Covert Event Channel: A Unified Framework
- Covert Event Channel is a communication mechanism that conceals not only message content but also the occurrence of communication through structured event trace modulation.
- It leverages coordinated adjustments in payload, timing, and behavioral patterns to achieve statistical indistinguishability from normal system activity.
- Its applications span secure agent communications, network monitoring, and blockchain transactions, incorporating robust error correction and integrity checks.
A covert event channel is a covert communication mechanism in which the carrier is an observable event stream and the security objective is to conceal not only message content but the fact that communication is occurring. In the Internet of Agents, the concept is formalized over atomic events , where , and covert communication is distributed across three interconnected dimensions: Storage, Timing, and Behavioral (Huang et al., 4 Aug 2025). Earlier covert-channel literature classified covert channels into storage and timing channels and explicitly noted that timing channels manipulate event occurrence and timing; this suggests that the event-centric formulation is a unifying abstraction that makes explicit the role of event traces as the communication surface (Salwan et al., 2013).
1. Conceptual foundations
Canonical covert-channel definitions describe a covert channel as one that is neither designed nor intended to transfer information at all, as transmission by storage into variables that describe resource states, or as the use of entities not normally viewed as data objects for information transfer (Salwan et al., 2013). Within that lineage, a covert event channel treats the observable carrier not as an isolated header field or a single timing perturbation, but as a structured sequence of events whose payloads, timings, and behavioral choices can all be modulated.
The event abstraction is explicit in agent systems. In the Covert Event Channel model for the Internet of Agents, the adversary observes traces of atomic events, and covert communication is realized by coordinated control of the payload component , the action type , and the timestamp (Huang et al., 4 Aug 2025). This formulation differs from earlier single-medium accounts by making the dialogue itself the carrier.
A related development is the History Covert Channel paradigm, in which past network events are used as reference points for covert encoding. The Silent History Protocol sends small pointer signals that refer the receiver to prior events in shared network history, rather than directly embedding the secret bitstring into traffic patterns or packet contents. It defines a covert amplification factor,
to capture the ratio between recovered message bits and explicitly transmitted pointer bits (Weissenborn et al., 27 Nov 2025). This places emphasis on event selection and event reference, not merely on event modification.
2. Security semantics and adversarial models
Covert communication is distinct from secrecy. Secrecy hides the content of a transmission from an adversary, whereas covert communication hides the fact that communication occurred (Kimelfeld et al., 26 Mar 2025). This distinction recurs across classical, quantum, and systems-oriented formulations.
In information-theoretic models, covertness is commonly expressed as statistical indistinguishability between the adversary’s observation under communication and the observation generated by an innocent symbol or innocent mode. Representative formulations require
or, equivalently in detection-theoretic form, require the warden’s false-alarm and missed-detection probabilities to satisfy
for small (ZivariFard et al., 2020, Forouzesh et al., 2018). Quantum covert communication adopts the same separation between “innocent” and “active” hypotheses and measures covertness through quantum relative entropy between Willie’s states (Kimelfeld et al., 26 Mar 2025).
Event-driven agent settings introduce stronger semantic notions. The protocol defines statistical imperceptibility (IND-STAT), under which the full event trace is computationally indistinguishable from naturally generated traces, and intention imperceptibility (IND-INT), under which each event is semantically indistinguishable from what a benign agent might do in context (Huang et al., 4 Aug 2025). The latter is a stricter requirement because it addresses event meaning, not only event statistics.
Blockchain systems add a lifecycle dimension. ABC-Channel states three security properties: contactless channel negotiation before communication, indistinguishable carrier transactions during communication, and untraceable communication identities after communication (Ma et al., 2024). In supervisory control of networked discrete-event systems, covertness is defined operationally: a covert sensor attack must not force the networked monitor to a bad state while it inserts, deletes, or replaces compromised observable events under bounded, non-FIFO delays (Tai et al., 2021).
3. Carrier dimensions and encoding mechanisms
The three-dimensional event model can be organized as follows.
| Dimension | Event component | Representative mechanisms |
|---|---|---|
| Storage | 0, resource/state values | payload embedding, named resources, resource-state manipulation |
| Timing | 1, 2, rate | inter-arrival modulation, read-time modulation, bit-rate modulation |
| Behavioral | 3, action/access choice | action-type selection, URL access order, event insertion/deletion/replacement |
Storage-oriented event channels encode information in values associated with events. In 4, the payload 5 is embedded by provably secure generative steganography (Huang et al., 4 Aug 2025). “A Covert Channel Using Named Resources” uses URL names as message symbols: URLs are harvested from legitimate browsing, mapped into code lists by hashing and modulo reduction, and the covert message is transmitted by selecting URLs in an information-bearing order (Davis et al., 2014). Earlier storage-channel accounts likewise emphasized file names, file attributes, and shared resources as covert carriers (Salwan et al., 2013).
Timing-oriented event channels encode information in event spacing, rate, or temporal reference. “Covert Bits Through Queues” encodes covert messages in packet inter-arrival times while Bob and Willie observe inter-departure times from their queues (Mukherjee et al., 2016). “A Covert Channel Based on Web Read-time Modulation” modulates the time between web resource accesses, using the Nielsen formula
6
as an estimate of average user read-time and then offsetting a pseudorandom baseline within a code window (Davis, 2014). CONNECTION uses bit-rate modulation over UDP traffic, with high bit-rate encoding ‘1’ and low bit-rate encoding ‘0’, and models the channel as a binary symmetric channel with capacity
7
where 8 is the bit error rate (Soderi et al., 2024).
Behavioral event channels encode information through choices among plausible actions. In 9, 0 is selected by a context- and LLM-aware policy so that action choices remain behaviorally plausible (Huang et al., 4 Aug 2025). In networked discrete-event systems, an attacker may insert, delete, or replace observable events while remaining covert to the monitor (Tai et al., 2021). History Covert Channels make behavior indirect: the sender transmits a pointer that instructs the receiver which prior packet or timing pattern to inspect, turning the choice of referenced event into the effective carrier (Weissenborn et al., 27 Nov 2025).
Several implementations straddle these dimensions. MeMoir modulates system memory usage by allocating and deallocating large memory blocks in defined intervals; the receiver samples global memory usage and decodes the waveform by time-domain and frequency-domain analysis (Gonzalez-Gomez et al., 2024). Practical WiFi covert channels exploit physical-layer event structure rather than only packet contents, including STF PSK, CFO FSK, camouflage subcarriers, and cyclic-prefix replacement in 802.11a/g OFDM systems (Classen et al., 2015).
4. Representative protocol architectures
1 operationalizes the event-driven model in three phases: initialization and handshake, iterative embedding and transmission, and reassembly with implicit acknowledgment. The sender and receiver derive a shared session key through ECDH and PKI, activate the covert channel through a keyed trigger function on timestamps, and then encode each fragment into an event
2
Its covert header includes Total Data Size (12 bits), Sequence Number (6 bits), a FIN flag, and a CRC-4 checksum (Huang et al., 4 Aug 2025). The design integrates error correction, delivery confirmation, and integrity checks into the covert channel itself.
ABC-Channel is a blockchain-based full-lifecycle covert channel. Its contactless negotiation phase uses kleptographic signatures and ECDH: 3 yielding a shared extended secret 4 for deterministic address derivation (Ma et al., 2024). During communication, a CTGAN-based generator and discrete distribution fitting synthesize transaction parameters
5
to match real Bitcoin transactions. After communication, a deterministic HD-wallet construction derives one-time addresses 6, 7, preventing address reuse and clustering. Message bits are embedded in signature randomness through a privkey-subliminal signature method (Ma et al., 2024).
The Silent History Protocol is a pointer-based event architecture. Both sides record packets of interest, derive bits from timing patterns, and send only a pointer when a prior event’s hashed timing matches the next secret fragment. Relative timing replaces absolute-clock dependence, reducing reliance on tight synchronization. The expected number of attempts for an 8-bit fragment is 9, and the expected bits per attempt is 0 (Weissenborn et al., 27 Nov 2025).
MeMoir represents a software-driven architecture in which the transmitter converts data to binary, divides it into 4-bit blocks, applies Hamming 1, and uses on-off keying through memory allocation pulses. On Linux and Windows, the receiver samples memory usage, applies a Discrete Fourier Transform and a high-pass Butterworth filter, and then performs reverse Hamming decoding. The same basic method was demonstrated from a Hyper-V virtualized environment to a Windows 11 host by monitoring the vmmemWSL process (Gonzalez-Gomez et al., 2024).
5. Capacity, scaling laws, and empirical performance
The standard evaluation triad in the covert-channel literature is capacity, robustness, and stealth (Salwan et al., 2013). Reported results span bits per round, bits per transaction, bits per second, bits per second per hertz, and asymptotic 2 laws, so they characterize different operational regimes rather than a single common benchmark.
| System | Reported metric | Result |
|---|---|---|
| 3 | EBPR / total payload / imperceptibility | 60–90 bits/round; 4 kbits; AUC 5 |
| ABC-Channel | throughput / indistinguishability | 6 bits/transaction at 7 Satoshis; ARI 8, NMI 9 |
| CONNECTION | bit-rate / normalized capacity | 0 bps; 1 bps/Hz |
| SHP | effective covert bitrate | up to 2 bps; 3 bps in typical environments |
| MeMoir | software-channel throughput | 4 bps on Intel x86-64; 5 bps on ARM64 |
For 6, correctness was 7, and GPT-4o used as a warden scored steganographic dialogues as approaching 5.0 for naturalness and coherence and approximately 1.0 for suspicion (Huang et al., 4 Aug 2025). ABC-Channel reported black-box indistinguishability with ARI 8 and NMI 9, and a white-box random-forest precision 0, recall 1, and F1-score 2; in realistic settings, each transaction carried approximately 3 bits at a cost of approximately 4 Satoshis (Ma et al., 2024). CONNECTION achieved 5 bps with channel capacity up to 6 bps/Hz and remained functional with up to 7 packet loss (Soderi et al., 2024). SHP reached up to 8 bps in LAN environments with high overt traffic and 9 bps in typical environments using only shared-broadcast packets of interest (Weissenborn et al., 27 Nov 2025). MeMoir reached BER 0 and PER 1 at 2 bps on Intel x86-64, and BER 3 and PER 4 at 5 bps on ARM64 (Gonzalez-Gomez et al., 2024).
Physical-layer WiFi covert channels occupy a much higher throughput regime. Practical 802.11a/g implementations reported 6 kbit/s for STF PSK, 7 kbit/s for CFO FSK, up to 8 Mbit/s for camouflage subcarriers, and up to 9 Mbit/s for full cyclic-prefix replacement (Classen et al., 2015).
At the theoretical level, many covert models obey the square root law. Covert entanglement generation over noisy quantum channels produces 0 EPR pairs over 1 channel uses, and the same law holds for lossy thermal-noise bosonic channels (Kimelfeld et al., 26 Mar 2025, Anderson et al., 11 Jun 2025). By contrast, positive covert rate is possible in some nonstandard settings. Queuing timing channels achieve non-zero covert rate when sufficiently high-rate secret keys are available (Mukherjee et al., 2016). Channels with channel-state information at the transmitter can have positive covert capacity even when the capacity is zero without CSI, including AWGN examples (Lee et al., 2017). Keyless covert communication can also exploit shared randomness extracted from state, with capacity characterized by conditions involving 2 (ZivariFard et al., 2020). Action-dependent state channels go further: they study reliable and covert communication on the order of 3 bits in 4 channel uses with negligible secret-key rate (ZivariFard et al., 22 Jan 2025).
6. Detection, defense, and research directions
Classical defenses distinguish prevention from detection. For storage channels, mandatory access controls and resource quotas are standard countermeasures; for timing channels, traffic shaping, randomization, and statistical anomaly detection are emphasized (Salwan et al., 2013). Yet several papers argue that simple interference-style reasoning is inadequate. An information-theoretic detection framework shows that ordinary interference does not characterize deliberate covert information flow and that even iterated multivalued interference misses channels with capacity below one bit per use; the decisive quantity is channel capacity (Hélouët et al., 2011).
Entropy-based and behavioral detection have been proposed for hybrid channels. Shannon entropy
5
is used to assess abnormal field usage, while covertness index formulations attempt to quantify detectability across multiple trapdoors (K et al., 2015). For network timing attacks such as bit-rate modulation, the recommended defenses are throughput-envelope monitoring, anomaly detection for periodic or amplitude-modulated flows, and rate limiting, whereas payload scrubbing is ineffective because the carrier is throughput rather than content (Soderi et al., 2024). For WiFi physical-layer channels, Layer 2 monitoring is generally insufficient; reliable detection requires SDR-based Layer 1 analysis of EVM, CFO, subcarrier usage, and cyclic-prefix structure (Classen et al., 2015).
MeMoir provides a comparatively explicit defender pipeline. Monitoring windows of 100 normalized memory-usage samples, a Decision Tree of depth 7 achieved 6 accuracy with 7 false negatives and 8 false positives, and a noise-based countermeasure raised BER to approximately 9 on the PC and PER to approximately 0, rendering the channel nonviable (Gonzalez-Gomez et al., 2024). SHP, by contrast, reported that statistical tests and ML detectors failed under conservative configurations, but that heavy rehashing can make the protocol detectable by lightweight statistical detectors (Weissenborn et al., 27 Nov 2025).
Event ordering and transport uncertainty complicate monitoring. In networked discrete-event systems with non-FIFO channels and bounded delays, network-induced disorder weakens the monitor’s ability to distinguish attacks from benign reordering, and the supremal covert sensor attack can be computed through a normality-based synthesis approach (Tai et al., 2021). In agent settings, the introduction of IND-INT suggests that future monitors must reason jointly about event timing, event semantics, and dialogue policy, not merely about packet headers or aggregate traffic volume (Huang et al., 4 Aug 2025).
A recurring misconception is that covert event channels are only timing channels under a new name. The literature does not support that reduction. The modern event formulation explicitly unifies storage, timing, and behavioral carriers (Huang et al., 4 Aug 2025), while practical systems show that covert communication can be embedded in transaction features, agent action types, memory-usage waveforms, URL access order, historical event references, and physical-layer signal structure (Ma et al., 2024, Gonzalez-Gomez et al., 2024). Another common misconception is that covert communication and secrecy are interchangeable; the theoretical literature treats them as distinct objectives, and several constructions require both because covertness is statistical rather than absolute (Kimelfeld et al., 26 Mar 2025).
Taken together, the literature presents covert event channels as a general framework for hiding communication in structured event traces. The unifying theme is not a single carrier medium but coordinated control over what event occurs, when it occurs, and how that occurrence fits the surrounding behavioral context.