Papers
Topics
Authors
Recent
Search
2000 character limit reached

Cyber-Physical Covert Channels

Updated 15 April 2026
  • Cyber-physical covert channels are unauthorized pathways that exploit the interaction between physical and computational components in CPS to enable covert data leakage.
  • They employ techniques like CPU frequency modulation, CAN bus timing alterations, and motion perturbations to achieve robust, undetectable communication.
  • Mitigation strategies such as hardware controls, signal randomization, and protocol obfuscation are key to defending against covert channel exploitation in CPS.

Cyber-physical covert channels are unauthorized communication pathways that leverage the physical interactions between computational and physical system components to exfiltrate, embed, or exchange information in a manner that bypasses established access controls. These channels exploit the tightly coupled feedback between hardware, software, sensors, and actuators that typify cyber-physical systems (CPS), enabling both offensive data leakage and defensive authentication without modifying protocol semantics or introducing overt traffic.

1. Formal Definition and System-Level Characterization

A cyber-physical covert channel exists in a CPS when adversarial manipulation of actuators (inputs) can be algebraically masked by concurrent spoofing on selected sensor outputs, leaving the controller’s observable data stream indistinguishable from the no-attack baseline. This scenario is rigorously defined using a discrete-time linear time-invariant model:

x(k+1)=Ax(k)+Bu(k)+ω(k),y(k)=Cx(k)+ν(k)x(k+1) = A\,x(k) + B\,u(k) + \omega(k), \qquad y(k) = C\,x(k) + \nu(k)

where xRnx\in\mathbb{R}^n is the system state, uRmu\in\mathbb{R}^m the control input, and yRpy\in\mathbb{R}^p the measured output. Attack vectors aua_u (input/actuator) and aya_y (output/sensor) with signatures LaL_a and DaD_a enter the system as BLaauB L_a a_u and DaayD_a a_y respectively. A pair xRnx\in\mathbb{R}^n0 is a covert attack if

xRnx\in\mathbb{R}^n1

where xRnx\in\mathbb{R}^n2 is the lifted system input-output map over any time window xRnx\in\mathbb{R}^n3 (Taheri et al., 9 Dec 2025).

The necessary and sufficient conditions for the existence of a perfectly covert channel are encoded in the relation between the Markov parameters xRnx\in\mathbb{R}^n4 and xRnx\in\mathbb{R}^n5: alignment between these determines attackability of that sensor/actuator min-cut.

2. Construction Techniques Across Cyber-Physical Domains

Cyber-physical covert channels have been demonstrated using a variety of system-layer and physical-layer resources:

  • Processor Frequency Modulation: TurboCC uses Intel Turbo Boost’s n-to-frequency mapping such that a transmitter modulates information by varying the system load (activating additional cores), causing predictable shifts in the maximum per-core turbo frequency. The receiver detects these frequency transitions by polling its own core’s apparent frequency at high rate and performing thresholding and run-length edge detection. Throughputs up to 61 bit/s idle and 43 bit/s at 25% utilization have been reported, robust to substantial background load (Kalmbach et al., 2020).
  • Automotive In-Vehicle Networks (CAN bus): Covert authentication is realized via three complementary approaches. (1) Inter-Arrival Time (IAT) modulation minimally perturbs the periodicity of CAN messages by ±δ to encode bits, leveraging statistical arrival models and decodable under typical network jitter. (2) Offset-based channels accumulate and then counteract timing deviations to produce a detectable sawtooth in the observed offset. (3) LSB-based channels rewrite 1–2 least significant bits of sensor payloads in CAN data, incurring sub-percent max signal error. Hybridization further maximizes throughput. Implementations show aggregate sub-percent bit-error rates with throughputs up to ≈200 bps, while being protocol-transparent and introducing no extra messages (Ying et al., 2019, Ying et al., 2019).
  • Actuation Trajectory Modulation in IoT and Robotics: Air-gapped edge devices such as drones or robotic arms, even under observer-side Kalman-filter-based state estimation, can leak bits by slightly perturbing actuator references (e.g., modulating trajectory yaw or end-effector position) within noise thresholds. A remote observer (e.g., camera) decodes the exfiltrated signal by tracking physical movement. Transmission rates up to 10–15 bps have been realized in robotics/IoT settings without triggering state-estimation alarms (Chan et al., 2022).
  • Optical-Physical Channels: Peripheral devices such as optical mice can act as transmitters (via programmable LEDs) and receivers (photocells), with on-off keying used to generate or absorb data-carrying flashes. Realizable bit rates range from 0.25–1 bps (mouse–mouse or mouse–camera) to ~10 bps (torch-to-mouse). Stealth improves when infrared LEDs are used (Alshangiti et al., 2019).

3. Analytical Performance, Stealth, and Robustness

The practical efficacy of cyber-physical covert channels is governed by the interplay among noise, system-induced fluctuations, detection thresholds, and operational constraints.

Throughput and Error Rate Analysis:

  • Throughput is bounded by system response time, background noise, protocol or hardware timing granularity, and physical-layer SNR.
  • IAT-based channels: Achieve aggregate authentication bit rates on CAN bus of ≈93 bps hybrid, ≈62 bps per single channel for T=10 ms (Ying et al., 2019).
  • Processor power management channels: Up to 61 bps in low-load systems, degrading predictably with background utilization (Kalmbach et al., 2020).
  • Physical exfiltration (motion/optics): Up to 10 bps in torch-to-mouse channels, and 5–15 bps in motion-trajectory exfiltration, with BER rising sharply at higher rates and longer distances or diminished SNR (Alshangiti et al., 2019, Chan et al., 2022).

Stealth and Detection:

  • Timing-based and LSB-based CAN channels are engineered so the modified statistics (e.g., IAT mean, payload quantization) remain within the ambient system noise or application tolerance, often undetectable by conventional IDS. BER remains at or below unmodified levels.
  • CPU load/frequency channels remain functional under significant load and are resistant to detection unless system-level frequency monitoring is in place.
  • State-estimation-based IDSs can be circumvented by modulating within residual thresholds; increasing SNR by leveraging multi-modal sensing and randomized defensive perturbations degrades channel capacity (Chan et al., 2022).
Modality Typical Rate BER Stealth Mechanism
CPU freq (TurboCC) 12–61 bps <10% (select xRnx\in\mathbb{R}^n6) Overlays on turbo scaling
CAN IAT/LSB/Hybrid 62–200 bps <0.3% (IAT) Below CAN jitter, protocol-free
Motion actuation 1–15 bps 0–15% Physical movement within noise
Optical mouse 0.25–10 bps <1% to 10% Infrared, line-of-sight

4. Countermeasures and System Hardening

Mitigation techniques are inherently system-specific and trade performance for decreased channel capacity:

  • Physical Hardware Control: Disabling variable-frequency operation (e.g., Turbo Boost) via fixed P-states eliminates frequency-based channels but at significant performance cost (15–50% penalty). For optical devices, blocking line-of-sight or using non-optical peripherals eliminates mouse-based channels (Kalmbach et al., 2020, Alshangiti et al., 2019).
  • Signal Randomization: Injecting randomized or cryptographically keyed perturbations (“dithering”) in actuation signals can decrease the SNR of attacker embeddings and limit covert capacity, sometimes at the loss of deterministic control (Chan et al., 2022).
  • Protocol and Timing Obfuscation: Protocol randomization (e.g., LSB whitening, message-timing shuffling) disrupts timing- and value-based hiding at the expense of schedulability or application fidelity (Ying et al., 2019, Taheri et al., 9 Dec 2025).
  • Dynamic Coding Schemes: The insertion of encoder/decoder pairs with secure input/output channels can algorithmically break the algebraic necessary conditions for covert attackability. With one secure actuator and two distinct secure sensors, dynamic coding layers guarantee that covert channels are mathematically impossible under the modeled attacks without degrading control performance. The required conditions for eliminability are characterized in Theorem 3.2 of (Taheri et al., 9 Dec 2025).
  • Active Statistical Monitoring: Continuous real-time distribution checks (e.g., Kolmogorov–Smirnov for IAT) or windowed frequency monitoring can reveal periodic covert sequences (Kalmbach et al., 2020, Ying et al., 2019).

5. Generalizations and Extensions to Other CPS Architectures

Several works outline extension to wider CPS and embedded-network topologies:

  • Other Frequency-Scaling Architectures: AMD Precision Boost and ARM big.LITTLE DVFS mechanisms show similar n-to-frequency mappings; practical feasibility depends on transition response time (e.g., on Zen+ CPUs, ~100–400 ms frequency settling limits covert rate to ≈1 bps) (Kalmbach et al., 2020).
  • Fieldbus and Industrial Networks: Any deterministic, periodic fieldbus (e.g., LIN, FlexRay, Modbus/TCP) can carry timing-based covert authentication or exfiltration. Wireless sensor protocols (e.g., ZigBee, WirelessHART) are similarly vulnerable to LSB/timing data hiding (Ying et al., 2019).
  • Defensive Applications: Not all covert channels are offensive vectors. As in TACAN, one can use covert channels for authentication and integrity verification, deliberately flipping the paradigm to leverage them for system defense with zero protocol change and minimal capacity cost (Ying et al., 2019, Ying et al., 2019).

6. Open Problems and Future Directions

  • Scalable Defense Mechanisms: Existing dynamic coding schemes are centralized, and their extension to large-scale or distributed multi-agent CPS remains unaddressed. Minimal secure channel topologies for complete defense are not fully characterized (Taheri et al., 9 Dec 2025).
  • Adaptive and Robust Parameterization: Dynamic system conditions (load, temperature, traffic) introduce parameter drift and may increase BER or facilitate detection. Parameter adaptation techniques and robust calibration models are an ongoing research direction (Ying et al., 2019).
  • Comprehensive IDS Integration: Seamless integration of multi-modal sensors, cryptographic attestation, and runtime statistical defense promises further reduction in practical covert capacity, but incurs cost and complexity.
  • Detection Limits and Theoretical Bounds: Fundamental limits on residual capacity and undetectability in various physical-layer channels continue to be investigated, particularly as systems integrate more advanced side-channel-aware actuation and estimation.

7. Representative Case Studies

  • TurboCC (Intel Turbo Boost): Achieves up to 61 bit/s idle, 43 bit/s at 25% load. Robust up to 37.5% CPU load, detected only by high-rate frequency monitoring. Disabled only by significant system-level performance penalty (Kalmbach et al., 2020).
  • TACAN (CAN bus Authentication): Hybrid IAT/LSB channel achieves 93 bps; IAT and LSB alone ≈62 bps each; observed BER <0.01% (IAT, L=5), <0.3% (EcoCAR). Bit-level authentication with undetectability by legacy protocols (Ying et al., 2019, Ying et al., 2019).
  • Physical Exfiltration via Edge-Device Dynamics: 0–10 bps for drones/robotic arms, with BER highly sensitive to bit interval and observer accuracy; no detector alarms when the channel is appropriately tuned (Chan et al., 2022).
  • Optical Mouse Channels: ~10 bps torch-to-mouse, 0.5 bps mouse-to-mouse, <1% to 10% BER depending on range and ambient conditions (Alshangiti et al., 2019).

Cyber-physical covert channels represent a mature, mathematically grounded field of study. Their existence and eliminability can be systematically characterized through system-theoretic constructs—particularly Markov parameter alignment and controllability/observability duality. Although concrete instantiations may vary across application domains, the fundamental challenge is to design robust, performant systems where cyber-physical feedback cannot be subtly subverted to enable unauthorized, undetectable communication (Kalmbach et al., 2020, Taheri et al., 9 Dec 2025, Chan et al., 2022, Ying et al., 2019, Ying et al., 2019, Alshangiti et al., 2019).

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Cyber-Physical Covert Channels.