Detecting WiFi Covert Channels

Master Thesis


Analysis: 10
Empiricism: 1
Implementation: 3
Literature Research: 4


Covert channels are communication techniques that enable a sender to transfer data stealthily. Such channels can be implemented at all layers of the IEEE 802.11 standard to compromise the security of the communication network. Utilizing inexpensive and off-the-shelf software-defined radios (SDRs) enable an attacker to easily implement sophisticated covert channels at physical layer (PHY) of IEEE 802.11, which are undetectable via conventional passive channel monitoring techniques. This master thesis aims at statistically analyzing and detecting PHY-based Wi-Fi covert channels. It provides modified existing orthogonal frequency-division multiplexing (OFDM) transceiver implementation based on GNU Radio real-time signal processing framework as well as a MATLAB-based OFDM receiver, in which statistical metrics for the detection the covert channels presented in [1] are implemented. Our results show that the Camouflage Sub-carriers covert and cyclic prefix (CP) Replacement covert channel are detectable, however, from the results of our metrics the detectability of the STF-PSK and CFO-FSK covert channels could not be assessed.


  1. Jiska Classen, Matthias Schulz, and Matthias Hollick. Practical Covert Channels for WiFi SystemsIEEE Conference on Communications and Network Security (CNS), September 2015.


Covert channels aim at hiding traffic from others. Compared to the cryptographic attacker who can eavesdrop communication but is unable to decipher it, covert channels hinder from successful eavesdropping. Even if the covert channel gets successfully recorded, statistical analytics can not show if the recorded data contain a covert channel or not.

The wireless physical layer is perfect for hiding data, since transmissions are subject to noise from the environment that is hard to predict. However, this noise is not arbitrary and covert channels exceeding certain noise characteristics might be detectable.





We aim at creating easy-to-use covert channels that are secure from sophisticated attacks.

Start: 01.06.2017


Student: Serafettin Ay

Research Areas: Sichere Mobile Netze, CROSSING , S1



Prof. Dr.-Ing. Matthias Hollick

Technische Universität Darmstadt
Department of Computer Science
Secure Mobile Networking Lab 

Mornewegstr. 32 (S4/14)
64293 Darmstadt, Germany

Phone: +49 6151 16-25472
Fax: +49 6151 16-25471


A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Suche Suche | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang