Bloom filters are frequently used in network security tools.
We investigate an indirect covert channel that stores information in a Bloom filter. The Bloom filter is used e.g. in a blacklisting service that is heavily guarded, yet from which data should be leaked.

Each coordinate in the bit vector that represents the secret message is assigned a unique identifying element, and for those positions that contain a value of 1, the covert sender inserts the identifying element into the Bloom filter. To recover the vector, the Bloom filter is queried by the covert receiver for the identifying elements.
However, errors may occur: if a queried element is not stored in the filter, then with small probability the filter replies 1 instead of 0. This results in an asymmetric binary channel.
We describe the scenario and propose countermeasures.
Moreover, we propose an encoding scheme, which in addition to providing error correction for the asymmetric binary channel, strives to minimize the number of 1-bits in the codewords, i.e., it adds as few new elements as possible to the filter to remain stealthy and not increase