A Hybrid Covert Channel with Feedback over Mobile Networks

  • Xiaosong Zhang
  • Linhong Guo
  • Yuan Xue
  • Hongwei Jiang
  • Lu Liu
  • Quanxin ZhangEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1095)


In the existing network covert channel research, the transmission of secret messages is one-way, lacking confirmation feedback on whether the secret message is successfully accepted. However, VoLTE has real-time interactive features, and the data packets between the sender and the receiver are transmitted in both directions, which facilitates the construction of a two-way covert channel with feedback. Therefore, we propose a hybrid covert channel over mobile networks, which includes a sender-to-receiver covert timing channel that modulates covert message through actively dropping packets during the silence periods and a reverse covert storage channel that hides the acceptance of the covert message as feedback information into the feedback control information field of the RTCP packet. The sender evaluates the current attack severity according to the feedback and adjusts the real-time parameters of the covert timing channel to weigh the robustness and other performance. Experimental results show that this solution can effectively feedback the transmission of the covert message while keeping undetectable and robust.


Covert channel VoLTE Mobile networks Feedback 



This work has been supported by the National Natural Science Foundation of China under grant No. U1636213 and No. 61876019.


  1. 1.
    Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973) CrossRefGoogle Scholar
  2. 2.
    Department of Defense Trusted Computer System Evaluation Criteria, pp. 69–72. Palgrave Macmillan UK, London (1985)Google Scholar
  3. 3.
    Mazurczyk, W., Szczypiorski, K.: Evaluation of steganographic methods for oversized IP packets. Telecommun. Syst. 49(2), 207–217 (2012)CrossRefGoogle Scholar
  4. 4.
    Sadeghi, A.-R., Schulz, S., Varadharajan, V.: The silence of the LANs: efficient leakage resilience for IPsec VPNs. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 253–270. Springer, Heidelberg (2012). Scholar
  5. 5.
    Rios, R., Onieva, J.A., Lopez, J.: Covert communications through network configuration messages. Comput. Secur. 39(4), 34–46 (2013)CrossRefGoogle Scholar
  6. 6.
    Muchene, D.N., Luli, K., Shue, C.A.: Reporting insider threats via covert channels. In: 2013 IEEE Security and Privacy Workshops, pp. 68–71, May 2013Google Scholar
  7. 7.
    Do, Q., Martini, B., Choo, K.K.R.: Exfiltrating data from android devices. Comput. Secur. 48, 74–91 (2015)CrossRefGoogle Scholar
  8. 8.
    Wu, Z., Cao, H., Li, D.: An approach of steganography in G. 729 bitstream based on matrix coding and interleaving. Chin. J. Electron. 24(1), 157–165 (2015)CrossRefGoogle Scholar
  9. 9.
    Cabuk, S.: Network covert channels: design, analysis, detection, and elimination. Ph.D. thesis, Purdue University, West Lafayette, IN, USA (2006)Google Scholar
  10. 10.
    Houmansadr, A., Borisov, N.: CoCo: coding-based covert timing channels for network flows. In: Filler, T., Pevný, T., Craver, S., Ker, A. (eds.) IH 2011. LNCS, vol. 6958, pp. 314–328. Springer, Heidelberg (2011). Scholar
  11. 11.
    Tan, Y., Zhang, X., Sharif, K., Liang, C., Zhang, Q., Li, Y.: Covert timing channels for iot over mobile networks. IEEE Wirel. Commun. 25(6), 38–44 (2018)CrossRefGoogle Scholar
  12. 12.
    Tan, Y., Xinting, X., Liang, C., Zhang, X., Zhang, Q., Li, Y.: An end-to-end covert channel via packet dropout for mobile networks. Int. J. Distrib. Sens. Netw. 14(5), 1–14 (2018)CrossRefGoogle Scholar
  13. 13.
    Zhang, X., Liang, C., Zhang, Q., Li, Y., Zheng, J., Tan, Y.: Building covert timing channels by packet rearrangement over mobile networks. Inf. Sci. 445–446, 66–78 (2018)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Zhang, X., Tan, Y., Liang, C., Li, Y., Li, J.: A covert channel over VoLTE via adjusting silence periods. IEEE Access 6, 9292–9302 (2018)CrossRefGoogle Scholar
  15. 15.
    Zhang, X., Zhu, L., Wang, X., Zhang, C., Zhu, H., Tan, Y.: A packet-reordering covert channel over VoLTE voice and video traffics. J. Netw. Comput. Appl. 126, 29–38 (2019)CrossRefGoogle Scholar
  16. 16.
    Luo, X., Chan, E.W.W., Chang, R.K.C.: TCP covert timing channels: design and detection. In: 2008 IEEE International Conference on Dependable Systems and Networks with FTCS and DCC (DSN), pp. 420–429, June 2008Google Scholar
  17. 17.
    Wu, J., Wang, Y., Ding, L., Liao, X.: Improving performance of network covert timing channel through huffman coding. Math. Comput. Model. 55(1C2), 69–79 (2012)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Ahmadzadeh, S.A., Agnew, G.: Turbo covert channel: an iterative framework for covert communication over data networks. In: 2013 Proceedings IEEE INFOCOM, pp. 2031–2039, April 2013Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Xiaosong Zhang
    • 1
  • Linhong Guo
    • 1
  • Yuan Xue
    • 2
  • Hongwei Jiang
    • 2
  • Lu Liu
    • 2
  • Quanxin Zhang
    • 2
    Email author
  1. 1.Department of Computer Science and TechnologyTangshan UniversityTangshanChina
  2. 2.School of Computer ScienceBeijing Institute of Technology UniversityBeijingChina

Personalised recommendations