Leveraging public posts and comments as covert channels

Many Internet-facing websites allow for account creation and the subsequent posting of comments from that account. If comments are crafted according to a known encoding scheme, they can covertly indicate to an observer a piece of data present in the URL of the page where the comment resides. If these comments are similar enough to the typical comments being posted, they will give no indication that a transmission of data is occurring.

[1]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[2]  Bo Yuan,et al.  Webpage Source Based Covert Channel , 2012 .

[3]  Daryl Johnson,et al.  Behavior-Based Covert Channel in Cyberspace , 2009 .

[4]  Robert C. Newman Covert computer and network communications , 2007, InfoSecCD '07.

[5]  Hong Zhao,et al.  A novel scheme of webpage information hiding based on attributes , 2010, 2010 IEEE International Conference on Information Theory and Information Security.

[6]  Xingming Sun,et al.  Detection of Hidden Information in Webpage , 2007, Fourth International Conference on Fuzzy Systems and Knowledge Discovery (FSKD 2007).

[7]  Bo Yuan,et al.  Covert channels in the HTTP network protocol: Channel characterization and detecting man-in-the-middle attacks , 2010 .