Ordinal synchronization mark sequence and its steganography for a multi-link network covert channel

A multi-link network covert channel (MLCC) such as Cloak exhibits a high capacity and robustness and can achieve lossless modulation of the protocol data units. However, the mechanism of Cloak involving an arrangement of packets over the links (APL) is limited by its passive synchronization schemes, which results in intermittent obstructions in transmitting APL packets and anomalous link switching patterns. In this work, we propose a novel ordinal synchronization mark sequence (OSMS) for a Cloak framework based MLCC to ensure that the marked APL packets are orderly distinguishable. Specifically, a unidirectional function is used to generate the OSMS randomly before realizing covert modulation. Subsequently, we formulate the generation relation of the marks according to their order and embed each mark into the APL packets by using a one-way hash function such that the mark cannot be cracked during the transmission of the APL packet. Finally, we set up a retrieval function of the finite set at the covert receiver to extract the marks and determine their orders, and the APL packets are reorganized to realize covert demodulation. The results of experiments performed on real traffic indicated that the MLCC embedded with OSMS could avoid the passive synchronization schemes and exhibited superior performance in terms of reliability, throughput, and undetectability compared with the renowned Cloak method, especially under a malicious network interference scenario. Furthermore, our approach could effectively resist the inter-link correlation test, which are highly effective in testing the Cloak framework.


Introduction
In the current cyberspace, the requirements of information security and privacy have reached unprecedented levels [1]. Generally, encryption is the key approach to prevent any unauthorized access to protected data. However, in many cases, information can be acquired without decrypting the communication content, and the unauthorized users can obtain the required information through external representation information such as the information transmission frequency [2]. In addition, the encryption form of the data may attract the monitor's attention, who can analyze and extract various sensitive information points by monitoring the data transmission over the network and implementing malicious attacks [3]. In this context, the network covert channel (NCC) provides an alternative approach by concealing the transmission. NCC uses the normal network communication as a cover and transmits sensitive or personal information such as a key or account in insecure networks without being detected by the monitor [3,4]. As a supplement to encryption, NCC is used in scenarios in which normal communication is extremely revealing to transmit any secret information [5].
In general, NCC utilizes the network protocol as the carrier and modulates the secret message into the header fields of the protocol data units (PDUs) or the timing of PDUs. The former and latter strategies correspond to the network covert storage channel (CSC) and covert timing channel (CTC), respectively. The two kinds of covert channels transmit the secret message along with the overt traffic and ensure that the manipulated carrier is as consistent as the original carrier as possible, in terms of the structure and flow pattern.
It is challenging for the CSC and CTC to exhibit both excellent robustness and undetectability simultaneously, and the multi-link covert channel (MLCC) has been proposed to overcome this limitation [6][7][8][9]. Instead of establishing a single link between a covert sender (CS) and covert receiver (CR), the MLCC maintains L links between the CS and CR, and covert codewords are mapped to the combinations of R packets sent over the L links. For example, the typical MLCC framework Cloak modulates a covert word to an arrangement of packets over the links (APL) and it does not involve modifying the packet head or manipulating the packet flow. Thus, the Cloak can achieve a high capacity by increasing R and L [9], and it can resist the conventional steganalysis approaches on each link.
However, the Cloak framework involves certain limitations. First, this approach utilizes the acknowledgements (ACKs) of the TCP as synchronization signals to coordinate the sending order of each TCP connection [6,7]. Since the ACKs of the TCP are used to enhance the communication reliability, the covert communication of Cloak tends to disturb the overt traffic of the TCP connections [10,11]. Second, the Cloak framework conveys the covert codewords by deliberately controlling the sending behaviors of the TCP connections. In this case, the connection switching pattern of the host may be altered, leading to a significant deviation from the normal concurrent scheme of the computer network (CSCN). Both of the two limitations can be attributed to the passive synchronization schemes of Cloak.
In this paper, we propose a novel synchronization scheme for Cloak framework based MLCC by introducing an ordinal synchronization mark sequence (OSMS) composed of a set of ordinal synchronization marks (OSMs) with an ordinal relationship and design a MLCC embedded with OSMS (MLCCOSMS). MLCCOSMS inherits the multi-link covert modulation scheme of Cloak but utilizes OSMs instead of using ACKs of TCP as synchronization signals. Thus, MLCCOSMS exhibits the same camouflage ability and capacity as those of Cloak. Besides, MLCCOSMS is no longer rely on the ACKs for the synchronization of covert communication while fully exploiting the reliability mechanism of the TCP for the APL packet transmission. Hence, it eliminates the impact on the overt traffic and its robustness against severe interference in a real network is considerably higher than that of Cloak.
Furthermore, the CS of MLCCOSMS can arbitrarily mimic the normal CSCN during the covert communication to evade the flow test and inter-link correlation test. Our approach embeds the OSM in the payload of the APL packet to pass the ANIs, owing to which, the security system on the link can protect the entire operation to a certain extent. Moreover, the OSMs are generated randomly and embedded in the APL packets irreversibly. Theoretically, an active monitor cannot crack the OSM from the APL packet and obtain any information pertaining to the secret message from the OSM, even if the OSM is exposed. The contributions of this work can be summarized as follows: 1. We clarify essential limitations of the synchronization schemes of Cloak and the risks arising from them in covert communication.
2. We introduce a requirements specification for an ideal MLCC.
3. We propose OSMS for the synchronization of covert communication of Cloak framework based MLCC, and introduce a formulation from the generation relation of OSMs in an OSMS to their orders 4. We update the synchronization schemes of Cloak by replacing ACKs with OSMs as synchronization signals and design MLCCOSMS. We also propose a secure steganography of OSMS for MLCCOSMS.

Related works
CSC and CTC usually have low throughput due to the carrier speed limitations and the balance between the undetectability and the embedding rate of covert modulation. Furthermore, the CSC is vulnerable to active network intermediaries (ANIs) (e.g., protocol scrubbers [12] and traffic normalizers [13]). Although the concealment capacities of the CTC are more enhanced than those of the CSC [14,15], the approach is susceptible to synchronization problems, noise and malicious attacks [16] since the CTC is built on a single unidirectional link, which makes it difficult to employ link quality feedback and reception confirmation schemes [17]. Moreover, the CTC flow uses the same link as that of the overt flow in a time-sharing manner, therefore, in principle, an active monitor can always identify the differences between the two flows to detect the existence of the CTC. In fact, the main steganalysis approaches against the CTC aim to measure the variation in the statistical characteristics of the overt traffic caused by the CTC, such approaches include the KS and KL divergence tests [18], descriptive analytics of traffic (DAT) [19], regularity and ε-similarity tests [20], entropy (EN) and corrected conditional entropy (CCE) tests [21], and auto-correlation of inter-packet delay (IPD) tests [22,23]. Moreover, detection approaches based on deep neural networks can perform efficient counterwork [24]. Thus, it is difficult to improve the performance of the NCC built on a single unidirectional link. In contrast, the MLCC consists of multiple links. Fig 1 shows two common structures of the MLCC [7]. One structure includes a CS_A and CR_B, which maintain a physical link with multiple logic links during the covert communication. The other structure involves a distributed system with multiple CRs (CR_B and CR_B1-3), that each CR maintaining a physical link with the CS. An active monitor as well as security equipment such as network firewalls, intrusion detection systems may be deployed anywhere on the links and they can intercept, eavesdrop, and interfere with the flows at any time. Commonly, they are deployed as close as possible to the boundary of the sub-LAN being monitored [25].
Most MLCC approaches are based on the former structure owing to its simplicity and low computational cost. Khan et al. [6] used multiple active TCP connections between a pair of communicating hosts and modulated the secret codewords into the order and sequence of the connections to or from which packets were sent or received. Luo et al. [8] used the different combinations of N packets sent over X flows in each round to represent a covert codeword; subsequently, the authors optimized their approach and designed a classic MLCC known as Cloak [7,9]. Zhang et al. [5] extended the idea of Cloak and built a covert channel by realizing packet rearrangement over mobile networks. El-Atawy et al. [26,27] exploited the packet reordering phenomenon to make a packet sequence detectable in network flows to enhance the capacity and stealth.
The data rate provided by the Cloak framework is considerably higher than that of the existing CTCs as it combinatorial in nature, and its capacity monotonically increases with R and L. Luo et al. [9] explored 9 different modulation and demodulation methods for Cloak, based on the distinguishability and sequence detectability of the flows and packets. In these approaches, every distinct covert codeword is mapped to a unique APL. Assuming Cloak(R,L) has N different APLs, where N has a maximum value of R!(R−1)!L/(R−L)!, and its capacity is blog 2 Nc/R in bits per packet. The capacity may be even higher if single-link NCCs are combined with Cloak to establish a hybrid covert channel [28].
Cloak framework does not modify or manipulate the packet head or flow. Therefore, this approach can effectively evade the conventional single-link detection methods by mimicking the normal flows on each link [7] and even introducing fake links [6]. Owing to the lossless modulation, Cloak can be supported by many network protocols [29] and can exploit the reliability of the carriers, e.g., through a TCP-based instance, 100% reliable transmission of a secret message can be realized [7]. In the following discussion, it assumed that Cloak builds on TCP flows.
However, Cloak involves certain limitations. First, the monitor's attention may be attracted if long-time covert communication is performed using excessively many links. Certain countermeasures scan the number of active random ports of the hosts to detect abnormal multilink communications performed by two pairs of hosts on the network [10]. In this context, Cloak, which is based on HTTP [9], is inclined to be treated as malicious access if the request targets are excessively many or the request is extremely dense. Consequently, the number of links and duration of the transmission of successive APLs should be strictly constrained.
Second, Cloak involves the key problem of synchronization between links. An APL is represented by the number of packets on each link and their orders. When a message is being conveyed, the APL packet groups consist of intra-link and inter-link processes. Both these processes should be precisely synchronized to ensure that every APL is intact when the corresponding APL packet group is received by the CR. Liu and El-Atawy et al. [26,30] suggested that synchronization mark (SM) can be embedded into the sequence number field of the TCP packet. Luo et al. [7] encoded the SM into window size field or the APL packet size. However, embedding SMs into the covert flows through common network steganography approaches not only consumes the partial bandwidth of Cloak but also weakens its reliability and undetectability, which in turn makes SMs a security bottleneck of the Cloak framework.
According to an alternative approach [7], the synchronization between the links of Cloak can be performed by following certain indications such as the TCP ACKs. However, in this scenario, the traffic of the APL packets on each single link might be different from the normal traffic. Shi et al. [10] estimated the APL group size by tracking the intermittent changes of the IPDs and counting the cycle of occurrence to detect the presence of Cloak. Wang et al. [11] proposed a detection method that involved testing the burst size distribution of the flows over the links. It was noted that the link switching pattern of the packet transmission over multiple links tended to be different than that of the normal CSCN when the synchronization schemes of Cloak were being implemented. To overcome this limitation, in this study, the root of the synchronization schemes of Cloak was considered.
Synchronization schemes of Cloak. According to different techniques of controlling the transmission behaviors of links [9], the synchronization schemes of Cloak can be classified into three types, as presented in Table 1.
The packet-to-packet scheme has the highest capacity among the three schemes; however, it produces the biggest IPD. Assuming that the average time to transmit a packet from the CS to the CR is T, which changes with the link quality, the IPD of the packet-to-packet scheme d i equals 2T þ d s þ d r , where δ s and δ r denote the delay before CS and CR sending an APL packet and ACK, respectively. The time T word required to transmit a covert codeword can be defined as: where p s (δ s ) and p r (δ r ) are the probability density functions (PDFs) of δ s and δ r respectively. As shown in Fig 2, Cloak 9 produces nearly the same IPDs as those of the RTT, which is considerably larger than the standard TCP flow.

Accuracy Method to control the transmission behaviors of the links Typical Cloak
Packet-to-Packet The CS does not send an APL packet until it obtains the ACK from the CR for the previous packet Link-to-Link The CS does not send the first packet of the lth link in an APL packet group until it obtains ACKs from the CR for all the APL packets of the (l-1)th link sent previously in the same APL packet group The CS does not send the first APL packet of the kth APL packet group until it obtains ACKs from the CR for all the APL packets of the (K-1)th APL packet group sent previously The link-to-link and group-to-group schemes are compatible with the delayed ACK algorithm of the TCP [31] and demand less ACKs. Correspondingly, T word can be modified as: where N ack is the number of ACKs sent by the CR during one APL packet group transmission. T word increases with N ack and (2) transforms to (1) when N ack equals R. Moreover, a smaller N ack leads to a higher goodput of Cloak. Risks pertaining to the synchronization schemes. Sending ACKs repeatedly from the CR to the CS is inefficient and can potentially attract a monitor's suspicion. Thus, the packetto-packet scheme is not practical. Furthermore, because the CS cannot exactly predict the correct time to send the next APL packet due to the unpredictable p r (δ r ) and the unstable link quality, it passively waits for the ACK of the previous APL packets. Consequently, the discontinuity of the APL packet flows between the APL packet groups inevitably occurs in the link-tolink and group-to-group schemes. The intermittent IPD alteration of the APL packets is shown in Fig 3. Furthermore, the CS tends to generate a link switching pattern which is different from that of the normal CSCN, due to the nature of the covert modulation. Fig 4 shows that the link switching time series of four mutually independent TCP connections between two hosts is relatively simple when all the four connections perform the transmission simultaneously under a normal CSCN. However, the time series of the three kinds of Cloak involve significant fluctuations.  Challenges. All the problems of Cloak can be attributed to the multiplexing of the ACKs, that Cloak use ACKs as indicators for both the link quality and synchronization between links, whereas the two goals have different execution rhythms. We consider that an ideal MLCC must satisfy the following requirements: 1. Use the reliability mechanism of the carrier channel as much as possible to ensure reliability.
2. Robust to both stochastic and malicious interferences, with a certain fault tolerance, and the demodulation failure of a few codewords should not affect the others.
3. Restraint in the number of links and covert transmission time to enhance the concealment.
4. Try to make the covert modulation and demodulation as lossless as possible to the carrier and can resist active attacks on the channel. Specifically, the attacker should not be able to crack any hidden information, even if the APL packet is intercepted.

5.
There is no effect on the concurrent behaviors of the host.

MLCCOSMS
Preliminary knowledge. Before describing the specific method, we present the meanings of certain symbols (see Table 2) and two definitions.
Definition 1 (generation relation of marks). Given the marks key and key', if there exists an one-way function g(x), key' can be obtained from key by performing a finite number of iterations on g(x); in other words, key' = g(. . .(g(g(key)))). Consequently, key and key' exhibit a generation relation with g(x), wherein the key is the original mark and key' is the derived mark and formalized as key' = g'(key), where t is the number of iterations. In addition, key is regarded as the seed of key' when t = 1.
Definition 2 (ordering relation of marks). Suppose key and key' satisfy the generation relation of g(x), where key and key' denote the original and derived mark, respectively. Subsequently, they satisfy the ordering relation as key before key', formalized as ðkey; key 0 Þ ������! .

OSMS.
According to Definition 1, given a seed key 0 , a sequence of marks M sized K can be generated by performing K iterations of g(x) for key 0 . Here M ¼ fkey 1 ; � � � ; key i ; � � � ; key j ; � � � ji; j 2 ½1; k�g, and the generation relation between the marks in M can be defined as: Thus, every mark in M is distinct, and the marks in M can be formulated as an ordinal mark sequence with an arbitrary length since every two marks key i and key j satisfy ðkey i ; key j Þ ������! if i < j, according to definition 2.
Covert modulation and demodulation. The MLCCOSMS utilizes an ordinal mark sequence derived from M as the synchronization mark. Fig 5 illustrates the eight-step process of the covert codeword transmission of the MLCCOSMS.
The CS shares a group of parameter sets with the CR secretly in advance. Before sending the covert codewords, the CS generates M for the entire secret message through P and covertly directs the CR to generate a copy of M after all the L links have been established. During the covert transmission, the CS converts each codeword to a group of APL packets then marks them with corresponding OSMs and sends them to the CR on specific links one by one. CR reorganizes the packets according to their arrival orders, receiving links and the ordering relation of embedded marks, and rebuilds the APL of each group of packets, then demodulates the codeword.
OSMS generation. The information of the positions of an APL packet in one APL packet group and among different APL packet groups should be indicated in the marks. In addition, the marks need to be updated to improve the channel security. In this context, the MLCCOSMS extends the marks to type and ordinal marks. The type marks are classified as type marks of the negotiation and ordinal. The ordinal and negotiation type marks are used to sort the APL packets and generate the ordinal marks, respectively. All kinds of marks are binary sequences with a fixed length.
The CS and CR share a parameter set P ¼ fM neg ; M seq ; ZðzÞ; gðxÞ; HðxÞ; N w ; Ig, when MLCCOSMS is established, N w is the size of the secret message block in the codeword, I is a redundant parameter (I � 2R), and all the elements in M neg and M seq are different. Before sending a new block of secret messages, the CS selects a key neg rand in M neg randomly as the seed to generate M, as described in (4)  and key seq rand w j is unique for every APL packet in an APL packet group. In step ⑥, the CR implements key seq 0 rand ¼ ExitðData 0 ; M seq ; MT Mac 0 Þ to extract key seq 0 rand , which indicates that the received packet is an APL packet with the ordinal marks. In this manner, the embedded ordinal mark key seq 0 rand w j for the APL packet group can be obtained after employing ExitðData 0 ; M w 0 j ; MW Mac 0 Þ. Next, key seq 0 iþr ¼ ExitðData 0 ; M c 0 j ; MC Mac 0 Þ can be rapidly calculated since j is a definite value. The embedding and extraction of the OSMS is shown in algorithms 1 and 2.

Experimental results and performance evaluation
Reliability. MLCCOSMS fully inherits the reliability advantages of the Cloak regarding the APL packet transmission on every single link. Therefore, this framework satisfies requirement 1) defined in the section of challenges. Simultaneously, each APL packet is embedded with two ordinal synchronization marks that belong to an OSMS generated successively. Thus, all the APL packets can be reorganized even if some of them are out of order over the links. If certain APL packets are lost, errors only appear in the demodulation of the related APL packet groups to the corresponding codewords, not spread to other codewords. Moreover, the delay of the packets does not affect the subsequent demodulation if the CR simply establishes enough buffers. In this manner, the MLCCOSMS supports staggered demodulation and breakpoint retransmission of the APL packets. Therefore, the MLCCOSMS satisfies requirement 2) defined in the section of challenges in theory, and this aspect was tested in an experiment.
We implemented a TCP based MLCCOSMS(32,4) between two hosts. The CS host is deployed in our campus network in the Ningbo university located in the east of China. The CR host is a cloud server deployed in Guangzhou City in the south of China. In each round, we delivered 200 secret messages through the covert channel, each of which consisted of 500 random codewords. We computed the transmission success rate (TSR) of the secret messages under various kinds of interferences with different levels, all the interferences were randomly added over the links of the channel. As the continuous packet retransmissions caused by the transmission failure of the APL packets may increase the risk of detection, the transmission timeout was set as 1 minute, and a maximum of 5 reconnections were allowed in each round. Table 3 shows that the TSR is 100% when the covert channel confronts all the levels of delay and out of order interferences as well as normal levels of packet loss. In addition, the TSR decreases gradually as the packet loss rate increases by more than 25%, even so, TSR is reasonable high when the packet loss rate increases to 50%. Therefore, the MLCCOSMS operates effectively in the actual network. Furthermore, we compared the IPDs of MLCCOSMS(32,4) with those of Cloak 5 (32,4) and TCP_trans(4) implemented between the same two hosts. Fig 6 shows that all the levels of delay interferences only slightly influence the IPDs of MLCCOSMS (32,4). Although the IPDs gradually increase with the increase in the out of order and packet loss interferences level, the curves basically match those of TCP_trans(4). Thus, the MLCCOSMS exhibits a strong camouflage capability in terms of the IPDs. Relatively, the IPDs of Cloak 5 (32,4) are larger than those of MLCCOSMS (32,4) and TCP_trans(4) under various situations, and sensitive to the interferences.
Throughput. According to Eqs (1) and (2), the throughput of Cloak based on the packetto-packet synchronization scheme and is: TH fine ack   capacity of Cloak, N ack �1. The covert transmission of MLCCOSMS is unidirectional due to its independence on the ACKs. So, the throughput of the MLCCOSMS can be defined as:  Table 4 shows that the T word of MLCCOSMS(64, L) is less than that of the other three Cloaks with the same value of L. Since the MLCCOSMS is built on only one IP link, the T word of MLCCOSMS(64, L) is rarely affected by the increase in the number of links. Thus, the MLCCOSMS satisfies the requirement 3) specified in the section of challenges while achieving a higher and more stable throughput than that of Cloak. The marks embedded in the APL packet is also a special type of covert information. Therefore, the capacity of MLCCSMS per packet is even higher.
Undetectability. APL packet and mark security analysis. The MLCCOSMS must resist malicious attacks such as interception, steganalysis, forgery, and replay in addition to guaranteeing the channel robustness in an open network. To satisfy the requirement 4) described in the section of challenges, the MLCCOSMS must satisfy 4 criteria. S1. The CS must eliminate the interference in the modulation and mark embedding on the structure and flow of the APL packets.
S2. The CS ensure the safety of the marks and ensure that they cannot be extracted or cracked by any third party.
S3. The CR must ensure that the received APL packets arrive from the real CS by identifying the source of the received packets.
S4. The CR must ensure that the APL packets have not been tampered with or forged by analyzing the integrity of the received packets.
The non-destructive nature of the MLCC modulation method on a single link has been analyzed and demonstrated in depth in [6,7], therefore, the proof of S1 is not presented in this work. In the context of S2, the security of the location in which the mark is embedded in the APL packet has been discussed in the section of OSMS Embedding and Extraction. Also, the validity of the main three stages of the MLCCOSMS considering S2-S4 can be proved by using the classical GNY reasoning method. (please refer to the S1 Appendix for the proofs and derivations) Evading the detection of the inter-link correlation test. Since the MLCCOSMS is insensitive to packet delays, the APL packets can be sent freely without the restriction of their order in the sequenced APL packet groups, and this aspect does not significantly influence the network concurrent scheduling mechanism of the host. Therefore, the MLCCOSMS satisfies requirement 5) described in the section of challenges in theory.

PLOS ONE
CS host during the process of the five channels transmitting 10K random covert codewords. Each TSLS was denoted as l ch ¼ fL 1 ch ; � � � ; L i ch ; � � �g, where L i ch is the identifier of the link on which the ith packet was sent, and ch is the identifier of the channel. We split λ ch into segments, each of which contained W p consecutive samples. The histogram of the entropies of the segments belonging to the five TSLSs is shown in Fig 7A, where W p is set as 1000. The segment entropies of all the three Cloaks were concentrated in (1.9,2), which indicated that each of the four links had an equal opportunity to send an APL packet. This aspect is associated with the use of random covert codewords, and the correlation of the packet transmission behaviours between the links is affected by the correlation of the covert codewords due to the passive synchronization schemes of Cloak. It was noted that the entropy of the λ MLCCOSMS(32,4) and λ TCP_trans(4) segments is not only smaller but also more distributed, which means that MLCCOSMS can eliminate the influence of the correlation of the covert codewords. The histogram of the conditional entropy shown in Fig 7B clearly illustrates this point. Furthermore, we adopted the entropy rates [21] of the five λ ch , denoted as Hðl ch Þ, to evaluate the link selection continuity of the five channels.
where CEðL n ch jL 1 ch ; � � � ; L nÀ 1 ch Þ is the n order condition entropy of a λ ch segment. We set n = 20 in this paper. percðL n ch Þ is the percentage of unique patterns of length n in a λ ch segment, and ENðL 1 ch Þ is entropy of the segment. Fig 7C shows that the distribution of Hðl MLCCOSMSð32;4Þ Þ does not overlap with that of Hðl Cloak 5;8;9 ð32;4Þ Þ, Cloak 5,8,9 is the abbreviation of Cloak 5 , Cloak 8 and Cloak 9 . However, all the distributions of the entropy, conditional entropy and entropy rate of the λ MLCCOSMS(32,4) segments are similar to those of the λ TCP_trans(4) segments, so, it is difficult for the monitor to identify the MLCCOSMS from the common multi-link transmission between two hosts by testing the inter-link correlation of the TSLS in a short term.
Moreover, we investigated the interferences of the aforementioned four covert channels to the concurrent scheduling mechanism of the host in the long term by considering the Pearson correlation coefficients (PCC) of the segments. We defined the PCC set of λ ch as Pr ch , with Pr ch ¼ fPrðl wi ch ; l wj ch ; W p Þg, where Pr() returns the PCC value of two segments, w i and w j denote the indexes of the two segments in λ ch . Fig 8 shows the means of the five Pr ch with different W p . The means of the three Pr Cloak 5;8;9 ð32;4Þ decrease considerably as W p increases, due to the presence of the random covert codewords, then they are stabilized by the finite number of the covert codewords when W p is large. On the contrary, the evolution of Pr MLCCOSMS(32,4) is considerably more similar to that of Pr TCP_trans (4) .
Finally, we plotted the five Pr ch matrixes of 200 consecutive λ ch segments with 4 different sizes of W p by using heatmaps, as shown in Fig 9. Owing to the influence of the randomness of the covert codewords, all the three Pr Cloak 5;8;9 ð32;4Þ were lower than Pr TCP_trans (4) and exhibited different patten of value change from Pr TCP_trans (4) , while The similarity between Pr MLCCOSMS(32,4) and Pr TCP_trans (4) was notable. Thus, MLCCOSMS has a good performance in countering interlink correlation test.

Discussion
MLCCOSMS inherits the multi-link covert modulation scheme of Cloak and embeds OSM in APL packet payload. Therefore, MLCCOSMS has the same performance of network overloads as that of Cloak. Theoretically, for larger R and L, the possibility of network overload becomes larger. This is because overfull concurrent APL packet flows and excessively long APL packet flows may cause network congestion. Besides, it is necessary to set APL packet sending rhythm of CS (denoted as r) more subtly to achieve better concealment. Therefore, we choose the strategy like [9] and set the L and r according to normal TCP flows (in fact, as MLCCOSMS supports staggered demodulation and breakpoint retransmission of the APL packets, R has no impacts on APL packet flow).
Besides the unranking and ranking algorithms [9] that use O(n) arithmetic operations for the covert modulation and demodulation, MLCCOSMS requires additional computing resources to address the synchronization marks. Since the size of mark is fixed, the computation time of g(key i ) is fixed too. Assuming that a covert message block contains N w codewords, thus the CS has to generate at least 2RN w OSMs, and the computational complexity of OSMS generation for a covert message block is O(n) as R is also fixed. Similarly, the computation time required by H(x) to embed the three OSMs into each APL packet has a fixed maximum, because the max size of TCP payload is specified. Thus, the computational complexity at CS is O(n).
The computational complexity of Exit(D,M,mac) increases linearly with the size of M, in this light, its computational complexity is O(n), The algorithm 2 is mainly composed of two Exit(D,M,mac) for distinguishing the types of marks, Therefore, they exhibit O(n 2 ) computational complexity. After that, two nested Exit(D,M,mac) is set to find key seq 0 rand w j and key seq 0 iþr by searching the N w sets of ordinal marks (from M w 0 1 to M w 0 N w ) and the M c 0 j respectively. Suppose the total number of the ordinal marks must be iterated through at the i-th round of mark extraction is M i , then M i+1 = M i -1. Therefore, the the two nested Exit(D,M,mac) exhibit O(n 2 ) computational complexity of extracting all the ordinal marks for a covert message block. As a result, the computational complexity at CR is O(n 2 ).
Thus, the challenges pertaining to the improvement of the capacity, camouflage capability, reliability and undetectability of the MLCCOSMS, are converted to those regarding the demand of the computing resources of the CS and CR to implement g(x), H(x), and Exit(D,M, mac). This aspect is a cost-effective balance for the MLCCOSMS since the channel transmission resource is more valuable than the customizable host computing resource, as the covert channel is a parasite of the overt channel, has a narrow bandwidth and is vulnerable. However, the OSMS general applies to the MLCC with a moderate APL packet group size, as in certain covert communication scenarios, e.g., when using passive network cover channels, excessive consumption of the sender's computing resources may arise the suspicion of the monitor.

Conclusions
The passive synchronization schemes of Cloak lead to periodic suspension during packet transmission, which worsens in the presence of malicious interferences. Moreover, the synchronization schemes are rigid, and they result in the unconventional correlation of the packet transmission behaviours between the links. To solve these problems, this paper proposes the MLCCOSMS approach. MLCCOSMS obviates the dependence on ACKs and relieves the strict requirements for the order in which the links perform the sending behaviours as well as the sending order of the APL packets. Compared with those of Cloak, the throughput and reliability of the MLCCOSMS are higher. In addition, the MLCCOSMS considerably reduces the discontinuities of the APL packet transmission and minimizes the inter-link correlation of sending the APL packets. Moreover, the steganography approach of OSMS in MLCCOSMS can be proved to be safe.
Nevertheless, the MLCCOSMS needs to be improved. Since the increase in the covert codewords considerably increases the computational burden of the OSMS generation and covert modulation and demodulation, it is desirable to design a faster mark generation, organization and retrieval algorithm. Furthermore, it is still risky to run a covert channel between two fixed hosts for a long time. Therefore, deploying the MLCCOSMS on a distributed system based on cloud terminals can improve its concealment, undetectability and anti-traceback performances significantly.
Supporting information S1 Table.