Combating Adversarial Covert Channels in Wi-Fi Networks

Physical layer covert channels exploit the characteristics of radio signals to convey secret messages while remaining inconspicuous within wireless channels. With specifically designed modulation schemes, covert channels effectively disguise secret messages as noise. Since the intentionally embedded noise dissipates when the radio signal is decoded as a bitstream, adversaries can maintain a stealthy breach in communication systems. IoT devices, particularly, often utilize vendor-specific firmware and hardware whose security verification is too complex for everyday users. Hence, these devices can easily be compromised to transmit their data to unauthorized adversaries via the covert channels. To this end, we propose a novel countermeasure system, Ghost-Fi Detector, which detects the covert channels reliably and comprehensively. Our attack models reflect a real-world wireless network technology, Wi-Fi, and cover three aspects of its radio signal characteristics including amplitude, phase, and frequency. Since each model induces distinct manifestations in the received signal, there is no dominant universal detection mechanism that detects all the attack models simultaneously. Instead, Ghost-Fi detector consists of six precisely designed complementary defense mechanisms that perform passive radio-frequency analyses. Evaluation results show that Ghost-Fi Detector achieves an average hit rate of 95% with an almost zero false-positive rate for arbitrary Wi-Fi frames.


I. INTRODUCTION
Wireless covert channel technology aims at the establishment of stealthy communication links between predefined hosts. To achieve this, the transmitter encodes a secret message into a covert channel behind a legitimate channel. A receiver aware of the covert channel can decode both the legitimate message and the covert message with the shared decoding rule, whereas an innocent receiver can decode only the legitimate message. Since the wireless covert channel does not induce much superficial difference, it is very difficult for The associate editor coordinating the review of this manuscript and approving it for publication was Yan Huo . innocent receivers to detect the covert channel without proper prior knowledge. In other words, the transmitter can send secret messages while keeping the receiver unaware of the covert channel.
In this context, we particularly focus on a certain type of wireless covert channels that manipulates modulation schemes to send covert messages. Among the various covert channel technologies, the modulation-based approach has a unique position with the following three features. First, the methods achieve very high throughput, while other approaches transmit only a few bytes per packet or one bit per packet interval [1], [2], [3], [4], [5], [6], [7], [8]. Second, the studies create covert channels in the physical layer by The user wants to transmit a PSK modulated signal to the receiver, but the signal also includes ASK modulated covert bits. Then, the adversarial covert channel allows Ghost-Fi to transmit unauthorized messages with high throughput level of Mbps.
tampering radio signals, whereas other approaches utilize unused fields of specific protocols or meta-information of frames [9], [10]. Third, the legitimate channel is preserved to be decoded even after adding artificial noise which encode the covert messages. It is worth noting that other hosts receiving the covert packet simply take it as a noisy packet. Since the radio signal is very temporal and volatile, manifestations of the covert channel in the wireless signal resemble mere noise; covert messages vanish into the air when only legitimate messages are decoded. Besides, covert channels do not affect the establishment of legitimate channels, hence forestalling the/ innocent receivers from recognizing the additional channel. This makes the modulation-based covert channels invisible to the existing network security solutions.
Although a wide range of studies propose to detect the covert channels [11], [12], [13], they cannot be applied to the recent modulation-based approach. The detection methods use meta information of the received packets such as interarrival time. However, the problem is that the covert messages are embedded in the physical layer, and innocent receivers always remove the intended noise silently before transferring the packets from the physical layer to the upper layers, i.e., decapsulation. Thus, the existing detection solutions that work on the upper layers cannot detect the modulation-based covert channels.
In light of the features, we ask how we can detect the presence of the covert channels when the modulation-based covert channels are used by adversaries for information leakage. This paper identifies an emerging class of side-channel attack named modulation-based covert channel attack, where the attacker transmits unauthorized messages with compromised modulation schemes. We refer to the compromised Wi-Fi transmitters as Ghost-Fi. Ghost-Fi comprehensively covers attack models on a real-world wireless network technology, Wi-Fi, with the modified characteristics of radio signals such as amplitude, phase offset, and frequency. While the artificial noise cannot be distinguished from general noise at the legitimate receiver, the adversary can decode the artificial noise into the covert messages. Especially in Wi-Fi, the problem is exacerbated by the fact that the link throughput by the modulation-based covert channels can reach Mbps-level. Fig. 1 illustrates the concept of Ghost-Fi. For example, we suppose that the adversary shifts the amplitude of the legitimate symbols to encode covert symbols. The user considers that the symbols are modulated by a Phase Shift Keying (PSK) modulation scheme, but Ghost-Fi makes the symbols have different amplitude levels to create a covert channel. Unfortunately, the legitimate receiver does not recognize the covert channel and only demodulates the legitimate channel with PSK since it expects phase-modulated symbols. On the other hand, the attacker acts as a passive eavesdropper who can decode the signal and obtain a covert message using different amplitude levels (i.e., Amplitude Shift Keying (ASK) modulation scheme). We call this type of attack modulation-based covert channel attack.
Once the covert channel is established, Ghost-Fi will continually transmit unauthorized messages in the covert channel. For example, Wi-Fi enabled Internet of Things (IoT) devices such as drones, IP cameras, and Digital Video Recorder (DVR) can be exploited as Ghost-Fi and transmit their sensing data to the adversary using the covert channels. The IoT devices often have vendor-specific firmware and hardware, but the security testing or verification of them is not easy for everyday users. Then, the hardware exploitation and firmware compromising can lead to the establishment of covert channels [14], [15]. More seriously, even if the systems are physically separated or isolated, namely air-gapped networks, the covert channels can be used for information leakage [16].
We present Ghost-Fi Detector as a countermeasure system to mitigate the threat of modulation-based covert channel attacks. Since the adversary acts as a passive eavesdropper, it is hard to locate the adversary directly. Hence, Ghost-Fi Detector investigates the received signal from a suspicious transmitter and determines whether the covert channel exists or not. Our approach is based on the passive observation that the creation of a modulation-based covert channel has certain effects on the constellation map of the received signal. Then, the altered features of the modulation schemes provide a critical clue for detecting the covert channels.
The main challenge is that the detector has no prior information about the adversary's modulation schemes of which component is being manipulated. Therefore, the detector should consider all the possibilities of the covert channels in the received signals. However, since each component brings separate manifestations for the radio signals, there is almost no general-purpose solution with a single detection mechanism. Furthermore, unwanted noise is always included during radio propagation, so the detector should correctly determine if there is a covert channel or common noise in the suspicious incoming signals. To detect any type of modulation-based covert channel without prior knowledge, Ghost-Fi Detector is composed of elaborately designed defense mechanisms based on Automatic Modulation Classification (AMC), frequency offset estimation, and Radio Frequency (RF) characteristics on the received signal, respectively.
First of all, we are motivated that the covert channels must have statistically biased noise values to send covert messages, whereas the common noise is assumed to follow Gaussian noise. We calculate high-order cumulants and wavelet transform of the received signals. Since the receiver knows what modulation scheme is used to make the legitimate channel, the results should follow the theoretical cumulants. However, when the covert channels exist, the results would be different from the expected values. While general AMC techniques are used to classify unknown signals based on the distinct characteristics of known modulation schemes, we use the techniques to detect the existence of covert channels. Second, since Frequency Shift Keying (FSK) modulation is not effectively identified by AMC techniques, we estimate Carrier Frequency Offset (CFO) for each symbol. If any fluctuations occur in the CFO, we can determine that a CFO-based covert channel attack is detected. Third, we analyze RF characteristics such as Error Vector Magnitude (EVM), amplitude, and phase. If the variance values of the RF characteristic distributions deviate from predefined confidence interval, we determine that the received signal is suspicious. Finally, Ghost-Fi Detector concludes whether the covert channel is detected or not from the defense mechanisms.
The major contributions of this work are as follows.
• We focus on an emerging class of attack, termed modulation-based covert channel attack, where the attacker eavesdrops on unauthorized messages that are continually sent by the Ghost-Fi's covert channel. Further, our attack models consider the real-world wireless network technology, Wi-Fi, and cover three aspects of the radio signal characteristics amplitude, phase offset, and frequency offset, comprehensively.
• We design a countermeasure system, Ghost-Fi Detector.
Since there is no dominant universal detection mechanism for the various modulation-based covert channels, our system consists of six effective defense mechanisms based on two AMC techniques, CFO estimate, and three RF characteristics-based methods, including distributions of EVM, amplitude, and phase.
• We implement three types of Ghost-Fi on softwaredefined radios and evaluate the performance of Ghost-Fi Detector in real-world scenarios. Through extensive experiments and simulations, our results show that Ghost-Fi Detector achieves an average hit rate of 95% with almost zero false positives. The rest of the paper is outlined as follows. In Section II, we classify and discuss the existing covert channel techniques. We introduce our system model for the Wi-Fi signal and design the adversarial model in Section III. Section IV describes the details of modulation-based covert channel attacks that aimed at hiding covert messages in noise. In Section V, we present the defense mechanisms for Ghost-Fi Detector. Then, we evaluate and analyze the performance of our implementation in Section VI. Finally, we conclude our work in Section VII.

II. RELATED WORK
While the term covert channel was first used in 1973 [17], and the covert channels in wired and wireless computer communications have been studied comprehensively [11] and in each layer [18], the existing research on modulation-based wireless covert channels have received attention in just a few years.
In this section, we briefly introduce a survey on wireless covert channels applicable to Wi-Fi networks, in three aspects: i) covert storage channels, ii) covert timing channels, and iii) modulation-based covert channels as emerging covert channels. Besides, we discuss why the detection problem of modulation-based covert channels is crucial.

A. COVERT STORAGE CHANNELS
Covert storage channels allow the writing of shared objects by a sender and the reading of the object by a receiver [19]. Typically in Wi-Fi networks, the shared objects can be a portion of the Wi-Fi frames such as signal field, OFDM padding, and ACK frames [6], [9], [20].
Yang et al. [21] confirm that the on/off state of Wi-Fi transceiver can be controlled without permission, which can create a covert channel using Wi-Fi backscatter communications [22]. Subramani et al. [23] demonstrate that a malicious hardware trojan in Wi-Fi transceiver can build a covert channel by transmitting modified codewords which will be silently corrected by forward error correction of the legitimate receiver. Although these approaches are insightful, their covert channels can be easily detected by Wi-Fi transceivers with an automated monitoring mechanism.

B. COVERT TIMING CHANNELS
Covert timing channels allow a sender to modify its usage of resources over time so that a receiver can observe the usage to decode covert messages from the sender [19]. Traditionally, a sequence of frame inter-arrival times sent by a legitimate sender is modified by the covert channel sender to encode covert messages. Shah and Blaze [24] show that jamming a legitimate Wi-Fi channel creates a covert timing channel. Ogen et al. [25] extend the result from [24] by low-power micro-jamming from a commercial Wi-Fi device. Holloway and Beyah [10] propose a covert timing channel, which controls and modifies the random backoff of the Wi-Fi CSMA/CA mechanism. The channel is realized using off-theshelf Wi-Fi devices in [26]. Kiyavash et al. [27] implement hardware malware by modifying the random backoff to leak covert messages. Sheikholeslami et al. [28] uses the number of packets transmitted in a time slot. In many cases, covert timing channels have low covert data rates due to the limited number of controllable timing parameters in Wi-Fi networks. Besides, the covert timing channels can be detected based on inter-packet delays [13], [29].

C. EMERGENCE OF MODULATION-BASED COVERT CHANNELS
With the emerging interest in the potential of the physical layer, many researchers present new threat models and secure communication methods using the properties of a radio signal [30], [31], [32], [33]. While the above research efforts for covert storage channels have focused on the modification of bit-level states in Wi-Fi networks mainly, some recent studies move forward to the physical layer, e.g. symbol-level or signal-level states, by using different signal processing techniques. These approaches are motivated by an observation that for better reliability, the transmitters often choose lower-level modulation schemes in low-SNR environments, which makes the rooms for an extra capacity of the covert channels. Existing research efforts use the rooms to encode covert messages by modifying the properties of a radio signal such as amplitude [1], [4], [34], phase [35], [36], and frequency offset [37]. We call these types of covert channels modulation-based covert channels.
Shadow Wi-Fi [38] implements a practical physical layer covert channel on a commercial Wi-Fi chipset firmware by the deliberate change of a transmit filter, though it can embed only one covert symbol per frame. While its detection is relatively easy, the work shows the practical feasibility of adversarial modulation-based covert channels. Rahbari and Krunz [39] propose ''P-modulation'' to encode the covert bits into predefined preambles in the 802.11 systems. Another modulation-based covert channel is proposed in [1] with a high throughput of Mbps. The aforementioned research efforts mainly focus on the feasibility of the proposed covert channels. On the contrary, our work tries to detect the three types of modulation-based covert channels with our detection mechanisms in practical settings of Wi-Fi networks. We believe that our work can be also easily applicable to other OFDM-based wireless systems.

D. DETECTION OF MODULATION-BASED COVERT CHANNELS
While the focuses of the existing studies are in introducing novel covert channels by manipulating the physical-layer characteristics of radio signals, the methods used by the authors are closely related to the attack models presented in this paper. Since the modifications of radio signals are removed in the decoding process at the physical layer, it is very hard to recognize them by the existing detection methods in the upper layers [40], [41]. Xie et al. provide two detection mechanisms for the physical layer covert channels theoretically [42]. However, the methods are based on decoding errors that the attacker does not want to cause and do not encompass practical implementation such as OFDM frames in Wi-Fi networks. Further, frequency-shifted covert channels are not considered in their attack models. In [1] and [35], the distributions of EVM and amplitude are proposed as the evidence of covert channels, however, no specific countermeasures are proposed. Besides, the applicability of the distributions to various covert channels is not investigated. Figure 2 shows the three types of covert channels in IEEE 802.11. The modulation-based covert channel can embed as many bits as the number of data bits transmitted, whereas other types of covert channels contain only a few bits per a single frame. When the transmitter transmits a frame containing a lot of data bits, the number of covert bits increases, and the threat increases as well. Fortunately, the detection of the FIGURE 2. Classification of covert channels: Covert timing channels change the Inter Packet Delay (IPD), which can embed at most a single bit for a single packet interval. Covert storage channels modify the unused bits in the header which are also small parts of the frames. On the contrary, modulation-based covert channels embed their bits on the data fields (i.e., OFDM symbols) which occupy most of the frame. covert storage and timing channels is relatively easy to detect since the analysis of the arrival time of the packet through the timestamp and the analysis of the bits contained in the header are possible through network analyzers in the upper layers. However, the problem is that the covert bits embedded by the modulation-based covert channels are removed when the received digital signal is decoded to ideal symbols in the physical layer. Hence, no evidence remains in the upper layer, which makes it difficult to know that the victim is being attacked. Therefore, in this paper, we present a system to detect the modulation-based covert channel attacks on the physical layer.

III. SYSTEM MODEL
In this section, we describe the signal model for covert channels in OFDM that our detection system should capture. We also introduce the adversarial model which defines the capabilities of the adversary on the signals.

A. SIGNAL MODEL
Suppose that the symbols in the digital input sequence of n-th subcarrier w n (kT ) with a symbol period T is turned into the analog pulse w a,n (t) as follows: where δ(·) is the Dirac delta function. In Wi-Fi networks, especially in 802.11a/g, we use 48 data subcarriers, 4 pilot subcarriers, and 12 null subcarriers among total N = 64 subcarriers. To create the covert channels, Ghost-Fi slightly changes the constellation value of w n (kT ). The details are given in Section IV. The OFDM block with K transmitted complex data symbols is represented as: where j 2 = −1, N denotes the number of subcarriers, f c and f n are the carrier frequency and subcarrier frequency of the nth subcarrier, p(t) is the transmit pulse shape, and ⊗ is the convolution, respectively. For 802.11a/g, the OFDM block consists of 64-point Inverse Fast Fourier Transform (IFFT) and 16 CP samples added to the front. Then, the transmitted signal passes through propagation channels to the receiver. After down-conversion, the baseband received signal can be represented as: where f CFO is the carrier frequency offset, θ is the time-invariant phase shift, h(t) is the channel impulse response, and ω(t) is a baseband complex noise. At the receiver's side, the demodulated symbolsŵ n (kT ) are obtained from the received signal r(t) with the receive filter g n,k (t):ŵ where r (t) is the CFO corrected version of the received signal with the CP removed, (·) * denotes the complex conjugate operation, and g n, which is a time-frequency shifted version of the received pulse g(t).
In short, a generic OFDM symbol is transmitted with pulse-shaping as Eq. 2, passed through propagation channels and down-conversion as Eq. 3, and demodulated as Eq. 4.

B. ADVERSARIAL MODEL
Our adversarial model posits that maliciously manufactured devices such as drones, IP cameras, and DVR can be installed and act as Wi-Fi transmitters to provide their service. Then, each device roles as Ghost-Fi which is compromised by an attacker and has a modified modulation scheme, as detailed later in Section IV. The attacker can use an ill-defined Wi-Fi chip and firmware [43]. The malware also can be used for unauthorized modifications of modulation schemes in software-defined radio systems [44]. Once an adversarial device is in the vicinity of the compromised device, it can decode the covert channel in the transmitted signals and store the acquired information. For example, a user deploys Wi-Fi enabled cameras or drones for surveillance of the surroundings, a compromised drone can be used to live stream illegitimate videos over the covert channels. Even worse, it is challenging to detect the compromised device because the legitimate channel behaves as usual. We summarize the capabilities of the adversary as follows: • Locate (A): The adversary A is always aware of the existence of Ghost-Fi and can be located wherever he can listen to the signals from Ghost-Fi. Note that A acts as a passive eavesdropper who does not emit any radio signals.
• Hide (C, m c ): A covert message C is encoded with a modulation scheme m c by manipulating the signal characteristics such as amplitude, phase offset, and frequency offset. Ghost-Fi can choose any m c to hide a covert message C with this capability The adversary always observes the radio channel of Ghost-Fi and receive a signal S modulated by a legitimate modulation scheme m p with a modulation scheme for covert channels m c .
• Decode (S, m c ) −→ C: This function models the adversary's ability to obtain a covert message from the signal S using the previously known modulation scheme m c .
• Configure (m c , {P 1 , P 2 , . . . , P i }): By default, in order to conceal the modulation scheme m c , Ghost-Fi attempts to remain invisible and to achieve desirable resolution by using various parameters {P 1 , P 2 , . . . , P i }.

IV. MODULATION-BASED COVERT CHANNEL ATTACK MODELS
We provide three concrete attack models which our detection system has to distinguish from the legitimate channels.
In general, radio signals have three components: amplitude, phase, and frequency. Based on the techniques of existing covert channels, an adversary manipulates one of the components such as amplitude [1], [4], [34], phase [35], [36], and frequency offset [37]. To include additional covert symbols in the radio signals, it is necessary to use a modulation scheme with a low baud rate as a legitimate channel. In the following models, we use the room between the actual capacity of Quadrature Phase Shift Keying (QPSK) and the theoretical maximum capacity to encode the covert symbols, when the QPSK modulation scheme does not fully utilize the Shannon capacity, the theoretical limit of the channel capacity.

A. PSK-BASED COVERT CHANNEL ATTACK
In this attack, we focus on phase information of each QPSK constellation point. First, a legitimate message is modulated with QPSK. Afterward, a covert message is modulated also using one more QPSK from each point, which is shown in Fig. 3 (a). Therefore, the constellation point of the legitimate symbol is relocated to one of the four points of covert QPSK, keeping the origin at its original location. We refer to the modulation scheme as DouBle PSK (DB-PSK). Fig. 3 (a) shows the I/Q plane of the DB-PSK covert channel in the ideal case (left) and the actual experiment (right). If the legitimate message 11 is to be sent, one of the four distinct points on the first quadrant is chosen according to the covert symbols to be transmitted. Attackers can be brought to account in our scenario by leveraging the signal model introduced in Section III. Assuming that a covert symbol is modulated by DB-PSK, the analog pulse of the covert symbol is considered in our signal model as follows. Note that the updated w a,n (t) value, w DB-PSK a,n (t), only applies to the subcarriers that carry covert symbols. The percentage of covert subcarriers can be controlled at the implementation stage.
where m(t) is an integer value that depends on the covert messages to be transmitted at time instance t, which in this case is chosen among {0, 1, 2, 3}. The constant 1 7 is the distance between the constellation point of the legitimate symbol and the covert symbol which is used to Configure m DB-PSK , d = 1 7 from the distance of a 64-QAM constellation, e j 2m+1 4 π is a corresponding phase shift, and a binary b n ∈ {0, 1} means whether the n-th subcarrier is used for covert channel or not. The resulting signal shown in Eq. 2 is still valid since the new covert pulse is transmitted in exactly the same process as the legitimate pulse.

B. DIFFERENTIAL AMPLITUDE-BASED COVERT CHANNEL ATTACK
Similar to the ASK modulation scheme, covert messages can be encoded with different power levels in the PSK modulation scheme. In this attack, a covert message is embedded by decreasing the amplitude of the legitimate symbol as several levels. We refer to the attack as Differential Amplitude PSK (DA-PSK), because the shifted amplitude conveys covert messages. Considering the decision boundaries of QPSK modulation, only the phase offset of received signal influences the demodulation results, whereas the amplitude shifts do not have any effects. Hence, DA-PSK enables covert message transmission between Ghost-Fi and eavesdroppers while legitimate receivers would only demodulate legitimate data without suspicion. Fig. 3 (b) demonstrates how a legitimate constellation point is shifted towards the origin, depending on the covert messages in the ideal case (left) and the experiment (right). The linear arrangement of the four constellation points indicate the identical transmitting legitimate symbol. The distance between the origin and each constellation point distinguishes embedded a covert symbol.
We again leverage the signal model in Section III to show how DA-PSK affects the analog pulse as follows: where b n is a binary value that means whether the n-th subcarrier is used for covert channel or not, m(t) is an integer corresponding to the covert message within range [0, 3] at time instance t, and d is the unit of amplitude variation, i.e., dm(t) is the resulting decrease in amplitude of legitimate symbol. With the lower value d, the covert channel mimics normal signals better. From the distance between two diagonally adjacent constellation points in 64-QAM, we select d = 2 7 , which is the minimum distance between two covert constellation points. Furthermore, we also use d = 2 11 from 128-QAM for high SNR environments, i.e., Configure m DA-PSK , d ∈ { 2 7 , 2 11 } .

C. ARTIFICIAL CFO-BASED COVERT CHANNEL ATTACK
In this attack, the carrier frequency of the transmitted signal is shifted to include a covert message with an injected CFO value, allowing the eavesdropper to demodulate the covert channel with an FSK modulation scheme. The legitimate receivers will automatically correct the frequency offset without realizing the existence of the covert channel [45]. Fig. 3 (c) provides the visual where a legitimate Wi-Fi signal is shifted to produce covert symbols. The adversary can detect the intended CFO to demodulate covert messages. We name this attack A-CFO after the artificial CFO. Since the artificial CFO is inserted just before mixing the signal with carrier frequency f c , we can slightly modify the transmitting signal where m(t) is either 1 or -1 because A-CFO conceptually utilizes binary FSK. Note that, in this attack, we do not apply the covert channel to individual subcarriers but to the entire carrier frequency. In this case, f a-CFO should be restricted to preserve the legitimate channel. For our implementation, the legitimate receiver cannot decode the packet with |f a-CFO | ≥ 50 kHz. According to [46], CFO over 600 kHz hinders the legitimate decoding. However, the target signals have consistent CFO for the entire packet, whereas our implementation includes OFDM block-wise CFOs, which require more stringent restrictions. Thus, we select the size of f a-CFO as 5 kHz or 10 kHz which is tight enough to preserve the legitimate channel, i.e., Configure (m A-CFO , f a-CFO ∈ {5k, 10k}).

V. DETECTION SYSTEM DESIGN
We suggest six defense mechanisms in our system design to detect the existence of Ghost-Fi. The solution designs are based on two AMC methods, CFO estimate, and three other RF characteristics. The defense mechanisms construct a countermeasure system Ghost-Fi Detector as shown in Fig. 4. We implement two integration methods, one using a Support Vector Machine (SVM) [13], [47] and the other using an OR gate. The following are the details of the components for Ghost-Fi Detector.

A. AUTOMATIC MODULATION CLASSIFICATION
We derive two solutions from AMC which provides a classifier for given unknown signals [48]. Particularly, we are motivated that the covert channel will have distinguishable statistical features since the attacker and Ghost-Fi must share specific encoding/decoding rules for covert channels. AMC does not require any prior information about the given signal, such as the signal power, frequency offset, phase offset, timing offset as well as unknown data symbols. Among the AMC methods, we adopt cummulant-based and Continuous Wavelet Transform (CWT) approaches. These methods are feature-based methods with lower complexity, whereas other likelihood-based methods provide optimal solutions but suffer from high computational complexity to solve optimization problems. While the original feature-based methods are used to classify unknown signals with the characteristics of known modulation schemes, our system uses the features to detect the existence of covert channels

1) CUMULANT-BASED DETECTION MECHANISM
Rather than the typical AMC algorithm, we use additional information to detect covert channels, such as ideal constellation and signal power. Since Ghost-Fi does not want to affect the demodulation process of the legitimate channel, we can use the theoretical cumulant for a given modulation scheme [49], [50]. Our detection mechanism computes high-order cumulants for the received signal and determines if the constellation is indeed obtained by the given modulation scheme. If the received signal has a covert channel, then the estimated cumulants will be different from the theoretical cumulants. We use high-order cumulant-based features where C i,j (r) is the i-th order cumulant with j conjugated components for received samples r [k]. Using the samples, the second-order cumulants are given by The fourth-order cumulants can be expressed using the following joint cumulant function, (9) where w, x, y, and z are zero mean random variables. For the received samples, we calculate the forth-order cumulants using Eq. 9 as follows.

FIGURE 5. Decision metric of cumulant-based detection mechanism:
The decision metrics of DA-PSK covert channels represent distinguishable characteristics, whereas the metrics of DA-PSK and A-CFO covert channels are located around the metrics of non-covert channels.
Then, we compare the estimated cumulants in Eq. 10 with the theoretical cumulants as Euclidean distance. The cumulant-based detection mechanism uses Euclidean distance as a decision metric. Fig. 5 shows the trend of the decision metric according to the type of covert channels and the distance between Ghost-Fi and Detector in the realworld. It apparently shows that DA-PSK has distinguishable cumulants when compared to the non-covert channel. On the other hand, the cumulant is non-sensitive to the phase jitter and CFO [50]. Indeed, the results show that the decision metrics of DB-PSK and CFO-based covert channels are not clearly separated from the metrics of non-covert channels. Therefore, we need different defense mechanisms to combat various unknown modulation-based covert channel attacks.

2) CWT-BASED DETECTION MECHANISM
Among the feature-based (FB) algorithms, wavelet-based approaches have the distinctive capability to precisely extract the properties of the signal in time and frequency domains, especially using Continuous Wavelet Transform (CWT). We use the CWT-based FB algorithm [51] to analyze the received signal and detect the existence of covert channels. The CWT of the received signal r(t) is defined as where a > 0 is a scale variable, and τ is a translation variable.
To express the received signals as a complex envelope, we adopt Shannon wavelet as a mother wavelet. Since Shannon wavelet is known for its infinite differentiability, analytical expressions, and shapely boundness in the frequency domain, it is expected that it will be able to show the highest detection performance in our goals. The mother wavelet is defined as where B is the bandwidth, and f c is the center frequency. The mother wavelet provides a scaled and translated version of the wavelet called baby wavelet, which is generating ψ a,t (t) as follows: Let the received signal r(t) be presented as where 0 ≤ t ≤ T , θ c is the carrier initial phase, andr(t) is the baseband complex envelope of the signal r(t), defined bỹ where (A i , B i ) are the i-th symbols, N is the number of observed symbols, g(t) is the pulse shaping function of symbol duration T , and f i ∈ {f 1 , f 2 , . . . , f N } is the signal frequency at the i-th symbol. By taking the amplitude of the i-th symbol as S i = A 2 i + B 2 i and the signal r(t) into CWT form, we can extract the transient characteristics of the received signal. Since the characteristics are all distinctive to each modulation technique, this mechanism can detect the existence of a covert channel by comparing these distinctive characteristics. In Fig. 6, we plot the result of the CWT-based detection over non-covert, A-CFO, DA-PSK, and DB-PSK frames with the 100% occupancy of covert subcarriers. The result shows noticeable differences between the covert and non-covert channels with the wavelet transform. Meanwhile, the CWT values of DB-PSK frames have similar results to the values of non-covert frames.

B. CFO ESTIMATE DISTRIBUTION ANALYSIS
We introduce a new defense mechanism that captures the intrinsic characteristics of the CFO-based covert channels. The mechanism can effectively detect the presence of the CFO-based covert channel by statistically analyzing a distribution of corrected CFO estimates. To establish a CFO-based covert channel, an attacker should inject a specific size of artificial CFO corresponding to each OFDM symbol duration. Our key observation is that the sign-changing of artificial VOLUME 10, 2022 CFO value is inevitable to embed the covert bits. In the case of the non-covert channel, these changes are not relatively frequent. Accordingly, the variance of the distribution would be moderate in a specified time window. On the contrary, for a CFO-based covert channel, the sign of CFO estimate value would change frequently, and the distribution would likely appear with significant variance. To this end, we capture this inherent property of the CFO-based covert channel and reflect it into the detection mechanism design to detect the covert channel.
At the receiving chain, the legitimate receiver calculates a CFO estimate by collecting a specified number of the received samples. Each calculated estimate is applied to correct the CFO of received frame and immediately discarded since it is not needed for remaining decoding process [45]. Though a CFO-based covert receiver, proposed in [37], uses a decoding technique to extract covert bits by using a shared CFO value from the attacker's point of view, our mechanism should detect the covert channel from the view of the detector without prior knowledge of the CFO value. Now, we look into the CFO correction procedure to how the mechanism utilizes the complete symbol-wise CFO estimate. In the receiver, an incoming signalr A-CFO (t) is down-converted and observed as follows: where f CFO is the true CFO originated by nature and B(t) represents the baseband time-domain transmit signal. Since a legitimate receiver does not know about the artificial CFO, m(t)f a-CFO , it tries to cancel out the entire f CFO + m(t)f a-CFO as if it is the true CFO. Our goal is to follow this correction procedure and harness the complete symbol-wise CFO estimate to observe its distribution. Based on the typical CFO correction procedure of the receiver, we can express a complete CFO estimatef CFO,n for the n-th OFDM symbol by keeping three intermediate components as follows: wheref ST is a coarse CFO estimate which can be directly derived from a short-training sequence,f LT is a fine CFO estimate calculated from a long-training sequence, andf r,n is a symbol-wise residual CFO estimate of the n-th OFDM symbol obtained by using pilot symbols. If the Wi-Fi frame is successfully decodable by a normal receiver, then we can expect thatf CFO,n will be very close to the value of f CFO + m(t)f a-CFO (i.e., the difference between these two would be negligible). That is, the CFO estimate sufficiently reflects the frequent fluctuations of m(t)f a-CFO injected by the attacker. In Figure 7, we plot the result of the CFO estimate distributions of covert channels with different injected A-CFO size and the non-covert channel. With the estimated probability density, the mechanism finds out whether the covert channel exists or not. For a non-covert channel, the fluctuation of the CFO estimate is moderate. On the other hand, in the presence of injected A-CFO, the CFO estimate value would show frequent sign changes, and it thrashes significantly from side to side across the origin. This results in noticeable abnormal increase of the variance which may indicate the presence of a CFO-based covert channel. As the A-CFO value increases, the variance of the corresponding distribution also increases. There are noticeable differences when the A-CFO value is injected with the size of 100 kHz and 1 MHz, but the legitimate channel cannot be maintained because the frame cannot be recognized at the legitimate receiver [46]. It is worth noting that the attacker who wants high reliability needs to increase the A-CFO size, but he also should take the high risk of being detected.

C. RADIO FREQUENCY CHARACTERISTICS ANALYSIS
Alongside the methods introduced above, we also implement three analysis methods that rely on the RF characteristics of the received signal [52]. These approaches are based on the insight that the covert channel distorts RF features of the received signal. First, we use the Error Vector Magnitude (EVM). By definition, EVM is computed by calculating the distance between the constellation point of the received subcarrier and the ideal point. Then, for covert channels, the EVM will be larger than for non-covert channels. The existing study also implicates the EVM as an evidence of covert channels [35].
Other features are amplitude and phase variance in incoming frames. We cluster the amplitude variance and phase variance. Note that QPSK modulation scheme has a uniform amplitude but four different phase values (π/4, 3π/4, 5π/4, and 7π/4). Thus, amplitude variance values are clustered as a whole, and phase variance values are clustered according to the quadrant. If the amplitude variance computed from an arbitrary frame is outside the confidence interval computed from the normal signal, the frame is considered to have a covert channel. In [1], the distribution of amplitude is used to indicate the presence of the amplitude-shifted covert channels. Similarly, if the phase variance of any quadrant lies outside the confidence interval computed from the normal signal, the frame is also considered to have a covert channel. Algorithm 1 shows the detail on the detection algorithm for the above defense mechanisms. In the algorithm, each mechanism is supposed to have its confidence interval.
To estimate the confidence interval, each mechanism needs a training phase before deployment in Ghost-Fi Detector system. In this phase, a detector receives hundreds of legitimate frames to make t-distributions of the signal characteristics such as cumulant, CWT, CFO, etc. The frames are transmitted by other devices at different distances with pseudo-random bits. Then, to detect the covert channels, they use hypothesis testing with the t-distributions. Note that the t-distribution is used to construct the confidence interval for the true mean with a set of observations. To make a decision, each mechanism detects whether its metric is outside the predefined confidence interval for an arbitrary frame input.
For each mechanism, we use different parameters for the confidence intervals. The parameters are determined in the training phase with legitimate 802.11 frames. More precisely, for the cumulant-based mechanism, we define the significance level α as 0.1, which shows the best distinguishability over significance levels. It then performs a two-tailed test to detect if there is a covert channel in the received frame when the cumulant metric falls outside the confidence interval. Besides, for the CWT-based, CFO estimate, and other RF characteristics-based mechanisms, we empirically set the significance levels as 0.05 where α ∈ {0.1, 0.05, 0.01}.
Our detection mechanisms work with the standard Wi-Fi decoder. As shown in Fig. 4, the received frame is corrected by the Wi-Fi frame equalizer and investigated by the proposed detection mechanisms. Thus, the algorithm calculates decision metrics of the received frame after FFT and equalization in lines 2-5. On the other hand, CFO estimate detection mechanism does not require the equalization process as shown in the code at lines 10-11. In lines 6 and 12, the algorithm has two-tailed tests with the confidence interval. Then, if the metric falls outside the interval, it returns true to indicate that there is a covert channel in the frame.

VI. PERFORMANCE EVALUATION
In this section, we evaluate our detection system described in Section V. We provide the results of extensive real-world experiments and simulations to show that our Ghost-Fi Detector can effectively track down the embedded modulation-based covert channel attacks.

A. IMPLEMENTATION
We implemented the physical layer of Wi-Fi and added an extension to generate each covert channel described in Section IV at the Wi-Fi transmitter and receiver upon [53].
In the experiments, we built our system based on two USRPs as shown in Fig. 8 (a). One USRP plays the role of Ghost-Fi with the modified modulation schemes, and the other serves as Ghost-Fi Detector to detect unknown covert channels in incoming frames. Among the attack models, DB-PSK and DA-PSK support embedding covert symbols into 30%, 50%, and 100% OFDM subcarriers, whereas A-CFO cannot support it due to its basis. We configure the distance between the legitimate symbol and the covert symbol in DB-PSK as 64-QAM, the distances in DA-PSK as 64-QAM and 128-QAM, and the artificial CFO size in A-CFO as 5 kHz and 10 kHz. Since our target attack models are based on QPSK modulation, our implementation is also based on QPSK with a 3/4 code rate.
We placed Ghost-Fi Detector in the marked locations L1-L6 in Fig. 8 (b) with Line-of-Sight (LoS) and Non-LoS (NLoS) scenarios. Each experiment result at a single location is an average of 1200 runs. To mitigate the interference from the dense Wi-Fi systems, i.e., signal collisions, each experiment is conducted at 2.504 GHz using 20 MHz bandwidth. Both legitimate messages and covert messages are generated randomly, and all frames used in the experiments were successfully decoded into legitimate messages at the Wi-Fi receiving chain.

B. EXPERIMENTAL RESULTS
Before we provide the results, we briefly denote several performance metrics for evaluating our Ghost-Fi Detector. VOLUME 10, 2022

1) PERFORMANCE OF EACH DEFENSE MECHANISM
In Fig. 9, we plot the hit rate for each defense mechanism to show how well each method captures the covert channels in an LoS scenario.

a: CUMULANT-BASED DETECTION MECHANISM
This method is a powerful detector to the DA-PSK covert channels. On the other hand, DB-PSK and A-CFO covert channels are poorly detected. It is because that the cumulant value is more sensitive to amplitude than to phase jitter and CFO. The cumulant metric of the N -PSK (N > 4) modulation scheme is also invariant to the number of N [50].

b: CWT-BASED DETECTION MECHANISM
This mechanism shows superior detection hit rates. The DA-PSK covert channels are perfectly detected at all experiment distances, and DB-PSK covert channels are also detected close to 50%. Although CWT gets high detection rates to DA-PSK and DB-PSK at 1 m, hit rates for DB-PSK at other distances show some degradation. When the SNR between Ghost-Fi and the Detector is lowered, the DB-PSK signal shows the same transient characteristic as the normal Wi-Fi signal in the time domain. This exhibits that the CWT-based detection mechanism works powerfully in the vicinity and ensures that the detection of all DA-PSK frames and many DB-PSK frames at further distances.

c: CFO ESTIMATE DISTRIBUTION ANALYSIS
The equalization process of the Wi-Fi receiving chain corrects the CFO, making it difficult to detect the A-CFO covert channels with other detection mechanisms. To this end, this mechanism uses pre-equalization data and shows a high detection rate for the A-CFO covert channels. This implies that, with the incorporation of different detection mechanisms, analyzing the CFO estimate distribution would be quite useful for the integrated Ghost-Fi Detector.

d: EVM AVERAGE ANALYSIS
This method detects the DA-PSK covert channels with high probability due to high EVM anomalies induced by the explicit amplitude shifts. Meanwhile, the DB-PSK covert channels are rarely detected since it has small EVMs where the covert symbols are scattered nearby around the legitimate symbol. Therefore, the non-covert symbols and DB-PSK symbols have a similar distribution for the ideal symbols.

e: AMPLITUDE VARIANCE ANALYSIS
It shows promising results for the DA-PSK covert channels at all distances due to the same reasons as in the case of EVM average analysis. The A-CFO and DB-PSK covert channels are also detected through additive changes of amplitude by the remaining CFO and the embedded symbols in DB-PSK, respectively.

f: PHASE VARIANCE ANALYSIS
The method shows fair hit rates for the covert channels, but it does not show impressive performance. Nevertheless, it can also be used to complement the integrated Ghost-Fi Detector.
The results from experiments show that there is no dominant universal detection mechanism to detect all attack models. Therefore, we incorporate the defense mechanisms to combat various unknown modulation-based covert channel attacks. Fig. 10 shows the FPR of each detection mechanisms and the integrated system, Ghost-Fi Detector. We confirm that all detection mechanisms achieve FPR less than 10%, and our proposed Ghost-Fi Detector shows a moderate FPR under 20%. Since Ghost-Fi Detector integrates all the six defense mechanisms in a parallel manner with an OR gate, it is more likely to give positive calls than each defense mechanism by observing manifestations that may indicate the presence of covert channels, hence, FPR increases slightly. To alleviate the FPR, we show the performance when the system uses multiple frames as input for the detection process instead of a single frame. As shown in Fig. 13 (a), the approach reduces the FPR dramatically.

a: IMPACT OF INTEGRATION METHODS
How to integrate the results of the detection mechanisms has a significant impact on the performance. For the final decision of Ghost-Fi Detector in Fig. 4, we implement two integration methods, an SVM and an OR gate. The performance of each integration method is as shown in Fig. 11. For the SVM, different numbers of training frames are used. SVM 1 (SVM 2) uses 100 (50) frames each for a non-covert channel and three types of covert channels for training. In Fig. 11 (a), we observe better FPR in the SVMs than in the OR gate. This is because a small number of positive calls in the SVMs give negative results while a single positive call of each mechanism gives positive results in the OR gate. Conversely, in Fig. 11 (b), SVMs show slightly reduced hit rates. This is also because a small number of positive calls are  neglected by the SVMs. However, it is worth noting that the SVMs are trained with the previously defined attack models. Since Ghost-Fi Detector is designed to detect any type of modulation-based covert channel without prior knowledge, the training for the SVM is not suitable. Thus, the OR gate is adopted as the integration method for this work.

b: IMPACT OF GHOST-FI PARAMETERS
In Fig. 12 (a), we plot Ghost-Fi Detector's hit rate versus each 30%, 50%, and 100% occupancy of covert subcarriers at 1 m in an LoS scenario. Since the DB-PSK covert channels with 30% subcarriers have little effect on the legitimate signal, they are not detected perfectly. Fig. 12 (b) shows the Ghost-Fi Detector's hit rate versus distance between the transmitter and the receiver, 1 m, 2 m, and 3 m each. It shows that the hit rate of A-CFO is slightly reduced at 3 m while the detection rate of other covert channels is maintained. Fig. 12 (c) shows the hit rate of Ghost-Fi Detector for each DA-PSK distance of 64-QAM and 128-QAM. The experiments are conducted on the condition that only 30% of subcarriers are used for covert channels. This condition provides the most difficult situation Window-based voting mechanism with multiple frames dramatically reduces (a) the FPR while (b) the hit rate decreases slightly.
for Ghost-Fi Detector to recognize DA-PSK covert channel. Nevertheless, all DA-PSK covert channels are detected for all distances. Fig. 12 (d) illustrates the Ghost-Fi Detector's hit rate for each injected artificial CFO size of 5 kHz and 10 kHz across the transmission range. Again, we can confirm that analyzing CFO estimate distribution can be helpful when it incorporates with other defense mechanisms as the integrated detection framework.

c: GHOST-FI DETECTOR WITH MULTIPLE FRAMES
As shown in Fig. 10, the current Ghost-Fi Detector has a non-negligible FPR. However, the FPR is only the result of using a single frame. Motivated by the principle of the wisdom of crowds, the performance of Ghost-Fi Detector can benefit from multiple frames before declaring the existence of the covert channel. Instead of relying on a single frame, Ghost-Fi Detector can use multiple frames as input for the detection process with a window-based voting mechanism. If the decision of our system hits the ground truth k times over consecutive N frames, it can dramatically reduce the false positive rate with a proper threshold like k N ≥ η = 0.8. In Fig. 13 (a), we see that Ghost-Fi Detector performs much better with multiple frames than a single frame. In particular, with five frames, the FPR is close to zero in the transmission range. Besides, as shown in Fig. 13 (b), the hit rate is maintained at 1 m as over 95%. On the other hand, with Kerckhoffs's assumption, the adversary can choose to encode the covert messages into l frames periodically over N window size, where l is less than k. Then, Ghost-Fi Detector can use randomly varying N instead of a static value, which makes it more difficult to hide the covert channel.

d: DETECTION RELIABILITY WITH DIFFERENT ENVIRONMENTS
Finally, we present the hit rate and FPR of Ghost-Fi Detector (N = 5, k = 4) in different locations and environments in Fig. 14. The location settings L1-L6 correspond to the experiment setting in Fig. 8, and S1-S3 denote simulation environments where the SNR is 15 dB, 20 dB, and 25 dB, respectively. Again, we emphasize that QPSK modulation does not fully utilize Shannon capacity, and most covert channel design strategies take advantage of this room. Note that we employ the distance between legitimate symbol and covert symbol as 1 7 which makes the same distance between two constellation points in the 64-QAM modulation scheme. When SNR is 15 dB, the Packet Error Rate (PER) of 64-QAM will be close to one [54]. Thus, for the adversary, S1 with 15 dB SNR is the worst condition to eavesdrop on the covert channels. In other words, the attacker also should be in proximity to the transmitter for decoding the covert messages. Nevertheless, for all experiment settings including the simulation environments, Ghost-Fi Detector achieves an average hit rate of 95% with almost zero false positive rates for arbitrary Wi-Fi frames.

VII. CONCLUSION
In this paper, we highlighted the side-channel attack model called modulation-based covert channel attack and presented its countermeasure system, Ghost-Fi Detector. Specifically, we demonstrated three concrete real-world attack scenarios using the modification of amplitude, phase, and frequency offset with SDRs. At the same time, to track down the covert channels, six effective defense mechanisms were proposed. Since each mechanism only partially recognizes the existence of covert channels, the overall performance results fluctuate intensively depending on the type of attack. We constructed Ghost-Fi Detector, which integrates the six defense mechanisms to compensate each other and to guarantee stable covert channel detection rates. As a result of the evaluation, each attack is detected with an average hit rate of 95% in all experimental settings. For future research directions, we plan to study adaptive optimization for received signals and the detection method integration scheme to improve the performance. Furthermore, beyond the decision of the presence of the covert channels, it would obtain the type of covert channels being detected, which helps keep track of the leaking information. We expect our work on the wireless physical layer security to lay the foundation for more secure Wi-Fi networks.