DYST (Did You See That?): An Amplified Covert Channel That Points To Previously Seen Data

TL;DR

The paper addresses covert channels by introducing history covert channels and the DYST framework, which amplifies secret messages by signaling through unaltered legitimate traffic rather than creating or modifying data themselves. It formalizes the concept with a signaling channel and a data channel, defines the covert amplification factor (CAF), and presents multiple variants (DYST-Basic, DYST-Ext, DYST-Remote-Smarthome, DYST-Remote-RTCP) for local and remote deployments. The authors provide theoretical analyses (including $2^{-h}$ match probabilities, distances $2^{h}$, and bandwidths $bw_{basic}(h)=\frac{h}{2^{h}}$; extended formulations using $P_h(X\ge h-t)$ and $U_{h,t,c}$), implement PoC systems, and evaluate robustness and detectability using KS-tests and compressibility scores in university and home networks, showing that DYST can achieve signaling with minimal detectable footprint. They further explore throughput optimization via multi-pointer signaling, remote feasibility, and discuss broader implications and countermeasures, highlighting practical limits and avenues for future work in secure communications and censorship circumvention.

Abstract

Covert channels are stealthy communication channels that enable manifold adversary and legitimate scenarios, ranging from malware communications to the exchange of confidential information by journalists and censorship circumvention. We introduce a new class of covert channels that we call history covert channels. We further present a new paradigm: covert channel amplification. All covert channels described until now need to craft seemingly legitimate flows or need to modify third-party flows, mimicking unsuspicious behavior. In contrast, history covert channels can communicate by pointing to unaltered legitimate traffic created by regular network nodes. Only a negligible fraction of the covert communication process requires the transfer of covert information by the covert channel's sender. This information can be sent through different protocols/channels. Our approach allows an amplification of the covert channel's message size, i.e., minimizing the fraction of actually transferred secret data by a covert channel's sender in relation to the overall secret data being exchanged. Further, we extend the current taxonomy for covert channels to show how history channels can be categorized. We describe multiple scenarios in which history covert channels can be realized, analyze the characteristics of these channels, and show how their configuration can be optimized.

Figures (17)

• Figure 1: General functioning of a history covert channel that uses broadcasting. The amplification is achieved by sending small pointers that refer to larger data pieces (e.g., packets or their hash values) of the data channel.
• Figure 2: Confined communication in LAN: CS is not capable of placing the secret message content by itself due to restrictions.
• Figure 3: Confined communication from a LAN to a remote site: CS resides inside the local network and CR resides in an uncensored public network.
• Figure 4: The DYST-Basic Sending Process. Hashes representing a secret message can be calculated over whole packets or just parts of packets (e.g., selected header fields). Note that packets with non-matching hash values are not processed further. Signaling packets can take the form of any typical (legitimate) broadcast, such as ARP or DHCP requests.
• Figure 5: Functioning of DYST-Ext. For illustration, we use a message chunk $M$ of $h-c=3$ bit length and a checksum of $c=2$ bit, which simply represents the number of ones in the message chunk as a binary number (step 1). In the hash value $h_i$ with $h=5$ bits, only $t=1$ bit do not match (step 2). CS thus checks all modifications of the hash value until a hit between the reconstructed message and reconstructed checksum occurs (steps 3 to 5, flipped bits marked by dashed circles, order of bit flips: right to left). As the reconstructed message equals message chunk $M$ (step 6), CS will send an ARP request to CR. CR will perform the same computation and reconstructs $M$. For message chunk $M=110$ (same checksum), the same fit would apply but not reconstruct $M$, and no ARP is sent.