A subliminal covert channel establishes a nearly undetectable communication session within a pre-established data stream between two separate entities. This document explains how HTTP can be utilized to facilitate a covert channel over both local and wide area networks. The Hypertext Transfer Protocol (HTTP) accounts for a majority of the Internet’s daily web trafﬁc and is permitted within almost all network topologies. Therefore, HTTP is a prime medium for hiding messages and information communicated between separate parties. This paper illustrates a new approach to covertly encoding messages in the an HTTP message through use of the User-Agent and referrer strings in the HTTP Request Header.
Date of creation, presentation, or exhibit
Department, Program, or Center
Department of Computing Security (GCCIS)
S. Heilman, J. Williams, and D. Johnson, "Covert Channel in HTTP User-Agents," 11th Annual Symposium on Information Assurance (ASIA’16), Albany, NY, 2016, pp. 68-73.
RIT – Main Campus