|Initial publication||A. Mileva, A. Velinov, L. Hartmann et al. in .|
|Illustration||The Artificial Reconnections Pattern employs artificial (forced) reconnections
to transfer secret messages. The covert sender influences connection states of
third-party nodes in a way that their connections to either a central element
(e.g., an MQTT broker or a server) or a peer (in a peer-to-peer network)
are terminated and then established again (i.e., a reconnect is performed).
The covert receiver must be capable of monitoring these reconnects, e.g.,
either by compromising the central/peer element or in a passive network
observer situation, like a MitM location.
Encoding works by assigning secret values to third-party, so that a reconnect
of a particular node represents the transfer of the secret symbol assigned to
that node. Another scenario for this pattern can also be a chatroom or a
gaming server with a large number of clients that reconnect automatically
after being disconnected (source: ).
|Context||Network Covert Timing Channels -> Protocol-aware|
|Evidence||see  and 
 Aleksandra Mileva, Aleksandar Velinov, Laura Hartmann, Steffen Wendzel, Wojciech Mazurczyk: Comprehensive Analysis of MQTT 5.0 Susceptibility to Network Covert Channels, Computers & Security, Elsevier, 2021.
 Sebastian Zillien, Steffen Wendzel: Reconnection-based Covert Channels in Wireless Networks. In: Proc. 36th IFIP TC-11 International Information Security and Privacy Conference (IFIP SEC 2021). Springer, 2021.