Wenyuan Xu,Timothy Wood,Wade Trappe,Yanyong Zhang

DOI: https://doi.org/10.1145/1023646.1023661

2004-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to launch denial of service (DoS) attacks. One form of denial of service is targeted at preventing sources from communicating. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this paper we present two strategies that may be employed by wireless devices to evade a MAC/PHY-layer jamming-style wireless denial of service attack. The first strategy, channel surfing, is a form of spectral evasion that involves legitimate wireless devices changing the channel that they are operating on. The second strategy, spatial retreats, is a form of spatial evasion whereby legitimate mobile devices move away from the locality of the DoS emitter. We study both of these strategies for three broad wireless communication scenarios: two-party radio communication, an infrastructured wireless network, and an ad hoc wireless network. We evaluate several of our proposed strategies and protocols through ns-2 simulations and experiments on the Berkeley mote platform.

Zang Li,Wenyuan Xu,Robert D. Miller,Wade Trappe

DOI: https://doi.org/10.1145/1161289.1161297

2006-01-01

Abstract:Although conventional cryptographic security mechanisms are essential to the overall problem of securing wireless networks, these techniques do not directly leverage the unique properties of the wireless domain to address security threats. The properties of the wireless medium are a powerful source of domain-specific information that can complement and enhance traditional security mechanisms. In this paper, we propose to utilize the fact that the radio channel decorre-lates rapidly in space, time and frequency in order to to establish new forms of authentication and confidentiality that operate at the physical layer and can be used to facilitate cross-layer security paradigms. Specifically, for authentication services, we illustrate two channel probing techniques that can be used to verify the authenticity of a transmitter. Similarly, for confidentiality, we examine several strategies for establishing shared secrets/keys between two communicators using the wireless medium. These strategies range from extracting keys from channel state information, to utilizing the channel variability to secretly disseminate keys. We then validate the feasibility of using physical layer techniques for securing wireless systems by presenting results from experiments involving the USRP/GNURadio software defined radio platform.

Xinying Chen,Jianping An,Zehui Xiong,Chengwen Xing,Nan Zhao,F. Richard Yu,Arumugam Nallanathan

DOI: https://doi.org/10.1109/comst.2023.3263921

IF: 35.6

2023-01-01

IEEE Communications Surveys & Tutorials

Abstract:Information security has always been a critical issue in wireless networks. Apart from other secure techniques, covert communication emerges as a potential solution to security for wireless networks owing to its high-security level. In covert communication networks, the transmitter hides the transmitted signals into environmental or artificial noise by introducing randomness to avoid detection at the warden. By eliminating the existence of transmitted signals at the warden, information security can be preserved more solidly than other secure transmission techniques, i.e., without noticing the existence. Due to the promising security protection, covert communication has been successfully utilized in tremendous wireless communication scenarios. However, fundamental challenges in its practical implementation still exist, e.g., the effectiveness of randomness utilization, the low signal-to-interference-plus-noise ratio at legitimate users, etc. In this survey, we demonstrate a comprehensive review concentrating on the applications, solutions, and future challenges of covert communications. Specifically, the covert principle and research categories are first introduced. Then, the applications in the networks with different topologies and the effective covert techniques in the existing literature are reviewed. We also discuss the potential implementation of covert communications in future networks and the open challenges.

computer science, information systems,telecommunications

Huihui Wu,Xuening Liao,Yongchao Dang,Yulong Shen,Xiaohong Jiang

DOI: https://doi.org/10.1109/NaNA.2017.55

2017-01-01

Abstract:Covert communication aims to achieve secure communications among legitimate network nodes by hiding the existence of the transmission in the first place. Previous work on covert communication mainly focus on the performance analysis of single hop systems, while the performance analysis on two-hop systems remains largely unknown. This paper, for the first time, focuses on the maximum throughput analysis of a two-hop wireless system where the source only communicates with the destination via a relay node. The hypothesis testing problem is first developed to model the probability of false alarms and missed detections at the warden in a two-hop system. Based on the designed hypothesis testing problem, we then conduct theoretical analysis on the maximum throughput of the two-hop system. The results show that the transmitter can communicate with the receiver under a certain detection probability less than a constant ε for any ε > 0, when the throughput is limited as O(√n) bits in n channel uses. Finally, we conducted analysis to show that this result can be extended to a multi-hop system to ensure a low probability of detection communication.

Yuwen Qian,Wei Li,Yan Lin,Long Shi,Xiangwei Zhou,Jun Li,Feng Shu

DOI: https://doi.org/10.1109/jiot.2022.3211022

IF: 10.6

2023-01-24

IEEE Internet of Things Journal

Abstract:The covert communication technology has emerged as a novel method for network authentication, copyright protection, and providing the evidence of cybercrimes. However, how to design the covert communication scheme in the physical layer of wireless networks and how to optimize the data rate for the covert communication channels are very challenging. In this article, we propose a wireless covert communication system (CCS), where the transmit antennas are selected and coded to generate a covert codebook. According to the covert codebook, the antennas can be dynamically combined to transmit different covert messages. In addition, we adopt a modulation scheme, named covert quadrature amplitude modulation (QAM), to modulate the covert messages, where the precoding method is designed to deviate the constellations for covert information bits from those for the public information bits. Furthermore, we derive the closed-form expressions of capacity and bit error ratio (BER) for the proposed CCS. To maximize the covert data rate of the CCS, we formulate an optimization problem of the covert data rate and solve the problem to find the optimal precoding matrix. To reduce the covert information leakage, artificial noise is introduced to the system to jam the communication between the transmitting and watching nodes. We design a beamforming scheme to maximize the secure rate for the CCS, where the leakage of covert information can be minimized while the covert communication is not influenced. Simulation results show that the proposed CCS can significantly improve the covert data rate and reduce the covert BER in comparison with the traditional CCSs.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jorge E. Coyac-Torres,Mario E. Rivero-Angeles,Eleazar Aguirre-Anaya

DOI: https://doi.org/10.1007/s11036-019-01482-6

2020-01-17

Mobile Networks and Applications

Abstract:Nowadays, the use of nodes with different sensing capabilities is pervasive. This leads to many environments capable of monitoring human activity for security, comfort, and connectivity applications among others. However, this also leads to many opportunities for security breaches in personal mobile devices when they are in such environments. In this work, we focus on a covert channel communication system based on sound waves with cognitive radio capabilities. In such system, the mobile nodes are infected with malware that allows the attacker to obtain information from the devices, sending data using a covert channel (hidden communications) to neighbor sensor nodes used for IoT applications through sound waves imperceptible to human ears. A cognitive radio design is based on allowing such hidden communications to occur when the primary channel is unused (i.e., when the user is not using or handling its device). As such, the primary network is considered to be any activity of the mobile (communication, application or service) and the secondary network is the covert channel communication system. Such a system is studied and mathematically analyzed using Continuous Time Markov Chains in order to obtain the throughput in the covert channel for different system parameters. A main result from this work is that, a careful selection of the <em class="EmphasisTypeItalic">activation</em> parameter can lead to a more efficient covert data transfer system, irrespective of the rest of the system parameters.

computer science, information systems,telecommunications, hardware & architecture

Serdar Cabuk,Carla E. Brodley,Clay Shields

DOI: https://doi.org/10.1145/1513601.1513604

2009-04-01

ACM Transactions on Information and System Security

Abstract:A covert channel can occur when an attacker finds and exploits a shared resource that is not designed to be a communication mechanism. A network covert channel operates by altering the timing of otherwise legitimate network traffic so that the arrival times of packets encode confidential data that an attacker wants to exfiltrate from a secure area from which she has no other means of communication. In this article, we present the first public implementation of an IP covert channel, discuss the subtle issues that arose in its design, and present a discussion on its efficacy. We then show that an IP covert channel can be differentiated from legitimate channels and present new detection measures that provide detection rates over 95%. We next take the simple step an attacker would of adding noise to the channel to attempt to conceal the covert communication. For these noisy IP covert timing channels, we show that our online detection measures can fail to identify the covert channel for noise levels higher than 10%. We then provide effective offline search mechanisms that identify the noisy channels.

Sebastian Zander,Grenville Armitage,Philip Branch

DOI: https://doi.org/10.1109/comst.2007.4317620

2007-01-01

Abstract:Covert channels are used for the secret transfer of information. Encryption only protects communication from being decoded by unauthorised parties, whereas covert channels aim to hide the very existence of the communication. Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols. The huge amount of data and vast number of different protocols in the Internet seems ideal as a high-bandwidth vehicle for covert communication. This article is a survey of the existing techniques for creating covert channels in widely deployed network and application protocols. We also give an overview of common methods for their detection, elimination, and capacity limitation, required to improve security in future computer networks.

computer science, information systems,telecommunications

Changming Li,Mingjing Xu,Yicong Du,Limin Liu,Cong Shi,Yan Wang,Hongbo Liu,Yingying Chen

DOI: https://doi.org/10.1145/3636534.3649367

2024-01-01

Abstract:The pervasive use of WiFi has driven the recent research in WiFi sensing, converting communication tech into sensing for applications such as activity recognition, user authentication, and vital sign monitoring. Despite the integration of deep learning into WiFi sensing systems, potential security vulnerabilities to adversarial attacks remain unexplored. This paper introduces the first physical attack focusing on deep learning-based WiFi sensing systems, demonstrating how adversaries can subtly manipulate WiFi packet preambles to affect channel state information (CSI), a critical feature in such systems, and thereby influence underlying deep learning models without disrupting regular communication. To realize the proposed attack in practical scenarios, we rigorously analyze and derive the intricate relationship between the pilot symbol and CSI. A novel mechanism is proposed to facilitate quantitive control of receiver-side CSI through minimal modifications to the pilot symbols of WiFi packets at the transmitter. We further develop a perturbation optimization method based on the Carlini & Wagner (CW) attack and a penalty-based training process to ensure the attack's universal efficacy across various CSI responses and noise. The physical attack is implemented and evaluated in two representative WiFi sensing systems (i.e., activity recognition and user authentication) with 35 participants over 3 months. Extensive experiments demonstrate the remarkable attack success rates of 90.47% and 83.83% for activity recognition and user authentication, respectively.

Wade Trappe,Wenyuan Xu

DOI: https://doi.org/10.7282/t3rj4jw7

2007-01-01

Abstract:Wireless networks are built upon a shared medium that makes it easy for adversaries to conduct radio interference, or jamming attacks, which effectively cause a denial of service (DoS) of either transmission or reception functionalities. These attacks can be easily accomplished by an adversary by either bypassing MAC-layer protocols, or emitting a radio signal targeted at jamming a particular channel. In this thesis, we examine the issue of jamming wireless networks, and sensor networks in particular, by studying both the attack and defense side of the problem. On the attack side, we present four different jamming attack models that can be used by an adversary to disable the operation of a wireless network, and evaluate their effectiveness in terms of how each method affects the ability of a wireless node to send and receive packets. In order to cope with the problem of jamming, we discuss a two-phase strategy involving the diagnosis of the attack, followed by a suitable defense strategy. For detection, we show that single measurement statistics are not enough to reliably classify the presence of a jamming attack, and propose multimodal detection methods. To cope with jamming, we propose a technique, channel surfing, which involves evading the interferer in the spectral domain. Several different channel surfing models are presented, and we evaluate their effectiveness using a testbed of MICA2 motes. Beyond channel surfing, we overview a second defense strategy whereby it is possible to establish a low data rate jamming resistant communication channel by modulating the interarrival times between jammed packets.

Michael Hanspach,Michael Goetz

DOI: https://doi.org/10.48550/arXiv.1406.1213

2014-06-04

Cryptography and Security

Abstract:Covert channels can be used to circumvent system and network policies by establishing communications that have not been considered in the design of the computing system. We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. The underlying network stack is based on a communication system that was originally designed for robust underwater communication. We adapt the communication system to implement covert and stealthy communications by utilizing the ultrasonic frequency range. We further demonstrate how the scenario of covert acoustical communication over the air medium can be extended to multi-hop communications and even to wireless mesh networks. A covert acoustical mesh network can be conceived as a meshed botnet or malnet that is accessible via inaudible audio transmissions. Different applications of covert acoustical mesh networks are presented, including the use for remote keylogging over multiple hops. It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered. Finally, countermeasures against covert acoustical mesh networks are discussed, including the use of lowpass filtering in computing systems and a host-based intrusion detection system for analyzing audio input and output in order to detect any irregularities.

Muawia A. Elsadig,Yahia A. Fadlalla

DOI: https://doi.org/10.1109/ieeegcc.2017.8447997

2017-05-01

Abstract:advanced developments in intrusion detection systems (IDS) and computer network technology encourage hackers to find new ways to leak confidential information without being detected. When the interpretation of a security model adopted by a system is violated by a communication between two users, or processes operating on their behalf, it is said that the two users are communicating indirectly or covertly. A network covert channel refers to any communication channel that can be exploited by a process to transfer information in a manner that violates a system&#x27;s security policy. Loopholes in network protocols attract covert channel exploitation. This paper sheds light on network covert channel countermeasures and the most recent detection and prevention methods of such channels. The achievements and limitations of these countermeasures are discussed. The paper further introduces the concept of network covert channel triangle (DSM - Development, Switching, and Micro-protocol); three elements that have the most direct positive impact in a network covert channel environment. In addition, the paper reflects on the challenges such covert channels impose.

Yogesh Heda,Rinku Shah

DOI: https://doi.org/10.1109/conecct.2015.7383926

2015-07-01

Abstract:Secret communication via network has always been an area of interest for attackers. Secrete communication provide a way to discovers and leak information such that system security policies are violated. Covert channel concept for passing data secretly over a communication network existed from many years. Covert channel designer are continuously improving design techniques which create difficult to detect such channels. These channels are different from encryption and steganography. Use of covert attack may be a serious security threat as they can be used for malicious activities. Covert channels exist in most of communication system and allow individual to communicate secretly. It has not only attracted the trusted parties to communicate with each other secretly but has also attracted the hackers/attackers. Existing literature suggests that it is difficult to detect and prevent covert channel communication using traditional accuracy systems. This paper presents detailed survey of existing covert channel design, detection and prevention techniques. The author also presents the classification and comparison of the covert channel design and detection techniques.

Lin Bai,Jinpeng Xu,Lin Zhou

DOI: https://doi.org/10.1109/tcomm.2023.3237998

IF: 6.166

2023-03-18

IEEE Transactions on Communications

Abstract:Covert communication, also known as communication with low probability of detection, aims to provide reliable communication for legal users and prevent any other user from detecting the occurrence of legal communication. Motivated by the strong need of security links of the next generation communication systems, we study covert communication with millimeter-wave (mmWave) massive multiple-input multiple-output (MIMO) hybrid beamforming. Consistent with existing studies on covert communication, we use the Kullback-Leibler (KL) divergence and the total variation (TV) distance as the covertness measure. Under both covertness measures, for block fading channels, we derive the covert transmission rate with and without artificial noise. These results are obtained by optimizing the transmit power and the jamming power to satisfy the covertness constraints and to maximize the transmission rate. Specifically, when artificial noise is allowed, we show that there exists an optimal jamming power to achieve the covert transmission rate given the transmit signal power. Furthermore, we propose a metric to measure the inherent sparsity of the mmWave massive MIMO channel in the spatial domain, and study its effect on the covertness measures and the corresponding covert transmission rates. Our results provide insights and benchmarks for the design of practical covert communication systems with mmWave massive MIMO.

telecommunications,engineering, electrical & electronic

Jun-Won Ho

DOI: https://doi.org/10.1109/access.2019.2945974

IF: 3.9

2019-01-01

IEEE Access

Abstract:Owing to their hidden natures, covert channels can be utilized such that trojan applications can communicate stealthily with each other or exchange stolen private information without being revealed. To prevent damage incurred by covert channels, researchers have preemptively scrutinized diverse covert channels that can be devised by an attacker. Although covert channels based on sensor data may interest an attacker because sensing operation is a key task in Internet of Things (IoT), we do not find any covert channel studies that adapted the Sequential Probability Ratio Test (SPRT) to sensor data except our prior study [27], where the SPRT is applied to sensor data in Android systems before an attacker's conception; however, our previous study showed limitations owing to the static nature of the SPRT parameter settings and the method of mapping sensor data to sample types for covert channel creation. To demonstrate that these limitations can be pacified, we propose a covert channel that dynamically applies the SPRT to sensor data in IoT. In our proposed covert channel, stealthy information bit 1 (resp. 0) is encoded to and decoded from a sequence of sensor data when the SPRT with dynamic parameter settings accepts an alternate (resp. null) hypothesis. We implement our proposed covert channel in Raspberry Pi 3 Model B devices and evaluate it in terms of various metrics. Evaluation results indicate that every encoded stealthy information byte is successfully decoded in our covert channel. Furthermore, 3.513 samples and 28.105 SPRT executions at the most are required for encoding/decoding a stealthy information byte in our devised covert channel on an average, thus resulting in fast encoding/decoding in our covert channel. Finally, our developed covert channel yields a throughput ranging from 4097.5 to 9061.67 bits/sec.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jing Tian,Gang Xiong,Zhen Li,Gaopeng Gou

DOI: https://doi.org/10.1155/2020/8892896

IF: 1.968

2020-08-05

Security and Communication Networks

Abstract:In order to protect user privacy or guarantee free access to the Internet, the network covert channel has become a hot research topic. It refers to an information channel in which the messages are covertly transmitted under the network environment. In recent years, many new construction schemes of network covert channels are proposed. But at the same time, network covert channel has also received the attention of censors, leading to many attacks. The network covert channel refers to an information channel in which the messages are covertly transmitted under the network environment. Many users exploit the network covert channel to protect privacy or guarantee free access to the Internet. Previous construction schemes of the network covert channel are based on information steganography, which can be divided into CTCs and CSCs. In recent years, there are some covert channels constructed by changing the transmission network architecture. On the other side, some research work promises that the characteristics of emerging network may better fit the construction of the network covert channel. In addition, the covert channel can also be constructed by changing the transmission network architecture. The proxy and anonymity communication technology implement this construction scheme. In this paper, we divide the key technologies for constructing network covert channels into two aspects: communication content level (based on information steganography) and transmission network level (based on proxy and anonymity communication technology). We give an comprehensively summary about covert channels at each level. We also introduce work for the three new types of network covert channels (covert channels based on streaming media, covert channels based on blockchain, and covert channels based on IPv6). In addition, we present the attacks against the network covert channel, including elimination, limitation, and detection. Finally, the challenge and future research trend in this field are discussed.

computer science, information systems,telecommunications

Jinyan Jiang,Jiliang Wang,Yihao Liu,Yijie Chen,Yunhao Liu

DOI: https://doi.org/10.1109/ipsn61024.2024.00013

2024-01-01

Abstract:The rapid development of WiFi localization poses a serious privacy threat, as eavesdroppers can locate WiFi devices without their consent. In this paper, we present WiCloak, the first system that protects WiFi device location privacy while supporting normal WiFi communication simultaneously. The high-level idea of WiCloak is to inject a fake channel into WiFi CSI at the transmitter, which renders the CIR and time information obtained by eavesdroppers meaningless. We mathematically prove that the injected fake channel is effective in any wireless environment and can strictly protect the location privacy of WiFi devices. To simultaneously support communication for commercial WiFi receivers, we propose a method to cancel out the fake channel impacts in decoding and prove that the method should not impact communication performance. WiCloak can work on commercial WiFi devices without any hardware modification. We evaluate the communication performance of WiCloak on commercial WiFi receivers (e.g., MacBook and Mac Studio) and demonstrate that it achieves the same packet reception rate as normal WiFi. We show that WiCloak increases the localization error by 22× to normal WiFi.

Jinsong Hu,Shihao Yan,Xiaobo Zhou,Feng Shu,Jiangzhou Wang

DOI: https://doi.org/10.1109/jiot.2020.2994441

IF: 10.6

2020-11-01

IEEE Internet of Things Journal

Abstract:Covert communications can hide the very existence of wireless transmissions and thus are able to address privacy issues in numerous applications of the emerging Internet of Things (IoT). In this article, we adopt channel inversion power control (CIPC) to achieve covert communications in Rayleigh fading wireless networks, where a transmitter can possibly hide itself from a warden while transmitting information to a receiver. The CIPC can guarantee a constant signal power at the receiver, which removes the requirement that the receiver has to know the channel state information in order to coherently decode the transmitter's signal. Specifically, we examine the performance of the achieved covert communications in terms of the effective covert rate (ECR), which quantifies the amount of information that the transmitter can reliably convey to the receiver subject to the warden's total error probability being no less than some specific value. The noise uncertainty at the warden serves as the enabler of covert communications. For fairness, we also consider noise uncertainty at the legitimate receiver. Our examination shows that increasing the noise uncertainty at the warden and the receiver simultaneously may not continuously improve the ECR achieved in the considered system model.

Zeke Wu,Kefeng Guo,Rui Liu,Shibin Zhu

DOI: https://doi.org/10.32604/cmes.2022.023093

2023-01-01

Computer Modeling in Engineering & Sciences

Abstract:In recent years, Internet of Things (IoT) technology has emerged and gradually sprung up. As the needs of large-scale IoT applications cannot be satisfied by the fifth generation (5G) network, wireless communication network needs to be developed into the sixth generation (6G) network. However, with the increasingly prominent security problems of wireless communication networks such as 6G, covert communication has been recognized as one of the most promising solutions. Covert communication can realize the transmission of hidden information between both sides of communication to a certain extent, which makes the transmission content and transmission behavior challenging to be detected by noncooperative eavesdroppers. In addition, the integrated high altitude platform station (HAPS) terrestrial network is considered a promising development direction because of its flexibility and scalability. Based on the above facts, this article investigates the covert communication in an integrated HAPS terrestrial network, where a constant power auxiliary node is utilized to send artificial noise (AN) to realize the covert communication. Specifically, the covert constraint relationship between the transmitting and auxiliary nodes is derived. Moreover, the closed-form expressions of outage probability (OP) and effective covert communication rate are obtained. Finally, numerical results are provided to verify our analysis and reveal the impacts of critical parameters on the system performance.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Huihui Wu,Yuanyu Zhang,Yulong Shen,Xiaohong Jiang,Tarik Taleb

DOI: https://doi.org/10.1109/jiot.2023.3296368

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:This article explores a new secure wireless communication scenario for the data collection in the Internet of Things (IoT) where the physical layer security technology is applied to counteract both the detection and eavesdropping attacks, such that the critical covertness and secrecy properties of the communication are jointly guaranteed. We first provide theoretical modeling for covertness outage probability (COP), secrecy outage probability (SOP), and transmission probability (TP) to depict the covertness, secrecy, and transmission performances of the wireless communication system. To understand the fundamental security performance under the wireless communication system, we then define a new metric—covert secrecy rate (CSR), which characterizes the maximum transmission rate subject to the constraints of COP, SOP, and TP. We further conduct a detailed theoretical analysis to identify the CSR under various scenarios determined by the detector-eavesdropper relationships and the secure transmission schemes adopted by transmitters. Finally, numerical results are provided to illustrate the achievable performances under the secure wireless communication system.