Covert channels use stealth communications to compromise the security policies of systems. They constitute an important security threat since they can be used to exfiltrate confidential data from networks. TCP/IP protocols are used everyday and are subject to covert channels problems. Covert channels are used for the secret transfer of information. Encryption only protects communication from being decoded by unauthorized parties, whereas covert channels aim to hide the very existence of the communication. Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols. The huge amount of data and vast number of different protocols in the Internet seems ideal as a high-bandwidth vehicle for covert communication. The aim of this paper is to give an overview of covert channels in TCP/IP networks. We briefly describe the TCP and IP protocols, present the different types of covert channels and the methods to set them up in TCP/IP networks; then we study the existing methods to detect and eliminate covert channels.

1. Sebastian Zander and Grenville Armitage, and Philip Branch, SWINBURNE UNIVERSITY OF TECHNOLOGY MELBOURNE, AUSTRALIA "A Survey of Covert channels and countermeasures in computer network protocols", IEEE Communications Surveys & Tutorials 44 • 3rd Quarter 2007
2. Pierre Allix, Covert channels analysis in TCP/IP networks, 2007
3. "Covert Channel Analysis and Data Hiding in TCP/IP" by Kamran Ahsan
4. G. Shah, A. Molina, and M. Blaze, “Keyboards and Covert Channels,” Proc. USENIX Security Symp., Aug. 2006.
5. N. Vachharajani et al., “RIFLE: An Architectural Framework for User-Centric Information-Flow Security,” Proc. 37th IEEE/ACM Int’l. Symp. Microarchitecture, Dec. 2004, pp.243–54.
6. N. Feamster et al., “Infranet: Circumventing Web Censorship and Surveillance,” Proc. 11th USENIX Security Symp., Aug.2002.
7. C. H. Rowland, “Covert Channels in the TCP/IP Protocol Suite,” First Monday, Peer Reviewed Journal on the Internet,July 1997.
8. D. V. Forte et al., “SecSyslog: An Approach to Secure Logging Based on Covert Channels,” Proc. First Int’l. Wksp. Systematic Approaches to Digital Forensic Engineering, Nov. 2005, pp. 248–63.
9. The Honeynet Project, “Know Your Enemy: Sebek — A Kernel Based Data Capture Tool ,” tech. rep. , 2003,
10. S. R. White, “Covert Distributed Processing with Computer Viruses,” Proc. 9th Annual Int’l. Cryptology Conf. Advances in Cryptology, 1989, pp. 616–19.
11. R. deGraaf, J. Aycock, and M. Jacobson Jr., “Improved Port Knocking with Strong Authentication,” Proc. 21st Annual Computer Security Applications Conf., Dec. 2005.
12. W. Mazurczyk and Z. Kotulski, “New Security and Control Protocol for VoIP Based on Steganography and Digital Watermarking,” tech. rep., Institute of Fundamental Technological Research, Pol ish Academy of Sciences, June 2005,
13. W. Mazurczyk and Z. Kotulski, “New VoIP Traffic Security Scheme with Digital Watermarking,” Proc. Int’l. Conf. Computer Safety, Reliability, and Security (SafeComp), Sept. 2006, pp.170–81.
14. E. Jones, O. Le Moigne, and J.-M. Robert, “IP Traceback Solutions Based on Time to Live Covert Channel,” Proc. 12th IEEE Int’l. Conf. Networks (ICON), Nov. 2004, pp. 451–57.
15. H. Qu, Q. Cheng, and E. Yaprak, “Using Covert Channel to Resist DoS Attacks in WLAN,” Proc. Int’l. Conf. Wireless Networks, June 2005, pp. 38–44.
16. S. Katzenbeisser and F. Petitcolas, Information Hiding Techniques for Steganography and Digital Watermarking. Computer Securiy Series, 685 Canton Street, Norwood, MA 02062: Artech House, Inc., 2000.
17. "The Implementation of Passive Covert Channels in the Linux Kernel", Joanna Rutkowska,Chaos Communication Congress December 2004
18. "Embedding Covert Channels into TCP/IP" by S.J. Murdoch, S. Lewis,University of Cambridge, United Kingdom,7th Information Hiding Workshop, June 2005
19. G. Vigna, “A topological characterization of TCP/IP security.” Dipartmento diElettronica e Informazione, Politecnico di Milano, Piazza Leonardo da Vonci, 20133Milano, Italy, December 1996.
20. S. M. Bellovin, “Security problems in the TCP/IP protocol suite,” Computer Communication Review, vol. 19, pp. 32–48, April 1989.
21. T. Handel and M.Sandford., “Hiding data in the OSI network model,” (Cambridge, U.K.), First International Workshop on Information Hiding, May-June 1996.
22. Dr. T.R. Sontakke, Sanjeev Wagh, Prashant Yawalkar, “Eliminating covert channels in TCP/IP using active wardens”
23. Prof. D. M. Dakhane, Ms. S. R. Deshmukh, “Eliminating TCP/IP Steganography using active warden.”
24. “Covert Channels in TCP/IP & protocol steganography”, by Kashif Ali Siddiqui 2003-03-0044.
25. "Passive Covert Channels Implementation in Linux Kernel",by Joanna Rutkowska, Chaos Communication Congress, December 27th-29th 2004, Berlin
26. C. H. Rowland, “Covert channels in the TCP/IP protocol suite,” First Monday, 1996.

Keywords— Covert channels Steganography TCP IP computer security networking detection protection analysis traffic normalisers packet sorting