Papers
Topics
Authors
Recent
Search
2000 character limit reached

Covert Event Channel: A Unified Framework

Updated 7 July 2026
  • Covert Event Channel is a communication mechanism that conceals not only message content but also the occurrence of communication through structured event trace modulation.
  • It leverages coordinated adjustments in payload, timing, and behavioral patterns to achieve statistical indistinguishability from normal system activity.
  • Its applications span secure agent communications, network monitoring, and blockchain transactions, incorporating robust error correction and integrity checks.

A covert event channel is a covert communication mechanism in which the carrier is an observable event stream and the security objective is to conceal not only message content but the fact that communication is occurring. In the Internet of Agents, the concept is formalized over atomic events e=(ag,act,t)e=(ag,act,t), where act=(atype,adata)act=(a_{\text{type}},a_{\text{data}}), and covert communication is distributed across three interconnected dimensions: Storage, Timing, and Behavioral (Huang et al., 4 Aug 2025). Earlier covert-channel literature classified covert channels into storage and timing channels and explicitly noted that timing channels manipulate event occurrence and timing; this suggests that the event-centric formulation is a unifying abstraction that makes explicit the role of event traces as the communication surface (Salwan et al., 2013).

1. Conceptual foundations

Canonical covert-channel definitions describe a covert channel as one that is neither designed nor intended to transfer information at all, as transmission by storage into variables that describe resource states, or as the use of entities not normally viewed as data objects for information transfer (Salwan et al., 2013). Within that lineage, a covert event channel treats the observable carrier not as an isolated header field or a single timing perturbation, but as a structured sequence of events whose payloads, timings, and behavioral choices can all be modulated.

The event abstraction is explicit in agent systems. In the Covert Event Channel model for the Internet of Agents, the adversary observes traces of atomic events, and covert communication is realized by coordinated control of the payload component adataa_{\text{data}}, the action type atypea_{\text{type}}, and the timestamp tt (Huang et al., 4 Aug 2025). This formulation differs from earlier single-medium accounts by making the dialogue itself the carrier.

A related development is the History Covert Channel paradigm, in which past network events are used as reference points for covert encoding. The Silent History Protocol sends small pointer signals that refer the receiver to prior events in shared network history, rather than directly embedding the secret bitstring into traffic patterns or packet contents. It defines a covert amplification factor,

CAF=bitsmessagebitspointer,CAF = \frac{\text{bits}_{message}}{\text{bits}_{pointer}},

to capture the ratio between recovered message bits and explicitly transmitted pointer bits (Weissenborn et al., 27 Nov 2025). This places emphasis on event selection and event reference, not merely on event modification.

2. Security semantics and adversarial models

Covert communication is distinct from secrecy. Secrecy hides the content of a transmission from an adversary, whereas covert communication hides the fact that communication occurred (Kimelfeld et al., 26 Mar 2025). This distinction recurs across classical, quantum, and systems-oriented formulations.

In information-theoretic models, covertness is commonly expressed as statistical indistinguishability between the adversary’s observation under communication and the observation generated by an innocent symbol or innocent mode. Representative formulations require

D(PZNQ0N)0,D(P_{Z^N}\|Q_0^{\otimes N}) \to 0,

or, equivalently in detection-theoretic form, require the warden’s false-alarm and missed-detection probabilities to satisfy

PMD+PFA1ε\mathbb{P}_{MD}+\mathbb{P}_{FA}\geq 1-\varepsilon

for small ε\varepsilon (ZivariFard et al., 2020, Forouzesh et al., 2018). Quantum covert communication adopts the same separation between “innocent” and “active” hypotheses and measures covertness through quantum relative entropy between Willie’s states (Kimelfeld et al., 26 Mar 2025).

Event-driven agent settings introduce stronger semantic notions. The ΠCCAP\Pi_{\text{CCAP}} protocol defines statistical imperceptibility (IND-STAT), under which the full event trace is computationally indistinguishable from naturally generated traces, and intention imperceptibility (IND-INT), under which each event is semantically indistinguishable from what a benign agent might do in context (Huang et al., 4 Aug 2025). The latter is a stricter requirement because it addresses event meaning, not only event statistics.

Blockchain systems add a lifecycle dimension. ABC-Channel states three security properties: contactless channel negotiation before communication, indistinguishable carrier transactions during communication, and untraceable communication identities after communication (Ma et al., 2024). In supervisory control of networked discrete-event systems, covertness is defined operationally: a covert sensor attack must not force the networked monitor to a bad state while it inserts, deletes, or replaces compromised observable events under bounded, non-FIFO delays (Tai et al., 2021).

3. Carrier dimensions and encoding mechanisms

The three-dimensional event model can be organized as follows.

Dimension Event component Representative mechanisms
Storage act=(atype,adata)act=(a_{\text{type}},a_{\text{data}})0, resource/state values payload embedding, named resources, resource-state manipulation
Timing act=(atype,adata)act=(a_{\text{type}},a_{\text{data}})1, act=(atype,adata)act=(a_{\text{type}},a_{\text{data}})2, rate inter-arrival modulation, read-time modulation, bit-rate modulation
Behavioral act=(atype,adata)act=(a_{\text{type}},a_{\text{data}})3, action/access choice action-type selection, URL access order, event insertion/deletion/replacement

Storage-oriented event channels encode information in values associated with events. In act=(atype,adata)act=(a_{\text{type}},a_{\text{data}})4, the payload act=(atype,adata)act=(a_{\text{type}},a_{\text{data}})5 is embedded by provably secure generative steganography (Huang et al., 4 Aug 2025). “A Covert Channel Using Named Resources” uses URL names as message symbols: URLs are harvested from legitimate browsing, mapped into code lists by hashing and modulo reduction, and the covert message is transmitted by selecting URLs in an information-bearing order (Davis et al., 2014). Earlier storage-channel accounts likewise emphasized file names, file attributes, and shared resources as covert carriers (Salwan et al., 2013).

Timing-oriented event channels encode information in event spacing, rate, or temporal reference. “Covert Bits Through Queues” encodes covert messages in packet inter-arrival times while Bob and Willie observe inter-departure times from their queues (Mukherjee et al., 2016). “A Covert Channel Based on Web Read-time Modulation” modulates the time between web resource accesses, using the Nielsen formula

act=(atype,adata)act=(a_{\text{type}},a_{\text{data}})6

as an estimate of average user read-time and then offsetting a pseudorandom baseline within a code window (Davis, 2014). CONNECTION uses bit-rate modulation over UDP traffic, with high bit-rate encoding ‘1’ and low bit-rate encoding ‘0’, and models the channel as a binary symmetric channel with capacity

act=(atype,adata)act=(a_{\text{type}},a_{\text{data}})7

where act=(atype,adata)act=(a_{\text{type}},a_{\text{data}})8 is the bit error rate (Soderi et al., 2024).

Behavioral event channels encode information through choices among plausible actions. In act=(atype,adata)act=(a_{\text{type}},a_{\text{data}})9, adataa_{\text{data}}0 is selected by a context- and LLM-aware policy so that action choices remain behaviorally plausible (Huang et al., 4 Aug 2025). In networked discrete-event systems, an attacker may insert, delete, or replace observable events while remaining covert to the monitor (Tai et al., 2021). History Covert Channels make behavior indirect: the sender transmits a pointer that instructs the receiver which prior packet or timing pattern to inspect, turning the choice of referenced event into the effective carrier (Weissenborn et al., 27 Nov 2025).

Several implementations straddle these dimensions. MeMoir modulates system memory usage by allocating and deallocating large memory blocks in defined intervals; the receiver samples global memory usage and decodes the waveform by time-domain and frequency-domain analysis (Gonzalez-Gomez et al., 2024). Practical WiFi covert channels exploit physical-layer event structure rather than only packet contents, including STF PSK, CFO FSK, camouflage subcarriers, and cyclic-prefix replacement in 802.11a/g OFDM systems (Classen et al., 2015).

4. Representative protocol architectures

adataa_{\text{data}}1 operationalizes the event-driven model in three phases: initialization and handshake, iterative embedding and transmission, and reassembly with implicit acknowledgment. The sender and receiver derive a shared session key through ECDH and PKI, activate the covert channel through a keyed trigger function on timestamps, and then encode each fragment into an event

adataa_{\text{data}}2

Its covert header includes Total Data Size (12 bits), Sequence Number (6 bits), a FIN flag, and a CRC-4 checksum (Huang et al., 4 Aug 2025). The design integrates error correction, delivery confirmation, and integrity checks into the covert channel itself.

ABC-Channel is a blockchain-based full-lifecycle covert channel. Its contactless negotiation phase uses kleptographic signatures and ECDH: adataa_{\text{data}}3 yielding a shared extended secret adataa_{\text{data}}4 for deterministic address derivation (Ma et al., 2024). During communication, a CTGAN-based generator and discrete distribution fitting synthesize transaction parameters

adataa_{\text{data}}5

to match real Bitcoin transactions. After communication, a deterministic HD-wallet construction derives one-time addresses adataa_{\text{data}}6, adataa_{\text{data}}7, preventing address reuse and clustering. Message bits are embedded in signature randomness through a privkey-subliminal signature method (Ma et al., 2024).

The Silent History Protocol is a pointer-based event architecture. Both sides record packets of interest, derive bits from timing patterns, and send only a pointer when a prior event’s hashed timing matches the next secret fragment. Relative timing replaces absolute-clock dependence, reducing reliance on tight synchronization. The expected number of attempts for an adataa_{\text{data}}8-bit fragment is adataa_{\text{data}}9, and the expected bits per attempt is atypea_{\text{type}}0 (Weissenborn et al., 27 Nov 2025).

MeMoir represents a software-driven architecture in which the transmitter converts data to binary, divides it into 4-bit blocks, applies Hamming atypea_{\text{type}}1, and uses on-off keying through memory allocation pulses. On Linux and Windows, the receiver samples memory usage, applies a Discrete Fourier Transform and a high-pass Butterworth filter, and then performs reverse Hamming decoding. The same basic method was demonstrated from a Hyper-V virtualized environment to a Windows 11 host by monitoring the vmmemWSL process (Gonzalez-Gomez et al., 2024).

5. Capacity, scaling laws, and empirical performance

The standard evaluation triad in the covert-channel literature is capacity, robustness, and stealth (Salwan et al., 2013). Reported results span bits per round, bits per transaction, bits per second, bits per second per hertz, and asymptotic atypea_{\text{type}}2 laws, so they characterize different operational regimes rather than a single common benchmark.

System Reported metric Result
atypea_{\text{type}}3 EBPR / total payload / imperceptibility 60–90 bits/round; atypea_{\text{type}}4 kbits; AUC atypea_{\text{type}}5
ABC-Channel throughput / indistinguishability atypea_{\text{type}}6 bits/transaction at atypea_{\text{type}}7 Satoshis; ARI atypea_{\text{type}}8, NMI atypea_{\text{type}}9
CONNECTION bit-rate / normalized capacity tt0 bps; tt1 bps/Hz
SHP effective covert bitrate up to tt2 bps; tt3 bps in typical environments
MeMoir software-channel throughput tt4 bps on Intel x86-64; tt5 bps on ARM64

For tt6, correctness was tt7, and GPT-4o used as a warden scored steganographic dialogues as approaching 5.0 for naturalness and coherence and approximately 1.0 for suspicion (Huang et al., 4 Aug 2025). ABC-Channel reported black-box indistinguishability with ARI tt8 and NMI tt9, and a white-box random-forest precision CAF=bitsmessagebitspointer,CAF = \frac{\text{bits}_{message}}{\text{bits}_{pointer}},0, recall CAF=bitsmessagebitspointer,CAF = \frac{\text{bits}_{message}}{\text{bits}_{pointer}},1, and F1-score CAF=bitsmessagebitspointer,CAF = \frac{\text{bits}_{message}}{\text{bits}_{pointer}},2; in realistic settings, each transaction carried approximately CAF=bitsmessagebitspointer,CAF = \frac{\text{bits}_{message}}{\text{bits}_{pointer}},3 bits at a cost of approximately CAF=bitsmessagebitspointer,CAF = \frac{\text{bits}_{message}}{\text{bits}_{pointer}},4 Satoshis (Ma et al., 2024). CONNECTION achieved CAF=bitsmessagebitspointer,CAF = \frac{\text{bits}_{message}}{\text{bits}_{pointer}},5 bps with channel capacity up to CAF=bitsmessagebitspointer,CAF = \frac{\text{bits}_{message}}{\text{bits}_{pointer}},6 bps/Hz and remained functional with up to CAF=bitsmessagebitspointer,CAF = \frac{\text{bits}_{message}}{\text{bits}_{pointer}},7 packet loss (Soderi et al., 2024). SHP reached up to CAF=bitsmessagebitspointer,CAF = \frac{\text{bits}_{message}}{\text{bits}_{pointer}},8 bps in LAN environments with high overt traffic and CAF=bitsmessagebitspointer,CAF = \frac{\text{bits}_{message}}{\text{bits}_{pointer}},9 bps in typical environments using only shared-broadcast packets of interest (Weissenborn et al., 27 Nov 2025). MeMoir reached BER D(PZNQ0N)0,D(P_{Z^N}\|Q_0^{\otimes N}) \to 0,0 and PER D(PZNQ0N)0,D(P_{Z^N}\|Q_0^{\otimes N}) \to 0,1 at D(PZNQ0N)0,D(P_{Z^N}\|Q_0^{\otimes N}) \to 0,2 bps on Intel x86-64, and BER D(PZNQ0N)0,D(P_{Z^N}\|Q_0^{\otimes N}) \to 0,3 and PER D(PZNQ0N)0,D(P_{Z^N}\|Q_0^{\otimes N}) \to 0,4 at D(PZNQ0N)0,D(P_{Z^N}\|Q_0^{\otimes N}) \to 0,5 bps on ARM64 (Gonzalez-Gomez et al., 2024).

Physical-layer WiFi covert channels occupy a much higher throughput regime. Practical 802.11a/g implementations reported D(PZNQ0N)0,D(P_{Z^N}\|Q_0^{\otimes N}) \to 0,6 kbit/s for STF PSK, D(PZNQ0N)0,D(P_{Z^N}\|Q_0^{\otimes N}) \to 0,7 kbit/s for CFO FSK, up to D(PZNQ0N)0,D(P_{Z^N}\|Q_0^{\otimes N}) \to 0,8 Mbit/s for camouflage subcarriers, and up to D(PZNQ0N)0,D(P_{Z^N}\|Q_0^{\otimes N}) \to 0,9 Mbit/s for full cyclic-prefix replacement (Classen et al., 2015).

At the theoretical level, many covert models obey the square root law. Covert entanglement generation over noisy quantum channels produces PMD+PFA1ε\mathbb{P}_{MD}+\mathbb{P}_{FA}\geq 1-\varepsilon0 EPR pairs over PMD+PFA1ε\mathbb{P}_{MD}+\mathbb{P}_{FA}\geq 1-\varepsilon1 channel uses, and the same law holds for lossy thermal-noise bosonic channels (Kimelfeld et al., 26 Mar 2025, Anderson et al., 11 Jun 2025). By contrast, positive covert rate is possible in some nonstandard settings. Queuing timing channels achieve non-zero covert rate when sufficiently high-rate secret keys are available (Mukherjee et al., 2016). Channels with channel-state information at the transmitter can have positive covert capacity even when the capacity is zero without CSI, including AWGN examples (Lee et al., 2017). Keyless covert communication can also exploit shared randomness extracted from state, with capacity characterized by conditions involving PMD+PFA1ε\mathbb{P}_{MD}+\mathbb{P}_{FA}\geq 1-\varepsilon2 (ZivariFard et al., 2020). Action-dependent state channels go further: they study reliable and covert communication on the order of PMD+PFA1ε\mathbb{P}_{MD}+\mathbb{P}_{FA}\geq 1-\varepsilon3 bits in PMD+PFA1ε\mathbb{P}_{MD}+\mathbb{P}_{FA}\geq 1-\varepsilon4 channel uses with negligible secret-key rate (ZivariFard et al., 22 Jan 2025).

6. Detection, defense, and research directions

Classical defenses distinguish prevention from detection. For storage channels, mandatory access controls and resource quotas are standard countermeasures; for timing channels, traffic shaping, randomization, and statistical anomaly detection are emphasized (Salwan et al., 2013). Yet several papers argue that simple interference-style reasoning is inadequate. An information-theoretic detection framework shows that ordinary interference does not characterize deliberate covert information flow and that even iterated multivalued interference misses channels with capacity below one bit per use; the decisive quantity is channel capacity (Hélouët et al., 2011).

Entropy-based and behavioral detection have been proposed for hybrid channels. Shannon entropy

PMD+PFA1ε\mathbb{P}_{MD}+\mathbb{P}_{FA}\geq 1-\varepsilon5

is used to assess abnormal field usage, while covertness index formulations attempt to quantify detectability across multiple trapdoors (K et al., 2015). For network timing attacks such as bit-rate modulation, the recommended defenses are throughput-envelope monitoring, anomaly detection for periodic or amplitude-modulated flows, and rate limiting, whereas payload scrubbing is ineffective because the carrier is throughput rather than content (Soderi et al., 2024). For WiFi physical-layer channels, Layer 2 monitoring is generally insufficient; reliable detection requires SDR-based Layer 1 analysis of EVM, CFO, subcarrier usage, and cyclic-prefix structure (Classen et al., 2015).

MeMoir provides a comparatively explicit defender pipeline. Monitoring windows of 100 normalized memory-usage samples, a Decision Tree of depth 7 achieved PMD+PFA1ε\mathbb{P}_{MD}+\mathbb{P}_{FA}\geq 1-\varepsilon6 accuracy with PMD+PFA1ε\mathbb{P}_{MD}+\mathbb{P}_{FA}\geq 1-\varepsilon7 false negatives and PMD+PFA1ε\mathbb{P}_{MD}+\mathbb{P}_{FA}\geq 1-\varepsilon8 false positives, and a noise-based countermeasure raised BER to approximately PMD+PFA1ε\mathbb{P}_{MD}+\mathbb{P}_{FA}\geq 1-\varepsilon9 on the PC and PER to approximately ε\varepsilon0, rendering the channel nonviable (Gonzalez-Gomez et al., 2024). SHP, by contrast, reported that statistical tests and ML detectors failed under conservative configurations, but that heavy rehashing can make the protocol detectable by lightweight statistical detectors (Weissenborn et al., 27 Nov 2025).

Event ordering and transport uncertainty complicate monitoring. In networked discrete-event systems with non-FIFO channels and bounded delays, network-induced disorder weakens the monitor’s ability to distinguish attacks from benign reordering, and the supremal covert sensor attack can be computed through a normality-based synthesis approach (Tai et al., 2021). In agent settings, the introduction of IND-INT suggests that future monitors must reason jointly about event timing, event semantics, and dialogue policy, not merely about packet headers or aggregate traffic volume (Huang et al., 4 Aug 2025).

A recurring misconception is that covert event channels are only timing channels under a new name. The literature does not support that reduction. The modern event formulation explicitly unifies storage, timing, and behavioral carriers (Huang et al., 4 Aug 2025), while practical systems show that covert communication can be embedded in transaction features, agent action types, memory-usage waveforms, URL access order, historical event references, and physical-layer signal structure (Ma et al., 2024, Gonzalez-Gomez et al., 2024). Another common misconception is that covert communication and secrecy are interchangeable; the theoretical literature treats them as distinct objectives, and several constructions require both because covertness is statistical rather than absolute (Kimelfeld et al., 26 Mar 2025).

Taken together, the literature presents covert event channels as a general framework for hiding communication in structured event traces. The unifying theme is not a single carrier medium but coordinated control over what event occurs, when it occurs, and how that occurrence fits the surrounding behavioral context.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Covert Event Channel.