{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,16]],"date-time":"2026-06-16T18:56:27Z","timestamp":1781636187072,"version":"3.54.5"},"reference-count":49,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2020,12,14]],"date-time":"2020-12-14T00:00:00Z","timestamp":1607904000000},"content-version":"vor","delay-in-days":348,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000181","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA9550-17-1-0254"],"award-info":[{"award-number":["FA9550-17-1-0254"]}],"id":[{"id":"10.13039\/100000181","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,1,1]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Each day more and more Internet of Things (IoT) devices are being connected to the Internet. In general, their applications are diverse but from the security perspective, it is evident that they are increasingly targeted by cybercriminals and used for nefarious purposes. Network covert channels form a subgroup of the information-hiding research area where secrets are sent over communication networks embedded within the network traffic. Such techniques can be used, among others, by malware developers to enable confidential data exfiltration or stealth communications. Recently, distributed network covert channels have raised the attention of security professionals as they allow the cloaking of secret transmission by spreading the covert bits among many different types of data-hiding techniques. However, although there are many works dealing with IoT security, little effort so far has been devoted in determining how effective the covert channels threat can be in the IoT henvironments. That is why, in this article, we present an extensive analysis on how distributed network covert channels that utilize network traffic from IoT devices can be used to perform efficient secret communication. More importantly, we do not focus on developing novel data-hiding techniques but, instead, considering the nature of IoT traffic, we investigate how to combine existing covert channels so the resulting data transfer is less visible. Moreover, as another contribution of our work, we prepare and share with the community the network traffic dataset that can be used to develop effective countermeasures against such threats.<\/jats:p>","DOI":"10.1093\/cybsec\/tyaa018","type":"journal-article","created":{"date-parts":[[2020,12,14]],"date-time":"2020-12-14T08:24:29Z","timestamp":1607934269000},"source":"Crossref","is-referenced-by-count":9,"title":["Efficient distributed network covert channels for Internet of things environments\u2020"],"prefix":"10.1093","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5955-5890","authenticated-orcid":false,"given":"Krzysztof","family":"Cabaj","sequence":"first","affiliation":[{"name":"Warsaw University of Technology, plac Politechniki 1, 00-661 Warsaw, Poland"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9874-2162","authenticated-orcid":false,"given":"Piotr","family":"\u017b\u00f3rawski","sequence":"additional","affiliation":[{"name":"Warsaw University of Technology, plac Politechniki 1, 00-661 Warsaw, Poland"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8971-0874","authenticated-orcid":false,"given":"Piotr","family":"Nowakowski","sequence":"additional","affiliation":[{"name":"Warsaw University of Technology, plac Politechniki 1, 00-661 Warsaw, Poland"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Maciej","family":"Purski","sequence":"additional","affiliation":[{"name":"Warsaw University of Technology, plac Politechniki 1, 00-661 Warsaw, Poland"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Wojciech","family":"Mazurczyk","sequence":"additional","affiliation":[{"name":"Warsaw University of Technology, plac Politechniki 1, 00-661 Warsaw, Poland"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"286","published-online":{"date-parts":[[2020,12,12]]},"reference":[{"key":"2020121403241017300_tyaa018-B1","first-page":"8","author":"Cabaj","year":"2019"},{"key":"2020121403241017300_tyaa018-B2","doi-asserted-by":"crossref","first-page":"586","DOI":"10.1109\/TETC.2016.2606384","article-title":"A comprehensive study of security of Internet-of-Things","volume":"5","author":"Mosenia","year":"2017","journal-title":"IEEE Transact Emerging Top Comput"},{"key":"2020121403241017300_tyaa018-B3","first-page":"20","article-title":"A survey on internet of things: security and privacy issues","volume":"90","author":"Kumar","year":"2014","journal-title":"Int J Comput Appl"},{"key":"2020121403241017300_tyaa018-B4","doi-asserted-by":"crossref","first-page":"1125","DOI":"10.1109\/JIOT.2017.2683200","article-title":"A survey on Internet of Things: architecture, enabling technologies, security and privacy, & applications","volume":"4","author":"Lin","year":"2017","journal-title":"IEEE Int Things J"},{"key":"2020121403241017300_tyaa018-B5","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1016\/j.jnca.2017.04.002","article-title":"Internet of Things security: a survey","volume":"88","author":"Alaba","year":"2017","journal-title":"J Network Comput Appl"},{"key":"2020121403241017300_tyaa018-B6","first-page":"162","author":"M.Sadeeq","year":"2018"},{"key":"2020121403241017300_tyaa018-B7","volume-title":"Information Hiding in Communication Networks: Fundamentals, Mechanisms, Applications, & Countermeasures","author":"Mazurczyk","year":"2016"},{"key":"2020121403241017300_tyaa018-B8","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1109\/COMST.2007.4317620","article-title":"A survey of covert channels and countermeasures in computer network protocols","volume":"9","author":"Zander","year":"2007","journal-title":"Commun Surveys and Tutorials"},{"key":"2020121403241017300_tyaa018-B9","first-page":"45","article-title":"Covert channels in TCP\/IP protocol stack - extended version","volume":"4","author":"Mileva","year":"2014","journal-title":"Central Eur J Comput Sci"},{"key":"2020121403241017300_tyaa018-B10","first-page":"178","author":"Cabuk","year":"2004"},{"key":"2020121403241017300_tyaa018-B11","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1109\/MITP.2018.032501746","article-title":"The new threats of information hiding: the road ahead","volume":"20","author":"Cabaj","year":"2018","journal-title":"IT Prof"},{"key":"2020121403241017300_tyaa018-B12","doi-asserted-by":"crossref","first-page":"86","DOI":"10.1145\/3158416","article-title":"Information hiding: challenges for forensic experts","volume":"61","author":"Mazurczyk","year":"2017","journal-title":"Commun ACM"},{"key":"2020121403241017300_tyaa018-B13","doi-asserted-by":"crossref","first-page":"1921","DOI":"10.1109\/TII.2016.2627503","article-title":"Covert channels in personal cloud storage services: the case of dropbox","volume":"13","author":"Caviglione","year":"2017","journal-title":"IEEE Transact Ind Inf"},{"key":"2020121403241017300_tyaa018-B14","first-page":"1","author":"Tahir","year":"2016"},{"key":"2020121403241017300_tyaa018-B15","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1007\/978-3-319-47560-8_6","volume-title":"Secure IT Systems","author":"Blumbergs","year":"2016"},{"key":"2020121403241017300_tyaa018-B16","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1007\/978-3-642-01244-0_5","volume-title":"Emerging Challenges for Security, Privacy and Trust","author":"Nussbaum","year":"2009"},{"key":"2020121403241017300_tyaa018-B17","volume-title":"Cross-Router Covert Channels in 13th USENIX Workshop on Offensive Technologies (WOOT 19)","author":"Ovadia","year":"2019"},{"key":"2020121403241017300_tyaa018-B18","doi-asserted-by":"crossref","first-page":"116","DOI":"10.1109\/TDSC.2015.2443779","article-title":"A novel class of robust covert channels using out-of-order packets","volume":"14","author":"El-Atawy","year":"2017","journal-title":"IEEE Transact Dependable Secure Comput"},{"key":"2020121403241017300_tyaa018-B19","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1016\/j.cose.2013.03.004","article-title":"Covert communications through network configuration messages","volume":"39","author":"Rios","year":"2013","journal-title":"Computers & Security"},{"key":"2020121403241017300_tyaa018-B20","doi-asserted-by":"crossref","first-page":"2359","DOI":"10.1002\/sec.1503","article-title":"Design and analysis of the covert channel implemented by behaviors of network users","volume":"9","author":"Qian","year":"2016","journal-title":"Security Commun Networks"},{"key":"2020121403241017300_tyaa018-B21","first-page":"32","author":"Backs","year":"2012"},{"key":"2020121403241017300_tyaa018-B22","doi-asserted-by":"crossref","first-page":"1019","DOI":"10.1007\/978-3-540-88873-4_7","volume-title":"Trustmas: Trusted Communication Platform for Multi-Agent Systems in on the Move to Meaningful Internet Systems: OTM 2008","author":"Szczypiorski","year":"2008"},{"key":"2020121403241017300_tyaa018-B23","first-page":"299","author":"Nagaraja","year":"2011"},{"key":"2020121403241017300_tyaa018-B24","first-page":"10:1","author":"Mazurczyk","year":"2018"},{"key":"2020121403241017300_tyaa018-B25","first-page":"12:1","author":"Cabaj","year":"2018"},{"key":"2020121403241017300_tyaa018-B26","first-page":"1093","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Antonakakis","year":"2017"},{"key":"2020121403241017300_tyaa018-B27","author":"Hron"},{"key":"2020121403241017300_tyaa018-B28","author":"Sikder","year":"2018"},{"key":"2020121403241017300_tyaa018-B29","first-page":"559","author":"Caviglione","year":"2018"},{"key":"2020121403241017300_tyaa018-B30","author":"Patuck","year":"2013"},{"key":"2020121403241017300_tyaa018-B31","first-page":"6753","author":"Wendzel","year":"2012"},{"key":"2020121403241017300_tyaa018-B32","first-page":"30","author":"Mileva","year":"2018"},{"key":"2020121403241017300_tyaa018-B33","first-page":"29","author":"Wendzel","year":"2017"},{"key":"2020121403241017300_tyaa018-B34","doi-asserted-by":"crossref","first-page":"161899","DOI":"10.1109\/ACCESS.2019.2951425","article-title":"Covert channels in the MQTT-Based Internet of Things","volume":"7","author":"Velinov","year":"2019","journal-title":"IEEE Access"},{"key":"2020121403241017300_tyaa018-B35","first-page":"100","author":"Ulz","year":"2019"},{"key":"2020121403241017300_tyaa018-B36","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/MWC.2017.1800062","article-title":"Covert timing channels for IoT over mobile networks","volume":"25","author":"Tan","year":"2018","journal-title":"IEEE Wireless Commun"},{"key":"2020121403241017300_tyaa018-B37","first-page":"252","author":"Moskowitz","year":"2018"},{"key":"2020121403241017300_tyaa018-B38","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1145\/3338499.3357358","volume-title":"The Leaky Actuator: A Provably-Covert Channel in Cyber Physical Systems in Proceedings of the ACM Workshop on Cyber-Physical Systems Security & Privacy","author":"Herzberg","year":"2019"},{"key":"2020121403241017300_tyaa018-B39","first-page":"638","author":"Herzberg","year":"2019"},{"key":"2020121403241017300_tyaa018-B40","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2684195","article-title":"Pattern-based survey and categorization of network covert channel techniques","volume":"47","author":"Wendzel","year":"2015","journal-title":"ACM Comput Surveys"},{"key":"2020121403241017300_tyaa018-B41","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1016\/j.cosrev.2014.09.001","article-title":"Current status and key issues in image steganography: a survey","volume":"13\u201314","author":"Subhedar","year":"2014","journal-title":"Comput Sci Rev"},{"key":"2020121403241017300_tyaa018-B42","doi-asserted-by":"crossref","first-page":"159","DOI":"10.1016\/j.comcom.2011.08.009","article-title":"Hiding information in a stream control transmission protocol","volume":"35","author":"Fr\u0105czek","year":"2012","journal-title":"Comput Commun"},{"key":"2020121403241017300_tyaa018-B43","first-page":"283","volume-title":"Cloak: A Ten-Fold Way for Reliable Covert Communications. in Computer Security \u2013 ESORICS 2007","author":"Luo","year":"2007"},{"key":"2020121403241017300_tyaa018-B44","first-page":"280","author":"Wendzel","year":"2012"},{"key":"2020121403241017300_tyaa018-B45","doi-asserted-by":"crossref","first-page":"417","DOI":"10.1007\/s12243-014-0423-x","article-title":"Hidden and under control","volume":"69","author":"Wendzel","year":"2014","journal-title":"Ann Telecommun - Annal T\u00e9l\u00e9commun"},{"key":"2020121403241017300_tyaa018-B46","doi-asserted-by":"crossref","first-page":"2986","DOI":"10.1002\/sec.1471","article-title":"Covert channel-internal control protocols: attacks and defense","volume":"9","author":"Kaur","year":"2016","journal-title":"Sec Commun Networks"},{"key":"2020121403241017300_tyaa018-B47","author":"Zander","year":"2007"},{"key":"2020121403241017300_tyaa018-B48","volume-title":"Information Hiding Techniques for Steganography and Digital Watermarking","author":"Katzenbeisser","year":"2000","edition":"1"},{"key":"2020121403241017300_tyaa018-B49","first-page":"98","article-title":"Steganography of hypertext transfer protocol version 2 (http\/2)","volume-title":"J Computer Commun","author":"Dimitrova","year":"2017"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/6\/1\/tyaa018\/34893203\/tyaa018.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/academic.oup.com\/cybersecurity\/article-pdf\/6\/1\/tyaa018\/34893203\/tyaa018.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,15]],"date-time":"2023-10-15T06:18:00Z","timestamp":1697350680000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyaa018\/6032832"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,1,1]]},"references-count":49,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,1,1]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyaa018","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2020]]},"published":{"date-parts":[[2020,1,1]]},"article-number":"tyaa018"}}