关键词: 隐蔽信道, HTTP/2协议, 数据帧序列, 组合数学编码方法, 修正条件熵

Abstract: Covert communication technology offers effective privacy-preserving and secure data transmission services with covertness in behavior and content. Existing covert storage channels have always been questioned about their covertness. On the other hand, covert timing channels mainly use middle and lower layer network protocols as overt channels, which usually requires complex encoding methods to reduce bit error rates. It is hard to satisfy the transmission rate requirements through current covert timing channels as well. In this paper, we present H2CSC, a new covert sequence channel approach over the next-generation application layer HTTP/2 protocol. H2CSC controls and manipulates the responses of HTTP/2 Web server to its requests, forming a kind of covert sequence from the stream IDs of those response frames. Then, H2CSC exploits combinatorial coding methods to embed covert bits into these frame sequences. It takes advantage of HTTP/2 protocol to provide channel reliability and security. We implement H2CSC method in the widely used Apache Web server as a function module, and examine the channel’s effectiveness and robustness in the real system. We further evaluate the covertness of this channel by using a detection method based on logistic regression of corrected conditional entropy. The experimental results show that H2CSC could provide 574bps of covert transmission rates with excellent robustness and covertness.

Key words: covert channel, HTTP/2 protocol, data frame sequence, combinatorial coding methods, corrected conditional entropy