The goal of this covert channel is to prove the feasibility of using encrypted HTTPS traffic to carry a covert channel. The encryption key is not needed because the original HTTPS payload is not decrypted. The covert message will be appended to the HTTPS data field. The receiver will extract the covert channel and restore the original HTTPS traffic for forwarding. Only legitimate HTTPS connections will be used as the overt channel. A Man-in-the-Middle (MITM) attack at the sending and receiving ends will give access to modify the traffic streams. The HTTPS return traffic from the server can carry a covert channel. Without the original HTTPS traffic for comparison or the original encryption keys, this covert channel is undetectable.

Date of creation, presentation, or exhibit



© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Document Type

Conference Paper

Department, Program, or Center

Department of Computing Security (GCCIS)


RIT – Main Campus