotted line), and nears 1 for a theoretical signal, pointing at 1,000 bits at once.The number of necessary packets to observe increases (dashed line) as the probability of a match also decreases because the total number of packets in a recording increases.These are represented by the solid line (showing the sum of necessarily observed packets and necessary signals).For a robust approach, we assume in our example that only each fourth packet fits our previously described requirements (see Fig. 17c).The number of necessary packets to observe increases while the number of signals stays constant, compared to the throughput-optimized scenario.Thus, compared to the total number of packets observed, fewer signals are included in an experiment.The share of signals in percent is shown in Fig. 17d.The solid line represents a throughput-optimized approach, while the dashed line shows a robust approach where each second packet fits the robustness requirements.The dotted line visualizes the approach where each fourth packet fits these requirements and equals the scenario in Sect.IV-D.The share of signals in percent decreases with the number of packets utilized for signaling and with the number of bits signaled at once.This leads to the conclusion that the fewer packets are utilized and the more bits are signaled at once, the less likely a detection.If CS and CR fear the presence of a warden, they can simply ignore each certain number of packets or increase the number of bits signaled at once to decrease the noticeability of a signal.
Alternative Improvement of Sending Performance: While the paper at hand presents an initial methodology, our OP-PRESSION extension [60] applies the history covert channel method by pointing to publicly accessible (historic) textual web content (instead of network packets).This allowed us to improve the sending performance of popular censorship circumvention tools and underpins the flexibility of the history covert channel method.OPPRESSION's pointers refer to nodes in a Patricia Trie, which is a form of a tree representing the possible sentences Alice wants to transfer to Bob.
Improving Over Current Research: However, we assume that one could enhance the sending performance provided by OPPRESSION similarly like Unix-like systems use inodes (i.e., filesystem metadata entries) as follows.Instead of pointing to only one data chunk (or sentence), Alice and Bob could pre-compute trees that refer to multiple data chunks (multiple sentences), which is handled by indirect data pointers in inodes.Thus, one pointer could refer to significantly more data as it refers to several more pointers (that again refer to more pointers) that point to several different tree nodes.However, this would require larger trees and more precomputation operations for Alice and Bob.There is currently no implementation or evaluation of such an approach and it is thus left as future work for the research community.

Fig. 3 .
Fig. 3. Confined communication from a LAN to a remote site: CS resides inside the local network and CR resides in an uncensored public network.

Fig. 5 .
Fig.5.Functioning of DYST-Ext.For illustration, we use a message chunk M of h − c = 3 bit length and a checksum of c = 2 bit, which simply represents the number of ones in the message chunk as a binary number (step 1).In the hash value h i with h = 5 bits, only t = 1 bit do not match (step 2).CS thus checks all modifications of the hash value until a hit between the reconstructed message and reconstructed checksum occurs (steps 3 to 5, flipped bits marked by dashed circles, order of bit flips: right to left).As the reconstructed message equals message chunk M (step 6), CS will send an ARP request to CR. CR will perform the same computation and reconstructs M .For message chunk M = 110 (same checksum), the same fit would apply but not reconstruct M , and no ARP is sent.

Fig. 7 .
Fig. 7. History and prediction covert channels, differentiated by the secret data carrying transmission they point to.

Fig. 10 .
Fig. 10.ARP delays for University and Home network setups.

Fig. 13 .
Fig. 13.Overview of legitimate and DYST traffic's characteristics, with detailed examples for IPD values of the home network.

Fig. 16 .
Fig.16.Bandwidth evaluation results for the multi-pointer approach and two different recordings from the office network (different times of the day).

TABLE I TABLE
OF USED NOTATIONS IN THIS PAPER.

Public Network / Internet Censored LAN LAN-to-Remote Site Scenario Step 1: Legitimate
traffic that can be observed by both, CS and CR, is sent by a legitimate senderStep 2: CS refers CR to the previously seen packet through some legitimate signal message.

TABLE II OVERVIEW
OF DYST VARIANTS IN THIS PAPER.The adversary is able to observe all traffic exchange in the local network, where CS resides.2) The adversary can further block any traffic sent by CS if its content (that is a combination of packet header and payload) does not match an element of a set of pre-defined legitimate messages.For instance, in a local network scenario, CS might be able to only send one specific ARP broadcast that calls for the address of the local network's router.
3) The adversary is also able to observe all traffic that is exchanged on the path between CS and CR, even if CR resides in a remote network.If the adversary detects a suspicious communication, it can decide to block the communication from CS to CR for an arbitrary time.4) The adversary is not capable of locally monitoring actions or resources on CS or CR, i.e., there is no adversary malware on CS or CR.
4ig.4.The DYST-Basic Sending Process.Hashes representing a secret message can be calculated over whole packets or just parts of packets (e.g., selected header fields).Note that packets with non-matching hash values are not processed further.Signaling packets can take the form of any typical (legitimate) broadcast, such as ARP or DHCP requests.