Overt & Covert Channels.

What is an “overt channel?”

An “overt channel” is a method of communications within a computer or computer network which conforms to the intended design of the system. Overt channels within a communications system fall within the normal, expected operation.

Overt channels are:

• Intentional – The methods of communicating are used as intended.
• Visible – The existence of communications are visible within the channel and open to normal monitoring or auditing. Note that this does not imply that the communications are exposed or unencrypted.
• Compliant – Security controls that apply to the methods are adhered to by design.

What is a “covert channel?”

A “covert channel” is a method of communications within a computer or computer network which operates outside the intended design of the system, often exploiting oversights in the design or implementation. Covert channels do not exceed authorization but circumvent normal security controls, as they typically function outside of expected operation.

Overt channels are:

• Unintended – The methods of communicating are NOT used as intended.
• Hidden – The existence of communications are invisible and not subject to normal monitoring or auditing. Note that this does not imply that the communications are encrypted.
• Ungoverned – Security controls are not adhered to because the communications fall outside of the designed controls.

What is an example demonstrating overt and covert channels?

Consider a photo sharing website: users are allowed to create accounts, upload their own personal images, and view images of other users. An image may be liked, saved as a favorite, or downloaded. All users confirm adherence to an acceptable use policy that defines authorized and unauthorized use of the system. Extensive security controls enforce the policy and programmatically check for ownership, determine copyrights, and block any illicit or unauthorized images.

A user who uploads a personal image, shares it, has that image viewed by other users, and has that image downloaded by a friend is communicating via an overt channel. The information shared in the image (people, places, things), are communicated as expected and within the oversight of the website company.

A user who uploads a customized image containing a message encoded into the image with steganography, shares it, has that image viewed by other users, and has that image downloaded by a friend who decodes the stenography is communicating via a covert channel. The information shared in the image (the stenography-encoded message) is communicated outside of normal operations and outside the oversight of the website company. Note that, in this example, the encoded message may be viewed by anyone who knows to look for it.

Via a covert channel:

• The user and his friend communicate via the photo sharing website.
• The communication occurs at the expense of the website company.
• The communication did not violate a terms of use (in this example) because stenography was not addressed in the website company’s policies.
• The communication did not violate any specific authorization or technical control. In fact, it passed all technical controls… because nothing in the system checked for stenography!
• The website company is unaware that the covert channel exists, nor do they know that hidden communications are occurring on the infrastructure.

Theoretically, the user and his friend could communicate, anonymously, across the world via the photo sharing website without anyone ever knowing that communications were occurring. Deletion of the images deletes every trace of the communications.

Our Name

Why we chose “overt channel” as the name of our company.