The goal of this covert channel is to prove the feasibility of using encrypted HTTPS traffic to carry a covert channel. The encryption key is not needed because the original HTTPS payload is not decrypted. The covert message will be appended to the HTTPS data field. The receiver will extract the covert channel and restore the original HTTPS traffic for forwarding. Only legitimate HTTPS connections will be used as the overt channel. A Man-in-the-Middle (MITM) attack at the sending and receiving ends will give access to modify the traffic streams. The HTTPS return traffic from the server can carry a covert channel. Without the original HTTPS traffic for comparison or the original encryption keys, this covert channel is undetectable.
Date of creation, presentation, or exhibit
Department, Program, or Center
Information Sciences and Technologies (GCCIS)
M. Johnson, P. Lutz and D. Johnson, "Covert Channel Using Man-in-the-Middle over HTTPS," 2016 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, 2016, pp. 917-922. doi: 10.1109/CSCI.2016.0177
RIT – Main Campus