This paper addresses the vulnerability of existing covert communication schemes to network monitoring due to their reliance on centralized time synchronization. To overcome this limitation, we propose the Historical-event-based Covert Channel (HCC), a novel steganographic channel leveraging temporal patterns inherent in historical network events. Methodologically, HCC introduces a relative-time pointer encoding scheme: instead of absolute timestamps, it encodes secret bits as relative inter-arrival time offsets between naturally occurring network events—using past event occurrences as intrinsic reference points—thus eliminating the need for traffic modification or external clock infrastructure. The design integrates network timing pattern mining, historical event mapping, and robustness optimization to jointly enhance covertness, scalability, and channel stability. Experimental evaluation demonstrates that HCC significantly reduces detectability while achieving higher bitrates than state-of-the-art timing-based steganographic methods. This work establishes a new paradigm for decentralized, detection-resistant covert communication.

A Covert Channel (CC) exploits legitimate communication mechanisms to stealthily transmit information, often bypassing traditional security controls. Among these, a novel paradigm called History Covert Channels (HCC) leverages past network events as reference points to embed covert messages. Unlike traditional timing- or storage-based CCs, which directly manipulate traffic patterns or packet contents, HCCs minimize detectability by encoding information through small pointers to historical data. This approach enables them to amplify the size of transmitted covert data by referring to more bits than are actually embedded. Recent research has explored the feasibility of such methods, demonstrating their potential to evade detection by repurposing naturally occurring network behaviors as a covert transmission medium. This paper introduces a novel method for establishing and maintaining covert communication links using relative pointers to network timing patterns, which minimizes the reliance of the HCC on centralized timekeeping and reduces the likelihood of being detected by standard network monitoring tools. We also explore the tailoring of HCCs to optimize their robustness and undetectability characteristics. Our experiments reveal a better bitrate compared to previous work.