A covert channel is a type of security attack that operates outside the usual parameters associated with the computer security protocols used to protect the system. Essentially, this type of computer security breach makes it possible for data to be accessed and transferred between processes in a manner that would normally not be allowed by those protocols. Identifying the presence of a covert channel is not necessarily difficult, although most breaches of this type will attempt to mimic legitimate operations and thus remain undetected by the security measures. Depending on the type of computer surveillance software used to monitor a system and the presence of some sort of flaws that allow computer security exploits, the monitoring will often detect something unusual about the way data is being used and ultimately become aware of the attack.
One of the easiest ways to understand how a covert channel works is to think in terms of two people who are carrying on a conversation in what they believe is a secure place. What they don’t know is that a third party has planted a listening device in the room with them and is capturing every word they say. The device is not interfering with the exchange of information between the two parties, but it is allowing an unauthorized party to gain access to that information and possibly use it for purposes that are not authorized by either of the two speakers. In a sense, this is what a covert channel provides; access to data that would not be possible otherwise, allowing the recipient to utilize it without the permission of the owners of the accessed data.
Typically, a covert channel is not of the highest quality. The need to create as small a footprint as possible means that the bandwidth used to drive the channel will be low. This in turn can mean that capturing and transferring data may be more time-consuming than utilizing the protocols that are allowed by the system’s security measures. Since the rate of transfer is limited to smaller blocks of data, the transfer can be extremely tedious, requiring a fair amount of patience. The chances of the covert channel being discovered are higher the longer it is active, so the originators of the security attack will normally only allow so much time for an active session before closing the channel and returning later for another session.
Many of the security protocols designed and implemented in both business and home computing systems since the beginning of the 21st century include the ability to make note of the irregularities in resource use and the small amount of energy that covert channel attacks usually generate. Assuming the channel is left open long enough for the security mechanisms to detect the breach, the issue can normally be dealt with in a short period of time. This in turn allows the system owners and operators to devise additional security measures that help to minimize a recurrence of this type of security breach at a later date.