{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T09:17:51Z","timestamp":1770110271131,"version":"3.49.0"},"publisher-location":"Cham","reference-count":36,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031790065","type":"print"},{"value":"9783031790072","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-79007-2_20","type":"book-chapter","created":{"date-parts":[[2025,1,28]],"date-time":"2025-01-28T20:01:52Z","timestamp":1738094512000},"page":"385-404","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["CCKex: High Bandwidth Covert Channels over\u00a0Encrypted Network Traffic"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2369-2196","authenticated-orcid":false,"given":"Christian","family":"Lindenmeier","sequence":"first","affiliation":[]},{"given":"Sven","family":"Gebhard","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3970-5580","authenticated-orcid":false,"given":"Jonas","family":"R\u00f6ckl","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8279-8401","authenticated-orcid":false,"given":"Felix","family":"Freiling","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,1,29]]},"reference":[{"key":"20_CR1","doi-asserted-by":"publisher","DOI":"10.1016\/J.FSIDI.2024.301766","volume":"49","author":"D Baier","year":"2024","unstructured":"Baier, D., Basse, A., Hilgert, J., Lambertz, M.: TLS key material identification and extraction in memory: current state and future challenges. Forensic Sci. Int. Digit. Investig. 49, 301766 (2024). https:\/\/doi.org\/10.1016\/J.FSIDI.2024.301766","journal-title":"Forensic Sci. Int. Digit. Investig."},{"issue":"4","key":"20_CR2","doi-asserted-by":"publisher","first-page":"1921","DOI":"10.1109\/TII.2016.2627503","volume":"13","author":"L Caviglione","year":"2017","unstructured":"Caviglione, L., Podolski, M., Mazurczyk, W., Ianigro, M.: Covert channels in personal cloud storage services: the case of dropbox. IEEE Trans. Ind. Inf. 13(4), 1921\u20131931 (2017). https:\/\/doi.org\/10.1109\/TII.2016.2627503","journal-title":"IEEE Trans. Ind. Inf."},{"key":"20_CR3","unstructured":"Chow, J., Pfaff, B., Garfinkel, T., Rosenblum, M.: Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation. In: McDaniel, P.D. (ed.) Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, 31 July\u20135 August 2005. USENIX Association (2005). https:\/\/www.usenix.org\/conference\/14th-usenix-security-symposium\/shredding-your-garbage-reducing-data-lifetime-through"},{"key":"20_CR4","doi-asserted-by":"publisher","unstructured":"Dolan-Gavitt, B., Leek, T., Hodosh, J., Lee, W.: Tappan Zee (North) bridge: mining memory accesses for introspection. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS\u201913, Berlin, Germany, 4\u20138 November 2013, pp. 839\u2013850. ACM (2013). https:\/\/doi.org\/10.1145\/2508859.2516697","DOI":"10.1145\/2508859.2516697"},{"key":"20_CR5","doi-asserted-by":"publisher","first-page":"31816","DOI":"10.1109\/ACCESS.2021.3060285","volume":"9","author":"Z Guo","year":"2021","unstructured":"Guo, Z., Shi, L., Xu, M., Yin, H.: MRCC: a practical covert channel over monero with provable security. IEEE Access 9, 31816\u201331825 (2021). https:\/\/doi.org\/10.1109\/ACCESS.2021.3060285","journal-title":"IEEE Access"},{"key":"20_CR6","doi-asserted-by":"publisher","unstructured":"Heinz, C., Zuppelli, M., Caviglione, L.: Covert channels in transport layer security: performance and security assessment. J. Wirel. Mob. Networks Ubiq. Comput. Dependable Appl. 12(4), 22\u201336 (2021). https:\/\/doi.org\/10.22667\/JOWUA.2021.12.31.022","DOI":"10.22667\/JOWUA.2021.12.31.022"},{"key":"20_CR7","doi-asserted-by":"crossref","unstructured":"Jankowski, B., Mazurczyk, W., Szczypiorski, K.: Information hiding using improper frame padding. In: 2010 14th International Telecommunications Network Strategy and Planning Symposium (NETWORKS), pp.\u00a01\u20136. IEEE (2010)","DOI":"10.1109\/NETWKS.2010.5624901"},{"key":"20_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/978-3-030-20074-9_3","volume-title":"Information Security Theory and Practice","author":"A Janovsky","year":"2019","unstructured":"Janovsky, A., Krhovjak, J., Matyas, V.: Bringing kleptography to real-world TLS. In: Blazy, O., Yeun, C.Y. (eds.) WISTP 2018. LNCS, vol. 11469, pp. 15\u201327. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-20074-9_3"},{"key":"20_CR9","doi-asserted-by":"publisher","unstructured":"Lampson, B.W.: A note on the confinement problem. Commun. ACM 16(10), 613\u2013615 (1973). https:\/\/doi.org\/10.1145\/362375.362389","DOI":"10.1145\/362375.362389"},{"key":"20_CR10","doi-asserted-by":"publisher","unstructured":"Lindenmeier, C., Hammer, A., Gruber, J., R\u00f6ckl, J., Freiling, F.C.: Key extraction-based lawful access to encrypted data: taxonomy and survey. Forensic Sci. Int. Digit. Investig. 50, 301796 (2024). https:\/\/doi.org\/10.1016\/J.FSIDI.2024.301796","DOI":"10.1016\/J.FSIDI.2024.301796"},{"key":"20_CR11","doi-asserted-by":"publisher","unstructured":"Mazurczyk, W., Szary, P., Wendzel, S., Caviglione, L.: Towards reversible storage network covert channels. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019, Canterbury, UK, 26\u201329 August 2019, pp. 69:1\u201369:8. ACM (2019).https:\/\/doi.org\/10.1145\/3339252.3341493","DOI":"10.1145\/3339252.3341493"},{"key":"20_CR12","unstructured":"Merrill, J., Johnson, D.: Covert channels in SSL session negotiation headers. In: Proceedings of the International Conference on Security and Management (SAM), p.\u00a070. The Steering Committee of The World Congress in Computer Science (2015)"},{"key":"20_CR13","doi-asserted-by":"publisher","unstructured":"Moriconi, F., Levillain, O., Francillon, A., Troncy, R.: X-Ray-TLS: transparent decryption of TLS sessions by extracting session keys from memory. In: Zhou, J., Quek, T.Q.S., Gao, D., C\u00e1rdenas, A.A. (eds.) Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2024, Singapore, 1\u20135 July 2024. ACM (2024). https:\/\/doi.org\/10.1145\/3634737.3637654","DOI":"10.1145\/3634737.3637654"},{"key":"20_CR14","unstructured":"M\u00fcller, T., Freiling, F.C., Dewald, A.: TRESOR runs encryption securely outside RAM. In: 20th USENIX Security Symposium, San Francisco, CA, USA, 8\u201312 August 2011, Proceedings. USENIX Association (2011). http:\/\/static.usenix.org\/events\/sec11\/tech\/full_papers\/Muller.pdf"},{"key":"20_CR15","doi-asserted-by":"publisher","unstructured":"Ongun, T., et al.: Living-off-the-land command detection using active learning. In: Bilge, L., Dumitras, T. (eds.) RAID \u201921: 24th International Symposium on Research in Attacks, Intrusions and Defenses, San Sebastian, Spain, 6\u20138 October 2021, pp. 442\u2013455. ACM (2021). https:\/\/doi.org\/10.1145\/3471621.3471858","DOI":"10.1145\/3471621.3471858"},{"key":"20_CR16","doi-asserted-by":"publisher","unstructured":"Patsakis, C., Casino, F., Katos, V.: Encrypted and covert DNS queries for botnets: challenges and countermeasures. Comput. Secur. 88 (2020). https:\/\/doi.org\/10.1016\/J.COSE.2019.101614","DOI":"10.1016\/J.COSE.2019.101614"},{"key":"20_CR17","unstructured":"Perrin, T., Marlinspike, M.: The Double Ratchet Algorithm. Technical Report. Revision 1, 2016-11-20, Signal Foundation (2016)"},{"key":"20_CR18","unstructured":"Perrin, T., Marlinspike, M.: The Double Ratchet Algorithm. GitHub wiki (2016)"},{"key":"20_CR19","doi-asserted-by":"publisher","unstructured":"R\u00f6ckl, J., Wagenh\u00e4user, A., M\u00fcller, T.: Veto: prohibit outdated edge system software from booting. In: Mori, P., Lenzini, G., Furnell, S. (eds.) Proceedings of the 9th International Conference on Information Systems Security and Privacy, ICISSP 2023, Lisbon, Portugal, 22\u201324 February 2023, pp. 46\u201357. SciTePress (2023).https:\/\/doi.org\/10.5220\/0011627700003405, https:\/\/doi.org\/10.5220\/0011627700003405","DOI":"10.5220\/0011627700003405"},{"key":"20_CR20","doi-asserted-by":"crossref","unstructured":"Rudie, J., Katz, Z., Kuhbander, S., Bhunia, S.: Technical analysis of the NSO group\u2019s pegasus spyware. In: 2021 International Conference on Computational Science and Computational Intelligence (CSCI) (2021)","DOI":"10.1109\/CSCI54926.2021.00188"},{"key":"20_CR21","doi-asserted-by":"publisher","unstructured":"Schmidbauer, T., Keller, J., Wendzel, S.: Challenging channels: encrypted covert channels within challenge-response authentication. In: ARES 2022: The 17th International Conference on Availability, Reliability and Security, Vienna, Austria, 23\u201326 August 2022, pp. 50:1\u201350:10. ACM (2022). https:\/\/doi.org\/10.1145\/3538969.3544455","DOI":"10.1145\/3538969.3544455"},{"key":"20_CR22","doi-asserted-by":"publisher","unstructured":"Schmidbauer, T., Wendzel, S.: Hunting Shadows: Towards Packet Runtime-based Detection Of Computational Intensive Reversible Covert Channels. In: Reinhardt, D., M\u00fcller, T. (eds.) ARES 2021: The 16th International Conference on Availability, Reliability and Security, Vienna, Austria, 17\u201320 August 2021, pp. 71:1\u201371:10. ACM (2021). https:\/\/doi.org\/10.1145\/3465481.3470085, https:\/\/doi.org\/10.1145\/3465481.3470085","DOI":"10.1145\/3465481.3470085"},{"key":"20_CR23","doi-asserted-by":"publisher","unstructured":"Schmidbauer, T., Wendzel, S.: SoK: a survey of indirect network-level covert channels. In: Suga, Y., Sakurai, K., Ding, X., Sako, K. (eds.) ASIA CCS \u201922: ACM Asia Conference on Computer and Communications Security, Nagasaki, Japan, 30 May\u20133 June 2022, pp. 546\u2013560. ACM (2022). https:\/\/doi.org\/10.1145\/3488932.3517418","DOI":"10.1145\/3488932.3517418"},{"key":"20_CR24","doi-asserted-by":"publisher","unstructured":"Schneider, M., Spiekermann, D., Keller, J.: Network covert channels in routing protocols. In: Proceedings of the 18th International Conference on Availability, Reliability and Security, ARES 2023, Benevento, Italy, 29 August\u20131 September 2023, pp. 42:1\u201342:8. ACM (2023). https:\/\/doi.org\/10.1145\/3600160.3605021","DOI":"10.1145\/3600160.3605021"},{"key":"20_CR25","doi-asserted-by":"publisher","unstructured":"Schulze, M., Lindenmeier, C., R\u00f6ckl, J., Freiling, F.: IlluminaTEE: effective man-at-the-end attacks from within ARM TrustZone. In: Checkmate@CCS 2024, Proceedings of the Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks, Salt Lake City, UT, USA, 14\u201318 October 2024. ACM (2024). https:\/\/doi.org\/10.1145\/3689934.3690838","DOI":"10.1145\/3689934.3690838"},{"key":"20_CR26","doi-asserted-by":"publisher","unstructured":"Simmons, P.: Security through amnesia: a software-based solution to the cold boot attack on disk encryption. In: Zakon, R.H., McDermott, J.P., Locasto, M.E. (eds.) Twenty-Seventh Annual Computer Security Applications Conference, ACSAC 2011, Orlando, FL, USA, 5\u20139 December 2011, pp. 73\u201382. ACM (2011).https:\/\/doi.org\/10.1145\/2076732.2076743","DOI":"10.1145\/2076732.2076743"},{"key":"20_CR27","doi-asserted-by":"publisher","unstructured":"Szary, P., Mazurczyk, W., Wendzel, S., Caviglione, L.: Analysis of reversible network covert channels. IEEE Access 10, 41226\u201341238 (2022). https:\/\/doi.org\/10.1109\/ACCESS.2022.3168018","DOI":"10.1109\/ACCESS.2022.3168018"},{"key":"20_CR28","doi-asserted-by":"publisher","unstructured":"Taubmann, B., Alabduljaleel, O., Reiser, H.P.: DroidKex: fast extraction of ephemeral TLS keys from the memory of android apps. Digit. Investig. 26 Supplement, S67\u2013S76 (2018). https:\/\/doi.org\/10.1016\/j.diin.2018.04.013","DOI":"10.1016\/j.diin.2018.04.013"},{"key":"20_CR29","doi-asserted-by":"publisher","unstructured":"Taubmann, B., Fr\u00e4drich, C., Dusold, D., Reiser, H.P.: TLSkex: harnessing nirtual machine introspection for decrypting TLS communication. Digit. Investig. 16 Supplement, S114\u2013S123 (2016). https:\/\/doi.org\/10.1016\/j.diin.2016.01.014","DOI":"10.1016\/j.diin.2016.01.014"},{"key":"20_CR30","doi-asserted-by":"publisher","unstructured":"Wendzel, S., et al.: A revised taxonomy of steganography embedding patterns. In: Reinhardt, D., M\u00fcller, T. (eds.) ARES 2021: The 16th International Conference on Availability, Reliability and Security, Vienna, Austria, 17\u201320 August 2021, pp. 67:1\u201367:12. ACM (2021). https:\/\/doi.org\/10.1145\/3465481.3470069","DOI":"10.1145\/3465481.3470069"},{"key":"20_CR31","doi-asserted-by":"crossref","unstructured":"Wendzel, S., Schmidbauer, T., Zillien, S., Keller, J.: DYST (did you see that?): an amplified covert channel that points to previously seen data. IEEE Trans. Depend. Secure Comput. (2024)","DOI":"10.1109\/TDSC.2024.3410679"},{"key":"20_CR32","doi-asserted-by":"publisher","unstructured":"Wendzel, S., Zander, S., Fechner, B., Herdin, C.: Pattern-based survey and categorization of network covert channel techniques. ACM Comput. Surv. 47(3), 50:1\u201350:26 (2015). https:\/\/doi.org\/10.1145\/2684195","DOI":"10.1145\/2684195"},{"key":"20_CR33","unstructured":"Wu, M., et al.: How the great firewall of China detects and blocks fully encrypted traffic. In: Calandrino, J.A., Troncoso, C. (eds.) 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, 9\u201311 August 2023, pp. 2653\u20132670. USENIX Association (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/wu-mingshi"},{"key":"20_CR34","doi-asserted-by":"publisher","unstructured":"W\u00fcller, S., K\u00fchnel, M., Meyer, U.: Information hiding in the RSA modulus. In: P\u00e9rez-Gonz\u00e1lez, F., Bas, P., Ignatenko, T., Cayre, F. (eds.) Proceedings of the 4th ACM Workshop on Information Hiding and Multimedia Security, IH &MMSec 2016, Vigo, Galicia, Spain, 20\u201322 June 2016, pp. 159\u2013167. ACM (2016). https:\/\/doi.org\/10.1145\/2909827.2930804","DOI":"10.1145\/2909827.2930804"},{"key":"20_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1007\/978-3-540-30574-3_2","volume-title":"Topics in Cryptology \u2013 CT-RSA 2005","author":"A Young","year":"2005","unstructured":"Young, A., Yung, M.: Malicious cryptography: kleptographic aspects. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 7\u201318. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-30574-3_2"},{"key":"20_CR36","doi-asserted-by":"publisher","unstructured":"Zillien, S., Schmidbauer, T., Kubek, M., Keller, J., Wendzel, S.: Look what\u2019s there! utilizing the internet\u2019s existing data for censorship circumvention with OPPRESSION. In: Zhou, J., Quek, T.Q.S., Gao, D., C\u00e1rdenas, A.A. (eds.) Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2024, Singapore, 1\u20135 July 2024. ACM (2024). https:\/\/doi.org\/10.1145\/3634737.3637676","DOI":"10.1145\/3634737.3637676"}],"container-title":["Lecture Notes in Computer Science","Secure IT Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-79007-2_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,28]],"date-time":"2025-01-28T20:01:58Z","timestamp":1738094518000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-79007-2_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031790065","9783031790072"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-79007-2_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"29 January 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NordSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nordic Conference on Secure IT Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Karlstad","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sweden","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 November 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 November 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nordsec2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/nordsec2024.kau.se\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}