Dynamic Routing in Covert Channel Overlays Based on Control Protocols Peter Backs, Steffen Wendzel, J¨ org Keller Department of Mathematics and Computer Science, University of Hagen, Germany Abstract—Covert channels aim to carry information in a way prohibited by the security policy and can be used to bypass censorship (e.g. by journalists). To establish secure covert channel communications, overlay networks with internal control protocols can be built. We present a design method for control protocols within covert channels. Our protocol design provides the advantage of space-efficiency (in comparison to existing control protocols) and the advantage of dynamic extensibility. We apply the protocol design to realize OLSR-based dynamic routing for covert channel overlays. Our algorithm provides different optimization means to maximize the covertness and the connection quality of the channel. The approach is validated by an extensible prototype. I. I NTRODUCTION Covert channels (CCs) are hidden channels which are not intended for information transfer at all [1]. The intention of a CC is to hide the existence of an information flow that possibly violates a system’s security policy [2]. CCs contribute to the free expression of opinions since they are useful to bypass censorship. Basically, network CC are divided into two classes: storage and timing channels [3]: While storage channels alter attributes of network packets (e.g. modifying unused bits), timing channels alter timings or the order of network packets to signal hidden information [4]. CCs have been a focus of research for decades. The topic was introduced in [1]; later it was described in [3] and [5]. In the following years, techniques were developed to deal with the problem of CCs, like the pump [6], covert flow trees [7], the shared resource matrix (SRM) methodology [8] and the extended SRM [9], timing channel elimination through program transformation [10], and machline learning- based timing channel detection [11]. Existing publications (e.g. [12], [13], [14]) describe how to implement CCs in network packet data and its timings. CCs also occur outside of TCP/IP networks, such as in business processes [2]. Research in the area of CC-internal control protocols (so called micro protocols, MPs) is required since such protocols can provide ways to enhance the known CC capabilities by, for instance, introducing dynamic protocol switches and adapting the channel configuration to changes in the underlay network [15]. These capabilities are of importance to provide CC users (e.g. journalists) advanced means to keep a communication undetected. Small MPs for CCs already exist and can be found in popular tunneling tools like pingtunnel [16] as well as in [17], but these MPs have a static header design and are not as space- efficient as our MP, as we show in Sect. II-D. A challenge in the context of covert communication is to keep data transfers as small as possible to decrease detectabil- ity [15]. To achieve such space-efficient communications, we present the design of a compact MP. This MP is based on the concept of status updates. A status update is a small data chunk, sent through a CC. Such a data chunk specifies a change in at least one setting (e.g. changing the destination address) of a CC. This concept helps to build more flexible and more space-efficient covert communications. A status update- based MP is used to control and dynamically adapt the covert communication between a sender and a receiver. It allows establishing of multi-hop CC routes. We are not aware of a previous MP which is both, dynamic (instead of a static header, it includes a dynamically configurable header for each new packet) and space-efficient (packet headers are designed to be as small as possible), as well as able to be used in conjunction with dynamic routing. CC networks, as being overlay networks on the regular networks and as being similar to ad-hoc networks, comprise changing components and a changing infrastructure. While Szczypiorski et al. were the first authors to provide a dynamic steganographic overlay routing based on the random-walk algorithm in [18], we present a more-advanced approach based on the optimized link-state routing algorithm (OLSR). The dy- namic routing algorithm is based on our previously mentioned concept of status updates. The presented routing algorithm is additionally optimized to generate as little overhead as possible to prevent raising attention. Our routing algorithm takes into account the user require- ments according to connection quality and covertness (called Quality of Covertness, QoC) and provides a maximized covert- ness, if these requirements can be met. We also propose to split the CC overlay network in so called agents and drones, i.e. passive and active routing components to optimize the covertness of the network. We have developed an implementation of our status update- based MP to demonstrate its practicability and to validate the presented algorithm for dynamic CC overlay routing. Therefore, an extendible architecture called the Smart Covert Channel Tool was developed and successfully tested. The remainder of this paper is organized as follows. Sec- tion II introduces the basic design principle of our MP. Section III presents the idea of an optimized CC overlay routing including the proof of concept implementation while