A Covert Channel (CC) exploits legitimate communication mechanisms to stealthily transmit information, often bypassing traditional security controls. Among these, a novel paradigm called History Covert Channels (HCC) leverages past network events as reference points to embed covert messages. Unlike traditional timing- or storage-based CCs, which directly manipulate traffic patterns or packet contents, HCCs minimize detectability by encoding information through small pointers to historical data. This approach enables them to amplify the size of transmitted covert data by referring to more bits than are actually embedded. Recent research has explored the feasibility of such methods, demonstrating their potential to evade detection by repurposing naturally occurring network behaviors as a covert transmission medium. This paper introduces a novel method for establishing and maintaining covert communication links using relative pointers to network timing patterns, which minimizes the reliance of the HCC on centralized timekeeping and reduces the likelihood of being detected by standard network monitoring tools. We also explore the tailoring of HCCs to optimize their robustness and undetectability characteristics. Our experiments reveal a better bitrate compared to previous work.

翻译：隐蔽信道（CC）利用合法通信机制秘密传输信息，常能规避传统安全控制。其中，一种称为历史隐蔽信道（HCC）的新范式利用过往网络事件作为参考点来嵌入隐蔽消息。与直接操纵流量模式或数据包内容的传统基于时序或存储的隐蔽信道不同，HCC通过指向历史数据的小型指针对信息进行编码，从而最大限度地降低可检测性。这种方法使其能够通过引用比实际嵌入更多的比特来放大传输的隐蔽数据规模。近期研究已探索此类方法的可行性，证明其通过重新利用自然发生的网络行为作为隐蔽传输媒介来规避检测的潜力。本文提出一种利用网络时序模式的相对指针来建立和维护隐蔽通信链路的新方法，该方法最小化HCC对集中式计时机制的依赖，并降低被标准网络监控工具检测的可能性。我们还探讨了如何定制HCC以优化其鲁棒性和不可检测性特征。实验结果表明，与先前工作相比，本方法实现了更高的比特率。