Efficient distributed network covert channels for Internet of things environments

Each day more and more Internet of Things (IoT) devices are being connected to the Internet. In general, their applications are diverse but from the security perspective, it is evident that they are increasingly targeted by cybercriminals and used for nefarious purposes. Network covert channels form a subgroup of the information-hiding research area where secrets are sent over communication networks embedded within the network traffic. Such techniques can be used, among others, by malware developers to enable confidential data exfiltration or stealth communications. Recently, distributed network covert channels have raised the attention of security professionals as they allow the cloaking of secret transmission by spreading the covert bits among many different types of data-hiding techniques. However, although there are many works dealing with IoT security, little effort so far has been devoted in determining how effective the covert channels threat can be in the IoT henvironments. That is why, in this article, we present an extensive analysis on how distributed network covert channels that utilize network traffic from IoT devices can be used to perform efficient secret communication. More importantly, we do not focus on developing novel data-hiding techniques but, instead, considering the nature of IoT traffic, we investigate how to combine existing covert channels so the resulting data transfer is less visible. Moreover, as another contribution of our work, we prepare and share with the community the network traffic dataset that can be used to develop effective countermeasures against such threats.