A Long-term Perspective of the Internet Susceptibility to Covert Channels

Modern malware now takes advantage of information hiding to avoid detection and implement various offensive and elusive mechanisms. The creation of covert channels, i.e., parasitic communication paths nested within legitimate traffic, is becoming a prime tool to exfiltrate sensitive information or retrieve additional malicious payloads. Despite their impact on the security of the Internet, a precise evaluation of the susceptibility of network traffic to covert channels is missing. Moreover, since the hiding capacity is driven by the targeted protocol and its diffusion, understanding their evolution is vital to engineering countermeasures. To fill such a research gap, this paper discusses how the susceptibility to information hiding mechanisms of major Internet protocols evolved from 1999 to 2021. Results suggest that a periodic quantification of the phenomena should be part of the continuous cyber security monitoring.