The goal of this covert channel is to prove the feasibility of using encrypted HTTPS trafﬁc to carry a covert channel. The encryption key is not needed because the original HTTPS payload is not decrypted. The covert message will be appended to the HTTPS data ﬁeld. The receiver will extract the covert channel and restore the original HTTPS trafﬁc for forwarding. Only legitimate HTTPS connections will be used as the overt channel. A Man-in-the-Middle (MITM) attack at the sending and receiving ends will give access to modify the trafﬁc streams. The HTTPS return trafﬁc from the server can carry a covert channel. Without the original HTTPS trafﬁc for comparison or the original encryption keys, this covert channel is undetectable.
Date of creation, presentation, or exhibit
Department, Program, or Center
Department of Computing Security (GCCIS)
M. Johnson, P. Lutz and D. Johnson, "Covert Channel Using Man-in-the-Middle over HTTPS," 2016 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, 2016, pp. 917-922. doi: 10.1109/CSCI.2016.0177
RIT – Main Campus