Abstract
Network covert channels are a part of the information hiding research area that deals with the secret transfer of information over communication networks. Covert channels can be utilized, for instance, for data leakage and stealthy malware communications. While data hiding in communication networks has been studied within the last years for several major communication protocols, currently no work is available that investigates covert channels for the publish-subscriber model. To fill this gap, we present the first comprehensive study of covert channels in a protocol utilizing the publish-subscriber model, i.e., the Message Queuing Telemetry Transport (MQTT) protocol which is widely deployed in Internet of Things (IoT) environments. In particular, we describe seven direct and six indirect covert channels and we evaluate and categorize them using the network information hiding patterns approach. Finally, in order to prove that MQTT-based covert channels are practically feasible and effective, we implement the chosen data hiding scheme and perform its experimental evaluation.
Highlights
Network information hiding is the discipline that deals with the hidden data transfer over communication networks and its detection
A research performed by Avast in 2018 with the help of the Shodan Internet of Things (IoT) search engine [3] showed that 49,197 Message Queuing Telemetry Transport (MQTT) servers were publicly visible on the Internet due to a misconfigured MQTT protocol, and 32,888 of them had no password protection, meaning that attackers can access them effortlessly and influence messages flowing through them
We introduce seven direct and six indirect covert channels
Summary
Network information hiding is the discipline that deals with the hidden data transfer over communication networks and its detection. A research performed by Avast in 2018 with the help of the Shodan IoT search engine [3] showed that 49,197 MQTT servers were publicly visible on the Internet due to a misconfigured MQTT protocol, and 32,888 of them had no password protection, meaning that attackers can access them effortlessly and influence messages flowing through them. This can lead to privacy and information leakage in several contexts, ranging from identity theft and detailed observation of inhabitants or office spaces to industrial espionage.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
