Ricerc@Sapienza

A covert channel is any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy. In short, covert channels transfer information using non-standard methods against the system design. Covert communication channels techniques have been extensively studied and these channels are commonly intended to be used to protect privacy or to increase the security in critical communication scenarios. Nowadays covert channels and the way to actually implement them are covered by the field of steganography. But as every security concept, these techniques can be used in a malicious way, representing a new frontier for cyber-crime and cyber-espionage. Research is constantly working on finding new ways to covertly transmit information for the benign use of covert channels, and likewise malicious entities are looking to do the same but for a malicious purpose.
In this project we aim at showing that a recent proposed technique to train a machine learning (ML) model in a decentralized way (federated learning by Google), that includes thousands of participants can be used as a novel covert communication channel among participants of the learning scheme. We aim at characterizing this type of covert channel, in terms of the opportunities it presents but also the threats that it might impose in an infantile domain such as that of federated machine learning.