CYPRESS: Transferring Secrets in the Shadow of Visible Packets
- URL: http://arxiv.org/abs/2511.06540v1
- Date: Sun, 09 Nov 2025 21:02:09 GMT
- Title: CYPRESS: Transferring Secrets in the Shadow of Visible Packets
- Authors: Sirus Shahini, Robert Ricci,
- Abstract summary: We show that covert channels in networking have a much greater potential for practical secret communication than what has been discussed before.<n>We present a covert channel framework, CYPRESS, that creates a reliable hidden communication channel by mounting packets from secret network entities on regular packets that flow through the network.<n>We can reach up to 1.6MB/s of secret bandwidth in a network of ten users connected to the Internet.
- Score: 2.626352787008701
- License: http://creativecommons.org/licenses/by-sa/4.0/
- Abstract: Network steganography and covert communication channels have been studied extensively in the past. However, prior works offer minimal practical use for their proposed techniques and are limited to specific use cases and network protocols. In this paper, we show that covert channels in networking have a much greater potential for practical secret communication than what has been discussed before. We present a covert channel framework, CYPRESS, that creates a reliable hidden communication channel by mounting packets from secret network entities on regular packets that flow through the network, effectively transmitting a separate network traffic without generating new packets for it. CYPRESS establishes a consolidated decentralized framework in which different covert channels for various protocols are defined with their custom handler code that are plugged into the system and updated on-demand to evade detection. CYPRESS then chooses at run-time how and in what order the covert channels should be used for fragmentation and hidden transmission of data. We can reach up to 1.6MB/s of secret bandwidth in a network of ten users connected to the Internet. We demonstrate the robustness and reliability of our approach in secret communication through various security-sensitive real-world experiments. Our evaluations show that network protocols provide a notable opportunity for unconventional storage and hidden transmission of data to bypass different types of security measures and to hide the source of various cyber attacks.
Related papers
- PACC: Protocol-Aware Cross-Layer Compression for Compact Network Traffic Representation [10.787806670196938]
PACC is a redundancy-aware, layer-aware representation framework.<n>It consistently outperforms feature-engineered and raw-bit baselines.<n>It improves end-to-end efficiency by up to 3.16x.
arXiv Detail & Related papers (2026-02-09T07:09:31Z) - Multi-Agent-Driven Cognitive Secure Communications in Satellite-Terrestrial Networks [58.70163955407538]
Malicious eavesdroppers pose a serious threat to private information via satellite-terrestrial networks (STNs)<n>We propose a cognitive secure communication framework driven by multiple agents that coordinates spectrum scheduling and protection through real-time sensing.<n>We exploit generative adversarial networks to produce adversarial matrices, and employ learning-aided power control to set real and adversarial signal powers for protection layer.
arXiv Detail & Related papers (2026-01-06T10:30:41Z) - Silence Speaks Volumes: A New Paradigm for Covert Communication via History Timing Patterns [0.0]
History Covert Channels (HCC) leverage past network events as reference points to embed covert messages.<n>HCCs minimize detectability by encoding information through small pointers to historical data.<n>This paper introduces a novel method for establishing and maintaining covert communication links using relative pointers to network timing patterns.
arXiv Detail & Related papers (2025-11-27T09:34:36Z) - Careful Whisper: Attestation for peer-to-peer Confidential Computing networks [4.502223155420236]
TEEs enable secure data processing and sharing in peer-to-peer networks, such as vehicular ad hoc networks of autonomous vehicles.<n>A naive peer-to-peer attestation approach, where every TEE directly attests every other TEE, results in quadratic communication overhead.<n>We present Careful Whisper, a gossip-based protocol that disseminates trust efficiently, reducing complexity under ideal conditions.
arXiv Detail & Related papers (2025-07-20T02:57:34Z) - Enhancing Privacy in Semantic Communication over Wiretap Channels leveraging Differential Privacy [51.028047763426265]
Semantic communication (SemCom) improves transmission efficiency by focusing on task-relevant information.<n> transmitting semantic-rich data over insecure channels introduces privacy risks.<n>This paper proposes a novel SemCom framework that integrates differential privacy mechanisms to protect sensitive semantic features.
arXiv Detail & Related papers (2025-04-23T08:42:44Z) - Generative AI-driven Cross-layer Covert Communication: Fundamentals, Framework and Case Study [62.5909195375364]
Cross-layer covert communication mechanism emerges as an effective strategy to mitigate regulatory challenges.<n>We propose an end-to-end cross-layer covert communication scheme driven by Generative Artificial Intelligence (GenAI)<n>Case study is conducted using diffusion reinforcement learning to sovle cloud edge internet of things cross-layer secure communication.
arXiv Detail & Related papers (2025-01-19T15:05:03Z) - Collaborative Inference over Wireless Channels with Feature Differential Privacy [57.68286389879283]
Collaborative inference among multiple wireless edge devices has the potential to significantly enhance Artificial Intelligence (AI) applications.
transmitting extracted features poses a significant privacy risk, as sensitive personal data can be exposed during the process.
We propose a novel privacy-preserving collaborative inference mechanism, wherein each edge device in the network secures the privacy of extracted features before transmitting them to a central server for inference.
arXiv Detail & Related papers (2024-10-25T18:11:02Z) - Attacking Slicing Network via Side-channel Reinforcement Learning Attack [9.428116807615407]
We introduce a reinforcement learning-based side-channel cache attack framework specifically designed for network slicing environments.
Our framework dynamically identifies and exploit cache locations storing sensitive information, such as authentication keys and user registration data.
Experimental results showcase the superiority of our approach, achieving a success rate of approximately 95% to 98%.
arXiv Detail & Related papers (2024-09-17T15:07:05Z) - CONNECTION: COvert chaNnel NEtwork attaCk Through bIt-rate mOdulatioN [1.7034813545878589]
Covert channel networks are a well-known method for circumventing the security measures organizations put in place to protect their networks from adversarial attacks.
This paper introduces a novel method based on bit-rate modulation for implementing covert channels between devices connected over a wide area network.
arXiv Detail & Related papers (2024-04-24T13:14:09Z) - Secure Routing for Mobile Ad hoc Networks [2.965855310793378]
We present a route discovery protocol that mitigates the effects of malicious behavior in MANET networks.
Our protocol guarantees that fabricated, compromised, or replayed route replies would either be rejected or never reach back the querying node.
The scheme is robust in the presence of a number of non-colluding nodes.
arXiv Detail & Related papers (2024-03-01T09:50:00Z) - SemProtector: A Unified Framework for Semantic Protection in Deep Learning-based Semantic Communication Systems [51.97204522852634]
We present a unified framework that aims to secure an online semantic communications system with three semantic protection modules.
Specifically, these protection modules are able to encrypt semantics to be transmitted by an encryption method, mitigate privacy risks from wireless channels by a perturbation mechanism, and calibrate distorted semantics at the destination.
Our framework enables an existing online SC system to dynamically assemble the above three pluggable modules to meet customized semantic protection requirements.
arXiv Detail & Related papers (2023-09-04T06:34:43Z) - Practical quantum secure direct communication with squeezed states [37.69303106863453]
We report the first table-top experimental demonstration of a CV-QSDC system and assess its security.<n>This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
arXiv Detail & Related papers (2023-06-25T19:23:42Z) - Single-Shot Secure Quantum Network Coding for General Multiple Unicast
Network with Free One-Way Public Communication [56.678354403278206]
We propose a canonical method to derive a secure quantum network code over a multiple unicast quantum network.
Our code correctly transmits quantum states when there is no attack.
It also guarantees the secrecy of the transmitted quantum state even with the existence of an attack.
arXiv Detail & Related papers (2020-03-30T09:25:13Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.