Network covert channels provide two entities the ability to communicate stealthily. Hypertext Transfer Protocol (HTTP), which accounts for approximately half of all traffic on the Internet (Burke, 2007), has become the fertile ground for various network covert channels. Proliferation of network covert channels throughout the World Wide Web and other areas of cyberspace has raised new security concerns and brought both challenges and enhancements to the area of Information Warfare. Covert channels impact our ability to observe and orient in this domain and need to be better understood. They are however, extremely difficult to study as a whole. Network covert channels tend to be protocol, implementation, and/or application specific. Similar to biology or botany, where we classify plants and animals, the first step of research is to define a classification scheme. In the paper, it is intended to define a set of common characteristics, classify and analyze several known covert channels in HTTP with respect to these characteristics. New HTTP based covert channels are discussed and their characteristics presented as well. Although many applications of covert channels are malicious in nature, this paper argues that there are beneficial applications of network covert channels, such as detecting Man-in-the-Middle attacks.
Date of creation, presentation, or exhibit
Department, Program, or Center
Department of Computing Security (GCCIS)
Johnson, Daryl; Yuan, Bo; Lutz, Peter; and Brown, Erik, "Covert channels in the HTTP network protocol: Channel characterization and detecting man-in-the-middle attacks" (2010). Accessed from
RIT – Main Campus