Jekyll2026-03-21T12:06:04+01:00/feed.xmlPersonal Website of Steffen Wendzel2026-02-28T03:13:37+01:002026-02-28T03:13:37+01:00/misc/2026/02/28/history-cc The core idea of covert channel amplification is to minimize the amount of data that must be sent through the channel. Why? Because with amplification, an adversary aiming to detect/block the covert channel has less traces to analyze (e.g., during Internet censorship). **This is achieved by sending a small pointer through the covert channel that references larger data observed or found elsewhere.** ## 1. DYST (IEEE TDSC 2025, pre-print published 2022) Authors: Steffen Wendzel, Tobias Schmidbauer, Sebastian Zillien, Jörg Keller [Our paper on DYST (*Did You See That?*)](https://doi.org/10.1109/TDSC.2024.3410679) **introduced the concept of covert channel amplification**. Covert channel amplification aims to **transfer fewer message bits through the covert channel than are actually delivered to the receiver**. This can be **achieved by sending *small* pointers through the covert channel that refer to data that is *larger* than the size of the pointer**. For instance, if we send a two-bit pointer through the covert channel and the pointer refers to three bits of secret data, we achieve such an amplification. However, one must ensure that the size of the pointer does not grow at the same rate as the size of the data. In case of DYST, broadcast or on-path packets are monitored: The covert sender computes a hash value over each packet observable by both, covert sender and receiver. Once a hash value matches the secret message, the covert sender sends a signal to the receiver. Here, the hash value is longer than the size of the pointer. The DYST paper presents the concepts of both, **history** covert channels and **predictive** covert channels. Both types of covert channels achieve an amplification, either by pointing to already seen data (history) or to anticipated data (prediction). However, a key limitation of this initial paper is the slow transmission rate of DYST (see *3. Silent History Protocol* below). ## 2. OPPRESSION (AsiaCCS'24) Authors: Sebastian Zillien, Tobias Schmidbauer, Mario Kubek, Jörg Keller, Steffen Wendzel In comparison to DYST, which can handle all types of data, [OPPRESSION (*Open Knowledge Compression*)](https://doi.org/10.1145/3634737.3637676) is exclusively focusing on **textual data**. We assume that covert sender and receiver both have access to some identical online content, e.g., public (fake) news websites or other online content. They both crawl these websites to generate a dictionary of sentences that they can point to (using elements of so-called *Patricia tries*). To transfer a secret message, the covert sender sends a pointer to a tree element (representing (part of) a sentence) to the receiver. Like in case of DYST, an amplification is reached by keeping the pointer shorter than the sentence being pointed to. ## 3. Silent History Protocol (JISA 2026) Authors: Christoph Weißenborn, Steffen Wendzel The idea of the [*Silent History Protocol* (SHP)](https://doi.org/10.1016/j.jisa.2026.104431) is to address the limited transmission rate of the original DYST. One approach how this is achieved is to point to characteristics of *flows*. For instance, the sender can reference intra-connection packet numbers and intra-connection delays as well as other attributes. The SHP significantly increased the transmission bitrate of DYST. ## 4. AMPhitryon (IFIP SEC'26 (in press)) Authors: Steffen Wendzel, Sebastian Zillien, Sebastian Zander The idea behind *AMPhitryon* ([pre-print](https://www.wendzel.de/dr.org/files/Papers/IFIPSEC2026_submitted_version.pdf), final version available soon) is to realize a covert channel **amplification in a flow-wise manner**. For each flow, sender and receive observe unencrypted payload (before encryption / after decryption) and both build a dictionary of observed content from the flow. For instance, every message in a chat is added to the dictionary. Once a chunk is sent again, it can be referenced using the dictionary. No explicit exchange of the built dictionaries between sender and receiver is necessary because sender and receiver observe the same traffic. Also, in contrast to OPPRESSION, neither sender or receiver need to crawl any website or online content. In essence, AMPhitryon can be considered a compression scheme that **can be used for arbitrary censorship circumvention/covert channel tools as well as other scenarios, such as the compression of IoT sensor data transmissions**. ## Changelog 2026-03-11: - added AMPhitryon pre-print and brief explanation 2026-02-28: - Initial version]]>

2021-02-23T13:00:27+01:002021-02-23T13:00:27+01:00/misc/2021/02/23/new-website

2021-02-01T00:00:00+01:002021-02-01T00:00:00+01:00/misc/2021/02/01/venia-legendi

2021-01-04T00:00:00+01:002021-01-04T00:00:00+01:00/misc/2021/01/04/new-release-usenet-server