Covert channels have the unique quality of masking evidence that a communication has ever occurred between two parties. For spies and terrorist cells, this quality can be the difference between life and death. However, even the detection of communications in a botnet could be troublesome for its creators. To evade detection and prevent insights into the size and members of a botnet, covert channels can be used. A botnet should rely on covert channels built on ubiquitous protocols to blend in with legitimate traffic. In this paper, we propose a covert channel built on the BitTorrent peer-to-peer protocol. In a simple application, this covert channel can be used to discretely and covertly send messages between two parties. However, this covert channel can also be used to stealthily distribute commands or the location of a command and control server for use in a botnet.
Date of creation, presentation, or exhibit
Department, Program, or Center
Information Sciences and Technologies (GCCIS)
Desimone J., Johnson D., Yuan B., and Lutz P. Covert Channel in the BitTorrent Tracker Protocol. In SAM'12 - The 2012 International Conference on Security and Management (Las Vegas, NV, USA, July 2012).
RIT – Main Campus
Presented at the 2012 International Conference on Security and Management, Las Vegas, NV, July 16-19.