Information Hiding in Communication Networks: Fundamentals, Mechanisms, and Applications
Abstract
Describes Information Hiding in communication networks, and highlights their important issues, challenges, trends, and applications.
This book provides the fundamental concepts, terminology, and classifications of information hiding in communication networks along with its historical background. Information Hiding In Communication Networks: Fundamentals, Mechanisms, Applications, and Countermeasures begins with introducing data concealment methods and their evolution. Chapter two discusses the existing terminology and describes the model for hidden communication and related communication scenarios. Chapters three to five present the main classes of information hiding in communication networks accompanied by a discussion of their robustness and undetectability. The book concludes with a discussion of potential countermeasures against information hiding techniques, which includes different types of mechanisms for the detection, limitation and prevention of covert communication channels.
This book is intended for academics, graduate students, professionals, and researchers working in the fields of network security, networking, and communications.
... Steganography is a well-known form of information hiding. In this case, the covert data is placed inside carefully chosen and innocent-looking carriers [9]. It must be noted that the inspiration for information hiding techniques is strongly related to phenomena observable in nature. ...
... For instance, blending into the surrounding environment using camouflage techniques allows the exact location of the organism to remain ambiguous. Moreover, it must be noted that in nature as well as in digital environments two broad groups of information hiding mechanisms can be distinguished which enable [9]: ...
... Such an ultrasonic communication is utilized by them to communicate privately in a covert manner and this channel remains undetectable by predators, prey and potential competitors [12]. In current communication networks data hiding by modifying the content or the characteristics of network traffic is one of the most recent examples of such type of information hiding [9]. ...
Cyber-physical Systems (CPS) have raised serious security concerns and thus have been subjected to intensive security research lately. Recent publications have shown that there is a potential to transfer hidden information through CPS environments. In comparison to these existing studies, we demonstrate that CPS cannot only be used to covertly transfer secret data but also to store secret data. Using an analogy to the biological concept of animal scatter hoarding behavior we exemplify CPS secret data storage using automated buildings.1
... As Handel and Sandford already remarked in 1995, practically in every layer of the OSI reference model many different channels are known and can be further constructed [4]. A survey of different methods of covert channels can be found for example in [6,7,11]. ...
... Considering above it must be noted that performing hidden data exchange in the way proposed in this paper, i.e., using network covert storage, is significantly different from how typical network covert channels function. The vast majority of network steganography methods share the same characteristics [7,11], i.e., they require a direct overt communication in which secrets are embedded between the covert sender and the covert receiver. ...
... During several last decades, many network covert channels have been proposed and they have been already surveyed Table 1: Analyzed SNMP traffic [9] from different perspective (see, e.g., [4,[6][7][8][10][11][12][13] and references therein). Thus, in this section, we will focus only on presenting existing works that are utilizing either ARP, SNMP or dead drop-like functioning. ...
Network covert channels enable various secret data exchange scenarios among two or more secret parties via a communication network. The diversity of the existing network covert channel techniques has rapidly increased due to research during the last couple of years and most of them share the same characteristics, i.e., they require a direct communication between the participating partners. However, it is sometimes simply not possible or it can raise suspicions to communicate directly. That is why, in this paper we introduce a new concept we call ``dead drop'', i.e., a covert network storage which does not depend on the direct network traffic exchange between covert communication sides. Instead, the covert sender stores secret information in the ARP (Address Resolution Protocol) cache of an unaware host that is not involved in the hidden data exchange. Thus, the ARP cache is used as a covert network storage and the accumulated information can then be extracted by the covert receiver using SNMP (Simple Network Management Protocol).
... Steganography is a well-known form of information hiding. In this case, the covert data is placed inside carefully chosen and innocent-looking carriers [9]. It must be noted that the inspiration for information hiding techniques is strongly related to phenomena observable in nature. ...
... For instance, blending into the surrounding environment using camouflage techniques allows the exact location of the organism to remain ambiguous. Moreover, it must be noted that in nature as well as in digital environments two broad groups of information hiding mechanisms can be distinguished which enable [9]: ...
... Such an ultrasonic communication is utilized by them to communicate privately in a covert manner and this channel remains undetectable by predators, prey and potential competitors [12]. In current communication networks data hiding by modifying the content or the characteristics of network traffic is one of the most recent examples of such type of information hiding [9]. ...
Cyber-physical Systems (CPS) have raised serious security concerns and thus have been subjected to intensive security research lately. Recent publications have shown that there is a potential to transfer hidden information through CPS environments. In comparison to these existing studies, we demonstrate that CPS cannot only be used to covertly transfer secret data but also to store secret data. Using an analogy to the biological concept of animal scatter hoarding behavior we exemplify CPS secret data storage using automated buildings.
... Due to improvements in network defenses such techniques are recently gaining an increasing attention from actors like cybercriminals, terrorist and state-sponsored groups as they allow to store data or to cloak communication in a way that is not easily discoverble. 22 There are several real-world cases that reached the attention of the public media, including the following: 23,38 ˲ the arrest of one of al Qaeda's members in Berlin with video files containing hidden information on ongoing and future terrorists' operations (2012), a ˲ the exfiltration of confidential data from the U.S. to Moscow by Russian spies (2010), b ˲ the transfer of child pornographic material by a group of pedophiles called "Shadowz Brotherhood" (2002), c and ˲ the planning of a terrorist attack after the September 11, 2001 attacks. A number of articles suggested that al Qaeda members used steganography to coordinate their actions (2001). ...
... Network steganography deals with the concealment of information within network transmissions. 23 This means that network data that appears to be innocent is actually carrying hidden data. Network information hiding can be used, for example, by malware to conceal its command and control communication (instead of only encrypting it) while it is also suitable for a long-term stealthy data leakage, for example, after an organization was attacked using an advanced persistent threat. ...
... In comparison to digital media steganography, network steganography can be used for a constant data leakage. 23 The biggest concern in law enforcement agencies is that covert techniques are being used to ensure stealth communication among terrorist/ criminals and cybercriminals. ...
The practice of hiding ill-gotten data in digital objects is rising among cyber thieves. New initiatives serve to educate, train, and thwart these activities.
Full-text: http://cacm.acm.org/magazines/2018/1/223894/fulltext
... For instance, blending into the surrounding environment using camouflage techniques allows the exact location of the organism to remain ambiguous. Moreover, it must be noted that in nature as well as in digital environments two broad groups of Information Hiding mechanisms can be distinguished which enable [10]: 1) secret data communication: includes methods to exchange messages in a covert manner. ...
... Such an ultrasonic communication is utilized by them to communicate privately in a covert manner and this channel remains undetectable by predators, prey and potential competitors [11]. In current communication networks data hiding by modifying the content or the characteristics of network traffic is one of the most recent examples of this type of Information Hiding [10]. ...
... The measured reading and writing performance is high in comparison to other forms of steganography, e.g., a network covert timing channel [10]. ...
Cyber Physical Systems (CPS) have raised serious security concerns and thus have been subjected to intensive security research lately. In particular, recent publications suggest that there is a potential to transfer hidden information through CPS environments. In comparison to these existing studies, we demonstrate that CPS cannot only be used to covertly transfer secret data but also to store secret data. Using an analogy to the biological concept of animal scatter hoarding behavior we exemplify CPS secret data storage using smart buildings.
... Several publications discuss the origins of steganography, e.g. [11, 21, 16, 38, 18, 15, 39]. These publications mention several use-cases for steganography-application and, for this reason, shed light on the possible motivations for applying steganography. ...
... Internet censorship, to transfer secret information between spies and in the military context, to hide illegal data or to perform stealthy malware communications [11, 21, 16, 38, 18]. Hidden information can be transferred in analog formats, such as in paper letters, but is primarily embedded into digital media, such image, audio and video files [11, 21, 16]. ...
... Hidden information can be transferred in analog formats, such as in paper letters, but is primarily embedded into digital media, such image, audio and video files [11, 21, 16]. In addition, the transfer of hidden information over networks became popular in recent years [18, 39]. Another recent trend in the domain is the embedding of secret information into cyber-physical systems [32, 13, 30]. ...
Steganography is the discipline that deals with concealing the existence of secret communications. Existing research already provided several fundamentals for defining steganography and presented a multitude of hiding methods and countermeasures for this research discipline. We identified that no work exists that discusses the process of applying steganography from an individual's perspective. This paper presents a phase model that explains pre-conditions of applying steganography as well as the decision-making process and the final termination of a steganographic communication. The model can be used to explain whether an individual can use steganography and to explain whether and why an individual desires to use steganography. Moreover, the model can be used in research publications to indicate the addressed model's phase of scientific contributions. Furthermore, our model can be used to teach the process of steganography-application to students.
... Network covert channels are communication paths that allow a hidden and unforeseen data exchange in computer networks. These channels are created by so-called hiding methods and belong to the research domain of Network Steganography [2,1]. Covert channels can enable stealthy malware communications, constant unnoticeable data leakage from organizations, hidden communications of intelligence organizations, or covert communications for journalists to transfer illicit information under censorship [2]. ...
... These channels are created by so-called hiding methods and belong to the research domain of Network Steganography [2,1]. Covert channels can enable stealthy malware communications, constant unnoticeable data leakage from organizations, hidden communications of intelligence organizations, or covert communications for journalists to transfer illicit information under censorship [2]. Recently, we are witnessing a raising interest from the security community in information hiding techniques and a rising utilization of the methods by cybercriminals. ...
... Several suveys on network covert channels exist, e.g. [1,2,3]. Within these publications, the authors discovered more than hundred hiding methods. ...
The utilization of information hiding is on the rise among cybercriminals, e.g. to cloak the communication of malicious software as well as by ordinary users for privacy-enhancing purposes. A recent trend is to use network traffic in form of covert channels to convey secrets. In result, security expert training is incomplete if these aspects are not covered.
This paper fills this gap by providing a method for teaching covert channel analysis of network protocols. We define a sample protocol called Covert Channel Educational Analysis Protocol (CCEAP) that can be used in didactic environments. In addition, compared to previous works we lower the barrier for understanding network covert channels by eliminating the requirement for students to understand several network protocols in advance.
... Steganography has been applied in ancient Greece, in several wars, including World War I and II, and to digital media (digital images, audio files, and digital videos) [1, 3]. Network steganography or network information hiding, the most recent sub-discipline of steganography, deals with the hiding of information in network traffic [4]. Well over 100 methods for hiding in network transmissions were published since Girling introduced the first methods in 1987 [5]. ...
... The introduction of patterns moreover allows to handle hiding methods under a unified term (the pattern) instead of several separate terms introduced by previous research. Mazurczyk et al. refined parts of Wendzel's et al. work in [4]. On the basis of hiding patterns, a new academic workflow was defined by Wendzel and Palmer for the creativity evaluation of network information hiding methods [7]. ...
... (Wendzel et al., 2015) and (Mazurczyk et al., 2016) Unified Description for Hiding Methods ...
Full-text is available here: http://www.jucs.org/jucs_22_11/unified_description_for_network
Until now hiding methods in network steganography have been described in arbitrary ways, making them difficult to compare. For instance, some publications describe classical channel characteristics, such as robustness and bandwidth, while others describe the embedding of hidden information. We introduce the first unified description of hiding methods in network steganography. Our description method is based on a comprehensive analysis of the existing publications in the domain. When our description method is applied by the research community, future publications will be easier to categorize, compare and extend. Our method can also serve as a basis to evaluate the novelty of hiding methods proposed in the future.
... Over the years, many types of covert channels have been revealed, researched, and analyzed. To evade DLP and monitoring solutions, an attacker may conceal data in ICMP, HTTP(S), DNS, SMTP, and other common protocols [39], [41]. However, because air-gapped networks lack connectivity to the Internet, the attacker must use non-standard ways to exfiltrate data. ...
... Attackers may use legitimate network traffic to conceal and hide data in traditional covert channels. For instance, information may be hidden within TCP headers, HTTPS requests, DNS extra fields, and SMTP messages [39]. The attacker may also use techniques such as stenography and image or video manipulations to hide textual binary data [38]. ...
This paper introduces a new type of attack on isolated, air-gapped workstations. Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band. The Serial ATA (SATA) is a bus interface widely used in modern computers and connects the host bus to mass storage devices such as hard disk drives, optical drives, and solid-state drives. The prevalence of the SATA interface makes this attack highly available to attackers in a wide range of computer systems and IT environments. We discuss related work on this topic and provide technical background. We show the design of the transmitter and receiver and present the implementation of these components. We also demonstrate the attack on different computers and provide the evaluation. The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver. Furthermore, we show that the attack can operate from user mode, is effective even from inside a Virtual Machine (VM), and can successfully work with other running workloads in the background. Finally, we discuss defense and mitigation techniques for this new air-gap attack.
... It can not fully support identification of new types of covert channels. Also, the evaluation of covert channels in application layer protocols is relatively new [30]. However, it is not clear whether other patterns would classify covert channels on this layer more suitable. ...
... However, it is not clear whether other patterns would classify covert channels on this layer more suitable. The original pattern-based taxonomy [50] was extended twice [28,30], showing the potential for further improvements and additions. ...
Synchronized clocks are vital for most communication scenarios in networks of Information Technology (IT) and Operational Technology (OT). The process of time synchronisation requires transmission of high-precision timestamps often originating from external sources. In this paper, we analyze how time synchronization protocols impose a threat by being leveraged as carrier for network covert channels. This paper is an extended version version of our open-access paper [15] in which we performed an in-depth analysis of the Network Time Protocol (NTP) in regards to covert channels. In this extended version, we broaden the view and take a look and time synchronisation in a more general way as we provide two comprehensive threat scenarios regarding covert channels and discuss the applicability of such covert channels to another time synchronisation protocol, namely the Precision Time Protocol, PTP. While the Network Time Protocol (NTP) is the most prevalent protocol for synchronizing clocks in IT networks, the Precision Time Protocol (PTP) is mostly found in networks of Industrial Control Systems (ICS) due to higher demands regarding accuracy and resolution. To illustrate the threat of covert channels in such protocols we describe two threat scenarios, one for the Network Time Protocol and one for the Precision Time Protocol. For NTP we perform a systematic in-depth analysis of covert channels. Our analysis results in the identification of 49 covert channels, by applying a covert channel pattern-based taxonomy. The summary and comparison based on nine selected key attributes show that NTP proofs itself as a plausible carrier for covert channels. The analysis results are evaluated in regards to common behavior of NTP implementations in six major operating systems. Two channels are selected and implemented to be evaluated in network test-beds. By hiding encrypted high entropy data in a high entropy field of NTP we show in our first assessment that practically undetectable channels can be implemented in NTP, motivating the required further research. In our evaluation, we analyze 40,000 NTP server responses from public NTP server providers and discuss potential countermeasures. Finally, we discuss the relevance, applicability and resulting threat of these findings for the Precision Time Protocol.
... Cryptography is a method of keeping information secret and providing a guarantee that only authorized parties should have access to it by making that structured data difficult to recognize by appearing to be random. This is distinct from steganography [16], which attempts to hide information by embedding it in some other object (e.g., a digital image, a data stream, etc.). With a cryptographic approach, Alice and Bob would like to share information that they want to keep secret from an adversary, Eve. ...
Cryptography and Machine Learning are two computational science fields that intuitively seem related. Privacy-preserving machine learning-either utilizing encrypted models or learning over encrypted data-is an exploding field thanks to the maturation of primitives such as fully homomorphic encryption and secure multiparty computation. However there has been surprisingly little work on applying recent advances in machine learning to the task of cryptanalysis, the branch of cryptography that studies how cryptographic ciphers can be attacked. In particular, while a cryptographic cipher seeks to keep certain information secret by making it appear random, discerning patterns and structure from random data is a common machine learning task. This poster paper proposes EveGAN, an approach that treats cryptanalysis as a language translation problem. While treating cipher cracking as a language translation problem has been validated against a handful of classical substitution ciphers, the EveGAN approach builds on these results to create a new class of generative deep learning-based cryptanalysis attacks.
CCS CONCEPTS • Security and privacy → Cryptanalysis and other attacks; • Computing methodologies → Adversarial learning; Neural networks.
... Cryptography is a method of keeping information secret and providing a guarantee that only authorized parties should have access to it by making that structured data difficult to recognize by appearing to be random. This is distinct from steganography [16], which attempts to hide information by embedding it in some other object (e.g., a digital image, a data stream, etc.). With a cryptographic approach, Alice and Bob would like to share information that they want to keep secret from an adversary, Eve. ...
Please see the final published paper at https://dl.acm.org/doi/10.1145/3548606.3563493
Cryptography and Machine Learning are two computational science fields that intuitively seem related. Privacy-preserving machine learning–either utilizing encrypted models or learning over encrypted data–is an exploding field thanks to the maturation of primitives such as fully homomorphic encryption and secure multiparty computation. However there has been surprisingly little work on applying recent advances in machine learning to the task of cryptanalysis, the branch of cryptography that studies how cryptographic ciphers can be attacked. In particular, while a cryptographic cipher seeks to keep certain information secret by making it appear random, discerning patterns and structure from random data is a common machine learning task. This poster paper proposes EveGAN, an approach that treats cryptanalysis as a language translation problem. While treating cipher cracking as a language translation problem has been validated against a handful of classical substitution ciphers, the EveGAN approach builds on these results to create a new class of generative deep learning-based cryptanalysis attacks.
... As a result of the developments in information technologies, different Web tools have been developed and offered for use so that individuals can access the data they need and interact with the data (Akkoyunlu & Kurbanoğlu, 2003;Castells, 2011;Mazurczyk, Wendzel, Zander, Houmansadr & Szczypiorski, 2016). In the process of developing technologies and the integration of these technologies into education, Web 2.0 tools have come to the fore. ...
The purpose of the current study is to investigate the effect of using Web 2.0 tools in the teaching of socio-scientific issues on pre-service science teachers. A total of 24 senior pre-service science teachers attending a state university in the spring term of the 2021-2022 academic year participated in the study. The study was conducted with the participation of pre-service science teachers taking the course of Teaching Practice II, using different Web 2.0 tools on 6 different socio-scientific issues. The study employed the mixed method. In the quantitative dimension of the study, the "Web 2.0 Rapid Content Development Self-Efficacy Belief Scale" and the "Scale of Attitudes towards Socio-scientific Issues" were used as data collection tools. In the qualitative dimension of the study, interviews were conducted with the pre-service science teachers using a semi-structured interview form in order to get the opinions of the pre-service science teachers on the Web 2.0 tools-assisted teaching of socio-scientific issues. The quantitative data were analysed using the SPSS 20.00 program package while the qualitative data were analyzed by using the content analysis method. According to the results of the study, no statistically significant difference was observed between the pre-test and post-test mean attitude scores of the pre-service science teachers. However, a statistically significant difference was observed between the pre-test and post-test mean scores taken from the "Web 2.0 Rapid Content Development Self-Efficacy Belief Scale". When the qualitative findings of the study were evaluated, it was seen that the pre-service teachers were of the opinion that the use of socio-scientific issues in science lessons most improved their skill of solving problems in daily life. When the pre-service teachers were asked the techniques they preferred in the teaching of socio-scientific issues, the discussion technique came to the fore. Pre-service teachers think that socio-scientific issues should be taught as a required or elective course in undergraduate education. Among the discussion topics addressed in the project process, "Genetically Modified Organisms (GMOs)" was the subject that most attracted the attention of the pre-service teachers. When asked about the positive and negative aspects of Web 2.0 tools in science education, the pre-service teachers stated effective and permanent learning as the positive aspect and technological inadequacies as the negative aspect. Permanent learning came to the fore again when the pre-service teachers were asked about the contributions of the use of Web 2.0 tools in the teaching of socio-scientific issues to the educational process. The pre-service teachers found Scrumlr.io and Edmodo applications among the Web 2.0 tools much more useful in the teaching of socio-scientific issues. In addition, the pre-service teachers stated that they would make use of Web 2.0 tools in socio-scientific issue-based teaching in their professional lives in the future.
... In computer security, a covert channel is an attack that enables transferring information between two entities (e.g., computers) that are not allowed to communicate. Over the years, many network protocols have been studied in the context of covert communication, including IP, TCP and UDP, HTTP, SMTP, DNS, and others [37]. It is also possible to encode information in packet timing, and image data [42]. ...
Highly secure devices are often isolated from the Internet or other public networks due to the confidential information they process. This level of isolation is referred to as an 'air-gap .' In this paper, we present a new technique named ETHERLED, allowing attackers to leak data from air-gapped networked devices such as PCs, printers, network cameras, embedded controllers, and servers. Networked devices have an integrated network interface controller (NIC) that includes status and activity indicator LEDs. We show that malware installed on the device can control the status LEDs by blinking and alternating colors, using documented methods or undocumented firmware commands. Information can be encoded via simple encoding such as Morse code and modulated over these optical signals. An attacker can intercept and decode these signals from tens to hundreds of meters away. We show an evaluation and discuss defensive and preventive countermeasures for this exfiltration attack.
... Further, the creators of such a CC might add random sleep timers to obfuscate the appearance of malicious behavior or might try to normalize the packet runtime. These ideas were for instance described in [43,40] and applied for traffic normalizers [44] to mitigate timing side and timing based covert channels, but they also can be applied to counter our detection approach. Further, the fewer the share of CC packets in a set of data, the less likely it is to detect the existence of covert information flows. ...
In current research, reversible network-level covert channels are receiving more and more attention. The restoration of the original data leaves little evidence for detection, especially if the implementation is plausibly deniable. Recently, such a channel based on one-time password hash chains has been published. The covert channel uses repeated computational intensive operations to restore a modified hash and to extract covert information transferred within. In this paper, we present an approach that observes the influence of repeated MD5, SHA2-384, SHA3-256 and SHA3-512 hash-operations on packet runtimes. Besides these hash algorithms, we also investigate whether the alphabet that the Covert Sender and the Covert Receiver agreed upon, has an influence on our detection approach. For each algorithm, we carry out three experiments with different alphabets: one without a covert channel, one with a covert channel altering all hashes, and finally, one with a covert channel altering every second hash. We further repeat each experiment ten times and define a threshold for packet runtimes without modified hashes. Also, we investigate the detectability of computational intensive reversible covert channels for all our scenarios and evaluate the detection rate depending on the number of observed packets. In addition, we describe countermeasures and limitations of our detection method and, finally, discuss application scenarios for existing network environments.
... Toutefois, elle nécessiterait soit un processus local ad hoc, soit un nombre plus important de transmissions sur le plan de contrôle afin de mettre à jour les tables de flux, au détriment de la longévité de la batterie du drone. D'autres pistes, comme la stéganographie pour transporter des données sensibles pourraient être explorées [93] [94], mais elles sont hors du champ de cette thèse. ...
Les drones sont de plus en plus présents, dans nos vies pour le loisir comme dans l'industrie. Les prévisions sur le marché des drones civils envisagent une croissance importante sur les prochaines années et pourrait atteindre 10 à 20 milliards d'euros au niveau mondial.Si les missions confiées aux drones ont tout d'abord considéré des drones isolés, certains types de missions nécessitent la collaboration de plusieurs d'entre eux au sein d'une flotte.Une flotte de drones nécessite la mise en œuvre et la disponibilité d’un réseau sans fil pour toute les tâches ayant trait d’une part à la mission et d’autre part à toute coordination ou synchronisation. Les réseaux sans fil sont par nature ouverts sur l’extérieur et il se pose donc la question de leur sécurisation. Plusieurs travaux de recherche ont abordé cette question avec différents angles d’attaque : la couche physique, les protocoles de routage, les systèmes multi agents. Mais aucun n’aborde la question de la sécurisation de l’accès à ce réseau et peu ont étudié la question des réponses à apporter en cas d’attaque.Dans cette thèse nous proposons une architecture orientée vers la sécurité permettant une meilleure maîtrise des communications dans le réseau, et s'affranchissant entièrement de toute infrastructure fixe au sol. Cette architecture allie les réseaux définis par logiciels (SDN), qui est une technologie qui a émergé récemment, avec AODV, un protocole de routage adapté aux réseaux ad hoc de type FANET. Nous démontrons que cette architecture permet de protéger le réseau contre la plupart des attaques depuis l'extérieur. Cette architecture nous permet également d'obtenir une bonne connaissance de l'activité dans le réseau, pré-requis pour améliorer la sécurité.De cette connaissance, nous proposons d'une part une technique de détection d'injection de trafic depuis l'extérieur et une méthode pour s'en défendre. D'autre part, nous proposons un ensemble de caractéristiques mesurables de l’activité du réseau propres à être utilisées avec un algorithme d’apprentissage automatique.Nous démontrons la pertinence de ces mesures en entraînant un modèle de classification par apprentissage supervisé de type Random Forest sur un ensemble de captures réseaux présentant des attaques sur le réseau: déni de service (DoS), balayage de ports, découverte de mot de passe (brute force) et déni de service distribué (DDoS). Les performances en terme de détection d’attaques basées sur ces caractéristiques sont prometteuses, non seulement en terme de précision mais également en terme de vitesse de détection, offrant ainsi la possibilité d'une réaction en temps réel. Cette réaction peut être mise en œuvre grâce à l'architecture proposée dans cette thèse. Des tests sur des scénarios représentatifs d'un trafic réseau pour une flotte de drones montrent que le modèle est capable de généraliser avec de bonnes performances sur notre cas d'étude.
... Also, the scope of numerical challenges will be extended from chaotic random numbers to other branches of IT security. Moreover, the introduction of redundancy by higher radix representations, e. g. by skipping normalization [2], opens the path for information hiding, e. g. storage covert channels [18], in such representations, which we plan to investigate further. ...
Chaotic Pseudo Random Number Generators have been seen as a promising candidate for secure random number generation. Using the logistic map as state transition function, we perform number generation experiments that illustrate the challenges when trying to do a replication study. Those challenges range from uncertainties about the rounding mode in arithmetic hardware over chosen number representations for variables to compiler or programmer decisions on evaluation order for arithmetic expressions. We find that different decisions lead to different streams with different security properties, where we focus on period length. However, descriptions in articles often are not detailed enough to deduce all decisions unambiguously. To address similar problems in other replication studies for security applications, we propose recommendations for descriptions of numerical experiments on security applications to avoid the above challenges. Moreover, we use the results to propose the use of higher-radix and mixed-radix representations to trade storage size for period length, and investigate if exploiting the symmetry of the logistic map function for number representation is advantageous.
... By using steganography, it is possible to create parasitic communication paths, which are often defined as covert channels, see, e.g., Refs. [6][7][8] for an overview on the topic. Specifically, data can be hidden within a suitable carrier (e.g., part of a protocol data unit that is not used or optional) to allow remote endpoints to covertly exchange information. ...
The DICOM (Digital Imaging and COmmunication in Medicine) standard provides a framework for a diagnostically-accurate representation, processing, transfer, storage and display of medical imaging data. Information hiding in DICOM is currently limited to the application of digital media steganography and watermarking techniques on the media parts of DICOM files, as well as text steganographic techniques for embedding information in metadata of DICOM files. To improve the overall security of the DICOM standard, we investigate its susceptibility to network steganographic techniques. To this aim, we develop several network covert channels that can be created by using a specific transport mechanism – the DICOM Message Service and Upper Layer Service. The bandwidth, undetectability and robustness of the proposed covert channels are evaluated, and potential countermeasures are suggested. Moreover, a detection mechanism leveraging entropy-based metrics is introduced and its performance has been assessed.
... Steganography is a process of hiding data in text, audio, image or video data, and also in computer network traffic [13,23]. Due to the complexity of computer systems, it is easier to construct a hidden, steganographic channel than it is to detect it. ...
Information hiding techniques are becoming a major threat in network communication. This paper describes how to modify an intrusion detection system (IDS) to detect certain types of steganography. As a sample IDS we use open-source Zeek software. We show how to adapt it for the purpose of steganalysis. Additionally, we propose a set of validation tests that are suitable for detecting steganography and describe how they were applied to different types of covert channels. We also suggest how to build a steganography detection system by integrating Zeek with a security information and event management system with log and alert support. The scripts are freely available for download at https://github.com/indianatoms/Stego-Aware-NIDS.
... Covert channels in network steganography have been described and surveyed in several publications, e.g., [12][13][14][15]17]. Yet, the diversity of network covert channels in the field of network steganography has been dynamically evolving in the last few years [15,16]. ...
Recently, new methods were discovered to secretly store information in network protocol caches by exploiting functionalities of ARP and SNMP. Such a covert storage cache is referred to as a "Dead Drop". In our present research, we demonstrate that hidden information can also be stored on systems with an active NTP service. We present one method based upon ephemeral associations and one method based upon the most recently used (MRU) list and measure their storage duration and capacity. Our approach improves over the previous approach with ARP as it allows to transport hidden information across the internet and thus outside of local area networks. The preliminary results for both Dead Drops indicate that more than 100 entries with secret data can persist for several hours. Finally, we discuss the detectability and countermeasures of the proposed methods as well as their limitations.
... In ancient battlefields, soldiers made use of the board to conceal information to mislead enemies; in a letter, the special shape of some characters was changed and some strokes were added for the same purpose. Over time, these carriers have evolved from the image [2,3] to other fields, such as text [4,5], then video [6,7], network protocol [8,9], audio [10][11][12], and Voice over IP (VoIP) [13][14][15][16]. In contrast with other carriers, VoIP has many advantages, such as high convert bandwidth, flexible conversation length, and a large amount of carrier data. ...
Steganalysis of adaptive multi-rate (AMR) speech is a hot topic for controlling cybercrimes grounded in steganography in related speech streams. In this paper, we first present a novel AMR steganalysis model, which utilizes extreme gradient boosting (XGBoost) as the classifier, instead of support vector machines (SVM) adopted in the previous schemes. Compared with the SVM-based model, this new model can facilitate the excavation of potential information from the high-dimensional features and can avoid overfitting. Moreover, to further strengthen the preceding features based on the statistical characteristics of pulse pairs, we present the convergence feature based on the Markov chain to reflect the global characterization of pulse pairs, which is essentially the final state of the Markov transition matrix. Combining the convergence feature with the preceding features, we propose an XGBoost-based steganalysis scheme for AMR speech streams. Finally, we conducted a series of experiments to assess our presented scheme and compared it with previous schemes. The experimental results demonstrate that the proposed scheme is feasible, and can provide better performance in terms of detecting the existing steganography methods based on AMR speech streams.
... Un canal caché désigne tout procédé par lequel un lien de communication est établi entre deux entités qui ne sont pas autorisées à communiquer par la politique de sécurité et qui échappe à toute supervision [3]. Les canaux cachés sont étudiés depuis longtemps et peuvent intervenir à différentes couches du modèle OSI [4]. Récemment, certains travaux se sont focalisés sur la mise en oeuvre de canaux cachés par compromission d'interfaces de communication radiofréquence [5] par sur-modulation, appelés signaux polyglottes. ...
... Moreover, control protocols can be used on top of covert channels, representing a form of C&C channel. Such control protocols allow to upload a newer version of a malware binary, to select a different encryption or covert signing scheme, to switch from one steganographic method to another or to apply dynamic overlay routing to bypass firewalls [9]. Malware can also apply network covert channels to conceal the exfiltration of organizational data over the network and to bypass firewalls by hiding data in transmissions that are not affected by its filtering policy. ...
Compared to cryptography, steganography is a less discussed domain. However, there is a recent trend of exploiting various information hiding techniques to empower malware, for instance to bypass security frameworks of mobile devices or to exfiltrate sensitive data. This is mostly due to the need to counteract increasingly sophisticated security mechanisms, such as code analysis, runtime countermeasures, or real-time traffic inspection tools. In this perspective, this paper presents malware exploiting information hiding in a broad sense, i.e., it does not focus on classical covert channels, but also discusses other camouflage techniques. Differently from other works, this paper solely focuses on real-world threats observed in the 2011 - 2017 timeframe. The observation indicates a growing number of malware equipped with some form of data hiding capabilities and a lack of effective and universal countermeasures.
... Intraprotocol steganography is part of the so-called deep hiding techniques (DHTs). DHTs involve several similar methods such as steganogram scattering, protocol switching covert channels or multilevel steganography (see [6,Chapter 4] for a survey). Below, we briefly review the two most notable examples where an inter-protocol relationship is used for steganography. ...
Due to improvements in defensive systems, network threats are becoming increasingly sophisticated and complex as cybercriminals are using various methods to cloak their actions. This, among others, includes the usage of network steganography which is utilized e.g. to hide the communication between the infected host and malicious control server by embedding commands into an innocent-looking traffic. Currently, a new subtype of such methods emerged called inter-protocol steganography which utilize relationships between two or more overt protocols in order to hide data. In this paper, first, we present new inter-protocol hiding techniques which are suitable for real-time services. Then, we introduce and present preliminary results of a novel steganography detection approach which relies on the network traffic coloring.
... Since then, many network flow watermarking algorithms have been developed and proposed. Recently, Mazurczyk et al. [33] and Iacovazzi et al. [21] presented surveys providing a comprehensive analysis and comparison of the main network flow watermarking solutions known in the literature. ...
Watermarking techniques have been proposed during the last 10 years as an approach to trace network flows for intrusion detection purposes. These techniques aim to impress a hidden signature on a traffic flow. A central property of network flow watermarking is invisibility, i.e., the ability to go unidentified by an unauthorized third party. Although widely sought after, the development of an invisible watermark is a challenging task that has not yet been accomplished. In this paper we take a step forward in addressing the invisibility problem with DROPWAT, an active network flow watermarking technique developed for tracing Internet flows directed to the staging server that is the final destination in a data exfiltration attack, even in the presence of several intermediate stepping stones or an anonymous network. DROPWAT is a timing-based technique that indirectly modifies interpacket delays by exploiting network reaction to packet loss. We empirically demonstrate that the watermark embedded by means of DROPWAT is invisible to a third party observing the watermarked traffic. We also validate DROPWAT and analyze its performance in a controlled experimental framework involving the execution of a series of experiments on the Internet, using Web proxy servers as stepping stones executed on several instances in Amazon Web Services, as well as the TOR anonymous network in the place of the stepping stones. Our results show that the detection algorithm is able to identify an embedded watermark achieving over 95% accuracy while being invisible.
... Steganography seems to be a very promising technology for sharing information, especially in the time " before " post quantum cryptography, when there is still a need for the design of tools to communicate securely and no certainty that most of the contemporary cryptography will survive. As observed in [1] recently, major attention has been paid to constructing image [2] and network [3] steganography methods. Lately, less effort has been applied to text steganography [4], so this work revisited this attractive area for research in combination with social media. ...
In this paper a new method for information hiding in open social networks is introduced. The method, called StegHash, is based on the use of hashtags in various open social networks to connect multimedia files (like images, movies, songs) with embedded hidden messages. The evaluation of the system was performed on two social media services (Twitter and Instagram) with a simple environment as a proof of concept. The experiments proved that the initial idea was correct, thus the proposed system could create a completely new area of threats in social networks.
... Steganography seems to be a very attractive subject area for sharing information via the Internet around the globe without (if possible) any trace. Recently, major attention has been paid to constructing image [1] and network [2] steganography methods. Lately, less effort has been applied to audio steganography [3], so this work revisited this attractive area for research right now. ...
In this paper a new method for information hiding in club music is introduced. The method called StegIbiza is based on using the music tempo as a carrier. The tempo is modulated by hidden messages with a 3-value coding scheme, which is an adoption of Morse code for StegIbiza. The evaluation of the system was performed for several music samples (with and without StegIbiza enabled) on a selected group of testers who had a music background. Finally, for the worst case scenario, none of them could identify any differences in the audio with a 1% margin of changed tempo.
Steganography embraces several hiding techniques which spawn across multiple domains. However, the related terminology is not unified among the different domains, such as digital media steganography, text steganography, cyber-physical systems steganography, network steganography (network covert channels), local covert channels, and out-of-band covert channels. To cope with this, a prime attempt has been done in 2015, with the introduction of the so-called hiding patterns, which allow to describe hiding techniques in a more abstract manner. Despite significant enhancements, the main limitation of such a taxonomy is that it only considers the case of network steganography.
Therefore, this paper reviews both the terminology and the taxonomy of hiding patterns as to make them more general. Specifically, hiding patterns are split into those that describe the embedding and the representation of hidden data within the cover object.
As a first research action, we focus on embedding hiding patterns and we show how they can be applied to multiple domains of steganography instead of being limited to the network scenario. Additionally, we exemplify representation patterns using network steganography. Our pattern collection is available under https://patterns.ztt.hs-worms.de.
Message Queuing Telemetry Transport (MQTT) is a publish-subscribe protocol which is currently popular in Internet of Things (IoT) applications. Recently its 5.0 version has been introduced and ensuring that it is capable of providing services in a secure manner is of great importance. It must be noted that holistic security analysis should also evaluate protocol’s susceptibility to network covert channels. That is why in this paper we present a systematic overview of potential data hiding techniques that can be applied to MQTT 5.0. We are especially focusing on network covert channels that, in order to exchange secrets, exploit characteristic features of this MQTT version. Finally, we develop proof-of-concept implementations of the chosen data hiding techniques and conduct their performance evaluation in order to assess their feasibility in practical setups.
Classical or traditional steganography aims at hiding a secret in cover media such as text, image, audio, video or even in network protocols. Recent research has improved this approach called distributed steganography by fragmenting the secret message and embedding each secret piece into a distinct cover media. The major interest of this approach is to make the secret message detection extremely difficult. However, these file modifications leave fingerprints which can reveal a secret channel to an attacker. Our contribution is a new steganography paradigm transparent to any attacker and resistant to the detection and the secret extraction. Two properties contribute to achieve these goals: the files do not undergo any modification while the distribution of the secret in the multi-cloud storage environment allows us to hide the existence of the covert channel between the communicating parties. Information’s are usually hidden inside the cover media. In this work, the covert media is a pointer to information. Therefore the file carries the information without being modified and the only way to access it is to have the key. Experiments show interesting comparison results with remarkable security contributions. The work can be seen as a new open direction for further research in the field.
Network covert channels break a computer's security policy to establish a stealthy communication. They are a threat being increasingly used by malicious software. Most previous studies on detecting network covert channels using Machine Learning (ML) were tested with a dataset that was created using one single covert channel tool and also are ineffective at classifying covert channels into patterns. In this paper, selected ML methods are applied to detect popular network covert channels. The capacity of detecting and classifying covert channels with high precision is demonstrated. A dataset was created from nine standard covert channel tools and the covert channels are then accordingly classified into patterns and labelled. Half of the generated dataset is used to train three different ML algorithms. The remaining half is used to verify the algorithms' performance. The tested ML algorithms are Support Vector Machines (SVM), k-Nearest Neighbors (k-NN) and Deep Neural Networks (DNN). The k-NN model demonstrated the highest precision rate at 98% detection of a given covert channel and with a low false positive rate of 1%.
Cyber-criminals harness more and more techniques like virtual machines or container-based infrastructures for their malicious activities. The inherent dynamic of these virtual environments simplifies the fast creation of vicious services and hide the involved systems like no other technology before. The primary use of virtualisation and especially containers facilitates software developers and administrators to create new applications, perform tests, debug their code and install pre-defined services based on provided container images. Docker as the most notable container technique provides a great variety of existing container templates, which pave the way for implementing highly dynamic environments. As virtual machines, container-based environments are mostly a short-living on-demand infrastructure, which might be used by cyber-criminals to perform their malicious activities. Especially the virtual layer and the ephemeral nature of the container impede any kind of digital investigation or forensic analysis. In this paper we analyze different methods for network forensic investigation in Docker environments. The virtualisation demands for adapted techniques of packet capture like iptables-manipulation, accessing the internal network bridges or vNICs and the use of software-based techniques. We propose the use of further monitoring processes in Docker swarms to implement a valid packet capture and to collect all relevant network packets. As a result, we define appropriate techniques of packet captures based on parameters of the related container.
Steganography is the art to hide secret information behind video, which should be closely related with video coding standard. As the newest video coding standard, high efficiency video coding (HEVC) has great potential as a new information hiding carrier. This paper proposes a reversible information hiding algorithm based on motion vector for HEVC video. First, The algorithm of this paper chooses information hiding points by assigning different thresholds to different coding unit types. Then the modulation vector is introduced, and the secret embedding is realized on the basis of the inner product of f the motion vector difference and the modulation vector. Experimental results show that the proposed method makes it possible to maintain the visual perceived quality of the secret embedded video. And has higher capacity than other existing schemes. All the extracted information can be recovered without loss of the original compressed video carrier which achieves the reversibility of information hiding.
As the importance and prevalence of web analytics have increased over the last decade, so has the number of user trying to maintain their online anonymity. The Onion Routing (TOR) system is often seen as the best anonymity tool out there and is used by nearly 2.5 million people daily. For a significant number of these users, many of TOR’s features and terms are rather difficult to comprehend; yet, these users tend to believe that TOR offers more privacy protection than what it is actually intended or able to provide. In this paper, the authors specifically focus on the TOR browser – one of the two key components of the TOR system. In particular, the authors demonstrate that if used in its default settings, the TOR browser provides little if any protection against four most common forms of user tracking. Hence, to achieve true online anonymity, extra efforts and vigilance need to be exercised on the part of the TOR user.
This paper presents a new general framework of information hiding, in which the hidden information is embedded into a collection of activities conducted by selected human and computer entities (e.g., a number of online accounts of one or more online social networks) in a selected digital world. Different from other traditional schemes, where the hidden information is embedded into one or more selected or generated cover objects, in the new framework the hidden information is embedded in the fact that some particular digital activities with some particular attributes took place in some particular ways in the receiver-observable digital world. In the new framework the concept of "cover" almost disappears, or one can say that now the whole digital world selected becomes the cover. The new framework can find applications in both security (e.g., steganography) and non-security domains (e.g., gaming). For security applications we expect that the new framework calls for completely new steganalysis techniques, which are likely more complicated, less effective and less efficient than existing ones due to the need to monitor and analyze the whole digital world constantly and in real time. A proof-of-concept system was developed as a mobile app based on Twitter activities to demonstrate the information hiding framework works. We are developing a more hybrid system involving several online social networks.
Download fulltext from https://kar.kent.ac.uk/69008/ or https://arxiv.org/abs/1809.02888.
Published in Proceedings of 2nd International Workshop on Multimedia Privacy and Security (MPS 2018, co-location with ACM CCS 2018), 2018, ACM
Many studies have focused on threats induced by
electromagnetic compatibility for information security. A po-
tential correlation between the information processed by an
electronic device and its emanations represents a real threat for
the confidentiality of the information. Studies have also shown
that the susceptibility of electronic devices represents a non-
negligible risk for its integrity and its availability. In particular,
several Soft-Tempest attacks have been proposed recently in
order to create electromagnetic physical covert channels. These
however focus on a direct correlation between the processed
data and the electromagnetic emanations. In this paper we
propose to investigate indirect attacks involving a local impact of
the electromagnetic emanations, such as a crosstalk, modifying
the behaviour of a component which in turn will contribute to
establish the covert channel. To introduce such second order Soft-
Tempest attack, the case of an attacker controlled communication
line inducing perturbations on the local oscillator of a radio
frequency front-end and creating a polyglot modulation based
covert channel is detailed.
During the last 5 years, the possibility of using physical covert channels to communicate with air-gapped information systems has been widely investigated, the main idea being the instrumentation of software or hardware components in order to code information on a shared physical medium. In complement, logical covert channels in communication protocols have been intensively studied for several decades, mostly relying on unused or reserved fields in frames at logical layers or on the instrumentation of timings and state transitions in the target protocols. Interestingly, the exploitation of physical layer characteristics of legitimate transmissions as covert channels seems to have been underestimated. More recently, an approach was proposed to superimpose two different protocols, one ASK-based and one PSK-based, within the same transmitted PHY frames, thus illustrating the possibility of covert channels using so-called polyglot signals.
In this study, we decided to focus on the possibility of using a compromised radiofrequency transceiver in order to create a covert channel on the physical layer while preserving a legitimate communication. To this end, we considered a classical QPSK transmission system on which a covert communication was implemented by modulating the legitimate (modulated) signal. Several modulation schemes were formalized showing that covert channels based on polyglot signals are not restricted to the use of complementary carrier characteristics (e.g. amplitude for channel 1 and phase for channel 2). For each attack model, a specific receiver has been designed. Finally, we will show that the detection of this kind of RF covert channel, which is not possible with a classical receiver, can be achieved by monitoring some simple RF characteristics with state-of-the-art signal processing algorithms.
Betimsel nitelikteki bu çalışmanın amacı temel eğitim bölümü, sınıf eğitimi anabilim dalı öğretim elemanlarının Web 2.0 araçlarına yönelik görüşlerini belirlemektir. Türkiye’deki farklı üniversitelerde sınıf öğretmenliği bölümünde görev yapan on öğretim elemanının katılımıyla gerçekleştirilen çalışmada, veri toplama araçları olarak demografik bilgi formu ve açık uçlu sorulardan oluşan bir anket formu kullanılmıştır. Veriler içerik analizi ile analiz edilmiştir. Araştırmada, öğretim elemanlarının genel olarak, (a) Web 2.0 araçlarını öğretimsel içerikleri öğrencilere dağıtmak amacıyla kullandıkları; (b) işbirliğine dayalı öğrenme ortamları oluşturmak için kullanılabilecek Web 2.0 araçlarını yeterince kullanmadıkları ve gelecekte de kullanmak istemedikleri; (c) Web 2.0 araçlarını kullanırken teknolojik ve pedagojik boyutta sorunlar yaşadıkları; (d) Web 2.0 araçlarını, öğrenci merkezli öğrenme ortamlarında etkin olarak kullanabilmeleri için ise hizmet içi eğitime ihtiyaç duydukları sonuçlarına ulaşılmıştır.
The purpose of this descriptive study is to set out the views of instructors in the basic education department towards Web 2.0 tools. Survey method was used in the study. Demographic information form and a questionnaire consisting of open ended questions were used as data collection tools in the study carried out with the participation of ten instructors working in basic education departments in different universities of Turkey. The obtained data were analyzed through content analysis. The study results indicated the following: (a) the instructors generally used Web 2.0 tools to distribute instructional content to students; (b) they do not use Web 2.0 tools that can be used to create collaborative learning environments and do not want to use them in future; (c) they experienced problems in technological and pedagogical aspects while using Web 2.0 tools; (d) they need in-service training in order to effectively use Web 2.0 tools in student-centered learning environments.
The cloud concept promises computing as a utility. More and more functions are moved to cloud environments. But this transition comes at a cost: Security and privacy solutions have to be adapted to new challenges in cloud environments. We investigate secret communication possibilities – data transmission concealing its mere existence or some of its characteristics – in clouds. The ability to establish such secret communication provides a powerful instrument to adversaries and can be used to gather information for attack preparation, to conceal the coordination of malicious instances or to leak sensitive data.
In this paper a new method for information hiding in club music is introduced. The method called StegIbiza is based on using the music tempo as a carrier. The tempo is modulated by hidden messages with a 3-value coding scheme, which is an adoption of Morse code for StegIbiza. The evaluation of the system was performed for several music samples (with and without StegIbiza enabled) on a selected group of testers who had a music background. Finally, for the worst case scenario, none of them could identify any differences in the audio with a 1% margin of changed tempo.
This paper presents possibility of using of the DNS (Domain Name System) protocol for creating a simplex communication channel between a malware-infected computer with a compromised DNS server. The proposed channel can be used to steal data or confidential enterprise information secretly.
This paper summarizes the experience and the learning outcomes of students of the “Informatics” specialty at the Episkop Konstantin Preslavsky University of Shumen (Bulgaria) on the problems of computer and network security as a component of their professional training. It is a continuous process starting from the “Computer steganography” course and turning into diploma papers, masters programs, specializations and PhDs in computer and network steganography. The outcome of this training would be bachelors and masters theses, practical activities of experimentation of stego software and steganology in a parallel computing environment, joint scientific publications of lecturers and students.
Covert channels provide means to conceal information transfer between hosts and bypass security barriers in communication networks. Hidden communication is of paramount concern for governments and companies, because it can conceal data leakage and malware communication, which are crucial building blocks used in cyber crime. We propose detectors based on descriptive analytics of traffic (DAT) to facilitate revealing network and transport layer covert channels originated from a wide spectrum of published data-hiding techniques. DAT detectors transform communication data into flexible feature vectors that represent traffic by a set of extracted calculations and estimations. For the case of covert channels, the core of the detection is performed by the combined application of autocorrelation calculations and multimodality measures built upon kernel density estimations and Pareto charts. DAT detectors are devised to be embedded as extensions of network intrusion detection systems, being able to perform fast, lightweight analysis of numerous flows. The present paper focuses specifically on TCP/IP traffic and provides suitable classifications of TCP/IP fields and related covert channel techniques from the perspective of the statistical detection. The proposed methodology is evaluated with public traffic datasets as well as covert channels generated according to main techniques described in the related literature. Copyright
PDF can be downloaded from the journal website: http://www.jucs.org/doi?doi=10.3217/jucs-021-12-1684
Abstract:
The research discipline of network steganography deals with the hiding of information within network transmissions, e.g. to transfer illicit information in networks with Internet censorship.
The last decades of research on network steganography led to more than hundred techniques for hiding data in network transmissions. However, previous research has shown that most of these hiding techniques are either based on the same idea or introduce limited novelty, enabling the application of existing countermeasures.
In this paper, we provide a link between the field of creativity and network steganographic research. We propose a framework and a metric to help evaluating the creativity bound to a given hiding technique. This way, we support two sides of the scientific peer review process as both authors and reviewers can use our framework to analyze the novelty and applicability of hiding techniques. At the same time, we contribute to a uniform terminology in network steganography.
ResearchGate has not been able to resolve any references for this publication.