Select Page

What are Covert Channels?

What are Covert Channels?

A covert storage channel occurs when illegitimate hidden information or data is sent secretly via a legitimate communication channel. The process occurs through the manipulation of communications medium in an unconventional way in order to transmit data that is unseen in everyday operations. Thyer (2008). An example of a covert storage channel involves the hiding of data in ICMP error echoing functionality. OWASP (n.d.). Due to the specification, data can be sent to cause a host to leek information or provide verbose error messages potentially revealing sensitive operating system information. This type of covert channel could lead to gaining knowledge of vulnerabilities and possible future attacks. It can be mitigated by clearing out all reserved fields prior to transmission to ensure no sensitive data is leaked.

Timing channels on the other hand gain information through a repeated behavior over a period of time. This type of information can yield important information on system conduct with regards to processing, authentication and other areas that could reveal vulnerabilities. An example of a covert timing channel could involve testing to see how long a system responds to illegal credentials for authentication. This would need to be mitigated by securing authentication systems to either restrict repeated traffic from a given source or update password policies to vary time based on incorrect login attempts.


  • Cabuk, S., Brodley, C. E., & Shields, C. (2004, October). IP covert timing channels: design and detection. In Proceedings of the 11th ACM conference on Computer and communications security (pp. 178-187). ACM.
  • OWASP (n.d.). Covert storage channel. Retrieved from
  • Thyer, J. (2008). Covert Data Storage Channel Using IP Packet Headers. Retrieved from:

Related Articles

Series Navigation<< Modern Application Frameworks, Legacy Browsers and Security ImplicationsMobile Considerations in Network Security Architecture >>

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Tweets