CCKex: High Bandwidth Covert Channels over Encrypted Network Traffic

Lindenmeier C, Gebhard S, Röckl J, Freiling F (2025)

Publication Type: Conference contribution

Publication year: 2025

Journal

Lecture Notes in Computer Science Springer Verlag

Publisher: Springer

City/Town: Cham

Pages Range: 385-404

Conference Proceedings Title: Secure IT Systems

Event location: Karlstad SE

ISBN: 9783031790065

DOI: 10.1007/978-3-031-79007-2_20

Abstract

Covert channels, such as the timing behavior of a process or the lowest order bit in a network protocol nonce, can be used to exchange information in a stealthy manner. Storage covert channels are a class of covert channels that modulate data onto unused or redundant protocol fields of existing network communication. Because of this restriction, but also because of the ubiquity of encrypted communication, such channels usually suffer from severe bandwidth limitations. We propose a novel storage-based covert channel that enables the transmission of data inside encrypted network traffic, thus both drastically increasing bandwidth and stealth. In contrast to prior work, we assume the availability of encryption keys on the sender side, a condition usually met by strong attackers applying key extraction from memory. In this way, we are able to embed information into encrypted network traffic, experimentally increasing covert bandwidth by a factor of 11. We demonstrate the practical feasibility of our approach targeting the Android app Signal on a real-world smartphone.

Authors with CRIS profile

Christian Lindenmeier Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Jonas Röckl Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Felix Freiling Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

How to cite

APA:

Lindenmeier, C., Gebhard, S., Röckl, J., & Freiling, F. (2025). CCKex: High Bandwidth Covert Channels over Encrypted Network Traffic. In Secure IT Systems (pp. 385-404). Karlstad, SE: Cham: Springer.

MLA:

Lindenmeier, Christian, et al. "CCKex: High Bandwidth Covert Channels over Encrypted Network Traffic." Proceedings of the 29th Nordic Conference (NordSec 2024), Karlstad Cham: Springer, 2025. 385-404.

BibTeX: Download