A command-and-control malware design using cloud covert channels: Revealing covert channels with Microsoft Teams

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Security and Cloud computing
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
With the rise of remote working, business communication platforms such as Microsoft Teams have become indispensable tools deeply ingrained in the workflow of every employee. However, their increasing importance have made the identification and analysis of covert channels a critical concern for both individuals and organizations. In fact, covert channels can be utilized to facilitate unauthorized data transfers or enable malicious activities, thereby compromising confidentiality and system integrity. Unfortunately, traditional detection methods for covert channels may face challenges in detecting covert channels in such cloud-based platforms, as the complexities introduced may not be adequately addressed. Despite the importance of the issue, a comprehensive analysis of covert channels in business communication platforms has been lacking. In fact, to the best of the our knowledge, this Master’s thesis represents the first endeavor in identifying and analysing covert channels within Microsoft Teams. To address this problem, an in-depth literature review was conducted to identify existing research and techniques related to covert channels, their detection and their countermeasures. A thorough analysis of Microsoft Teams was then carried out and a threat scenario was selected. Through extensive experimentation and analysis, three covert channels were then identified, exploited and compared based on bandwidth, robustness and efficiency. This thesis sheds light on the diversity of covert channels in Microsoft Teams, providing valuable insights on their functioning and characteristics. The insights gained from this work pave the way for future research on effective detection systems for covert channels in cloud-based environments, fostering a proactive approach towards securing digital business communication.
Aura, Tuoma
Thesis advisor
Gengelbach, Arve
Müller, Urs
command and control, detection, covert channel, MS teams
Other note