Book

Information Hiding in Communication Networks: Fundamentals, Mechanisms, and Applications

Authors:

Abstract

Describes Information Hiding in communication networks, and highlights their important issues, challenges, trends, and applications. This book provides the fundamental concepts, terminology, and classifications of information hiding in communication networks along with its historical background. Information Hiding In Communication Networks: Fundamentals, Mechanisms, Applications, and Countermeasures begins with introducing data concealment methods and their evolution. Chapter two discusses the existing terminology and describes the model for hidden communication and related communication scenarios. Chapters three to five present the main classes of information hiding in communication networks accompanied by a discussion of their robustness and undetectability. The book concludes with a discussion of potential countermeasures against information hiding techniques, which includes different types of mechanisms for the detection, limitation and prevention of covert communication channels. This book is intended for academics, graduate students, professionals, and researchers working in the fields of network security, networking, and communications.
... This tendency is intensified by the three usage scenarios for which 5G was designed: enhanced mobile broadband, ultra-reliable and low-latency communication, and massive machine-type communication. As an extreme example, we consider that confidential information about the network (be it user profiles or passwords) might be leaked via the air interface to a mobile device in a stealthy way, i.e., via a network covert channel [1]. Because of the richness of 5G, the attacker has a wealth of protocols to choose from. ...
... Network covert channels are always created based on overt network communication between a legitimate sender and receiver. The covert sender and receiver may be the same or different parties than the legitimate participants [1]. ...
... Algorithm 1 Hiding method applied by covert sender. 1 Read input from file: input ← secret message 2 Set counter for overall transmitted PDUs: pdu ← 1 3 Set counter for transmitted covert segments: seg ← 0 4 For each PDU to be transmitted: 5 The proposed covert channel is robust against normal traffic noise due to the reliability measures of the PDCP and the underlying protocols. However, it can be limited or even completely eliminated by traffic normalization of the reserved bits in the PDCP header. ...
Article
Full-text available
Mobile communication is ubiquitous in everyday life. The fifth generation of mobile networks (5G) introduced 5G New Radio as a radio access technology that meets current bandwidth, quality, and application requirements. Network steganographic channels that hide secret message transfers in an innocent carrier communication are a particular threat in mobile communications as these channels are often used for malware, ransomware, and data leakage. We systematically analyze the protocol stack of the 5G–air interface for its susceptibility to network steganography, addressing both storage and timing channels. To ensure large coverage, we apply hiding patterns that collect the essential ideas used to create steganographic channels. Based on the results of this analysis, we design and implement a network covert storage channel, exploiting reserved bits in the header of the Packet Data Convergence Protocol (PDCP). the covert sender and receiver are located in a 5G base station and mobile device, respectively. Furthermore, we sketch a timing channel based on a recent overshadowing attack. We evaluate our steganographic storage channel both in simulation and real-world experiments with respect to steganographic bandwidth, robustness, and stealthiness. Moreover, we discuss countermeasures. Our implementation demonstrates the feasibility of a covert channel in 5G New Radio and the possibility of achieving large steganographic bandwidth for broadband transmissions. We also demonstrate that the detection of the channel by a network analyzer is possible, limiting its scope to application scenarios where operators are unaware or ignorant of this threat.
... Steganography is a well-known form of information hiding. In this case, the covert data is placed inside carefully chosen and innocent-looking carriers [9]. It must be noted that the inspiration for information hiding techniques is strongly related to phenomena observable in nature. ...
... For instance, blending into the surrounding environment using camouflage techniques allows the exact location of the organism to remain ambiguous. Moreover, it must be noted that in nature as well as in digital environments two broad groups of information hiding mechanisms can be distinguished which enable [9]: ...
... Such an ultrasonic communication is utilized by them to communicate privately in a covert manner and this channel remains undetectable by predators, prey and potential competitors [12]. In current communication networks data hiding by modifying the content or the characteristics of network traffic is one of the most recent examples of such type of information hiding [9]. ...
Article
Cyber-physical Systems (CPS) have raised serious security concerns and thus have been subjected to intensive security research lately. Recent publications have shown that there is a potential to transfer hidden information through CPS environments. In comparison to these existing studies, we demonstrate that CPS cannot only be used to covertly transfer secret data but also to store secret data. Using an analogy to the biological concept of animal scatter hoarding behavior we exemplify CPS secret data storage using automated buildings.1
... As Handel and Sandford already remarked in 1995, practically in every layer of the OSI reference model many different channels are known and can be further constructed [4]. A survey of different methods of covert channels can be found for example in [6,7,11]. ...
... Considering above it must be noted that performing hidden data exchange in the way proposed in this paper, i.e., using network covert storage, is significantly different from how typical network covert channels function. The vast majority of network steganography methods share the same characteristics [7,11], i.e., they require a direct overt communication in which secrets are embedded between the covert sender and the covert receiver. ...
... During several last decades, many network covert channels have been proposed and they have been already surveyed Table 1: Analyzed SNMP traffic [9] from different perspective (see, e.g., [4,[6][7][8][10][11][12][13] and references therein). Thus, in this section, we will focus only on presenting existing works that are utilizing either ARP, SNMP or dead drop-like functioning. ...
Conference Paper
Network covert channels enable various secret data exchange scenarios among two or more secret parties via a communication network. The diversity of the existing network covert channel techniques has rapidly increased due to research during the last couple of years and most of them share the same characteristics, i.e., they require a direct communication between the participating partners. However, it is sometimes simply not possible or it can raise suspicions to communicate directly. That is why, in this paper we introduce a new concept we call ``dead drop'', i.e., a covert network storage which does not depend on the direct network traffic exchange between covert communication sides. Instead, the covert sender stores secret information in the ARP (Address Resolution Protocol) cache of an unaware host that is not involved in the hidden data exchange. Thus, the ARP cache is used as a covert network storage and the accumulated information can then be extracted by the covert receiver using SNMP (Simple Network Management Protocol).
... Steganography is a well-known form of information hiding. In this case, the covert data is placed inside carefully chosen and innocent-looking carriers [9]. It must be noted that the inspiration for information hiding techniques is strongly related to phenomena observable in nature. ...
... For instance, blending into the surrounding environment using camouflage techniques allows the exact location of the organism to remain ambiguous. Moreover, it must be noted that in nature as well as in digital environments two broad groups of information hiding mechanisms can be distinguished which enable [9]: ...
... Such an ultrasonic communication is utilized by them to communicate privately in a covert manner and this channel remains undetectable by predators, prey and potential competitors [12]. In current communication networks data hiding by modifying the content or the characteristics of network traffic is one of the most recent examples of such type of information hiding [9]. ...
Article
Full-text available
Cyber-physical Systems (CPS) have raised serious security concerns and thus have been subjected to intensive security research lately. Recent publications have shown that there is a potential to transfer hidden information through CPS environments. In comparison to these existing studies, we demonstrate that CPS cannot only be used to covertly transfer secret data but also to store secret data. Using an analogy to the biological concept of animal scatter hoarding behavior we exemplify CPS secret data storage using automated buildings.
... Due to improvements in network defenses such techniques are recently gaining an increasing attention from actors like cybercriminals, terrorist and state-sponsored groups as they allow to store data or to cloak communication in a way that is not easily discoverble. 22 There are several real-world cases that reached the attention of the public media, including the following: 23,38 ˲ the arrest of one of al Qaeda's members in Berlin with video files containing hidden information on ongoing and future terrorists' operations (2012), a ˲ the exfiltration of confidential data from the U.S. to Moscow by Russian spies (2010), b ˲ the transfer of child pornographic material by a group of pedophiles called "Shadowz Brotherhood" (2002), c and ˲ the planning of a terrorist attack after the September 11, 2001 attacks. A number of articles suggested that al Qaeda members used steganography to coordinate their actions (2001). ...
... Network steganography deals with the concealment of information within network transmissions. 23 This means that network data that appears to be innocent is actually carrying hidden data. Network information hiding can be used, for example, by malware to conceal its command and control communication (instead of only encrypting it) while it is also suitable for a long-term stealthy data leakage, for example, after an organization was attacked using an advanced persistent threat. ...
... In comparison to digital media steganography, network steganography can be used for a constant data leakage. 23 The biggest concern in law enforcement agencies is that covert techniques are being used to ensure stealth communication among terrorist/ criminals and cybercriminals. ...
Article
The practice of hiding ill-gotten data in digital objects is rising among cyber thieves. New initiatives serve to educate, train, and thwart these activities. Full-text: http://cacm.acm.org/magazines/2018/1/223894/fulltext
... For instance, blending into the surrounding environment using camouflage techniques allows the exact location of the organism to remain ambiguous. Moreover, it must be noted that in nature as well as in digital environments two broad groups of Information Hiding mechanisms can be distinguished which enable [10]: 1) secret data communication: includes methods to exchange messages in a covert manner. ...
... Such an ultrasonic communication is utilized by them to communicate privately in a covert manner and this channel remains undetectable by predators, prey and potential competitors [11]. In current communication networks data hiding by modifying the content or the characteristics of network traffic is one of the most recent examples of this type of Information Hiding [10]. ...
... The measured reading and writing performance is high in comparison to other forms of steganography, e.g., a network covert timing channel [10]. ...
Conference Paper
Cyber Physical Systems (CPS) have raised serious security concerns and thus have been subjected to intensive security research lately. In particular, recent publications suggest that there is a potential to transfer hidden information through CPS environments. In comparison to these existing studies, we demonstrate that CPS cannot only be used to covertly transfer secret data but also to store secret data. Using an analogy to the biological concept of animal scatter hoarding behavior we exemplify CPS secret data storage using smart buildings.
... Several publications discuss the origins of steganography, e.g. [11, 21, 16, 38, 18, 15, 39]. These publications mention several use-cases for steganography-application and, for this reason, shed light on the possible motivations for applying steganography. ...
... Internet censorship, to transfer secret information between spies and in the military context, to hide illegal data or to perform stealthy malware communications [11, 21, 16, 38, 18]. Hidden information can be transferred in analog formats, such as in paper letters, but is primarily embedded into digital media, such image, audio and video files [11, 21, 16]. ...
... Hidden information can be transferred in analog formats, such as in paper letters, but is primarily embedded into digital media, such image, audio and video files [11, 21, 16]. In addition, the transfer of hidden information over networks became popular in recent years [18, 39]. Another recent trend in the domain is the embedding of secret information into cyber-physical systems [32, 13, 30]. ...
Article
Full-text available
Steganography is the discipline that deals with concealing the existence of secret communications. Existing research already provided several fundamentals for defining steganography and presented a multitude of hiding methods and countermeasures for this research discipline. We identified that no work exists that discusses the process of applying steganography from an individual's perspective. This paper presents a phase model that explains pre-conditions of applying steganography as well as the decision-making process and the final termination of a steganographic communication. The model can be used to explain whether an individual can use steganography and to explain whether and why an individual desires to use steganography. Moreover, the model can be used in research publications to indicate the addressed model's phase of scientific contributions. Furthermore, our model can be used to teach the process of steganography-application to students.
... In contrast to cryptography, steganography does not aim to hide the content of a secret transmission but the existence of such a transmission. To this end, steganography methods create covert channels [12]. Covert channels represent hidden channels that break a security policy, i.e., they allow an unforeseen or prohibited communication to take place. ...
... Robustness of steganographic messages against modifications of the carrier has been investigated regularly both in network steganography [12] and in image steganography [4]. However, as the carriers -be it network protocols or digital image formats -are much more complex than numbers, also the modifications are typically much more complex than addition and multiplication that we consider. ...
Conference Paper
Full-text available
A steganographic network storage channel that uses a carrier with a stream of numeric data must consider the possibility that the carrier data is processed before the covert receiver can extract the secret data. A sensor data stream, which we take as an example scenario, may be scaled by multiplication, shifted into a different range by addition, or two streams might be merged by adding their values. This raises the question if the storage channel can be made robust against such carrier modifications. On the other hand, if the pieces of secret data are numeric as well, adding and merging two streams each comprising covert data might be exploited to form a homomorphic covert channel. We investigate both problems as they are related and give positive and negative results. In particular, we present the first homomorphic storage covert channel. Moreover, we show that such type of covert channel is not restricted to sensor data streams, but that very different scenarios are possible.
... A plethora of work on censorship circumvention was published during the last decades. Several authors disguised and/or multiplexed secret communications using either anonymization systems, such as Tor, traffic mimicking, or direct utilization of (network) steganography [29,35]. After censorship resistance and circumvention became more prominent in the early 2000's [26], sophisticated methods and tools emerged. ...
... Succeeding systematic analyses of censorship circumvention tools can be found in [29] and [40]. Newer and more sophisticated approaches aimed at improving the mimicry of existing protocols as well as the tunneling and embedding of steganographic messages in existing protocol traffic (including the replacement of traffic) [35], see, e.g., WebRTC [5], Stegozoa [14], MassBrowser [40] and OUStralopithecus [32] for recent examples. In [14], the authors investigate the throughput of secret messages and also evaluate the detectability compared to transmission efficiency. ...
Conference Paper
Full-text available
An ongoing challenge in censorship circumvention is optimizing the stealthiness of communications, enabled by covert channels. Recently, a new variant called history covert channels has been proposed. Instead of modifying or mimicking legitimate data, such channels solely point to observed data matching secret information. This approach reduces the amount of secret data a sender explicitly must transfer and thus limits detectability. However, the only published history channel is only suitable for special scenarios due to severe limitations in terms of bandwidth. We propose a significant performance enhancement of history covert channels that allows their use in real-world scenarios through utilizing the content of online social media and online archives. Our approach, which we call OPPRESSION (Open-knowledge Compression), takes advantage of the massive amounts of textual data on the Internet that can be referenced by short pointer messages. Broadly, OPPRESSION can be considered a novel encoding strategy for censorship circumvention. We further present and evaluate our open source proof-of-concept implementation of OPPRESSION that can transfer secret data by pointing to popular online media, such as Twitter (now “X”), news websites, Wikipedia entries, and online books. The pointer itself is transmitted through existing censorship circumvention systems. Our approach minimizes the amount of traffic to be concealed in comparison to existing works, even in comparison to compression.
... Over the years, many types of covert channels have been revealed, researched, and analyzed. To evade DLP and monitoring solutions, an attacker may conceal data in ICMP, HTTP(S), DNS, SMTP, and other common protocols [39], [41]. However, because air-gapped networks lack connectivity to the Internet, the attacker must use non-standard ways to exfiltrate data. ...
... Attackers may use legitimate network traffic to conceal and hide data in traditional covert channels. For instance, information may be hidden within TCP headers, HTTPS requests, DNS extra fields, and SMTP messages [39]. The attacker may also use techniques such as stenography and image or video manipulations to hide textual binary data [38]. ...
Preprint
This paper introduces a new type of attack on isolated, air-gapped workstations. Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band. The Serial ATA (SATA) is a bus interface widely used in modern computers and connects the host bus to mass storage devices such as hard disk drives, optical drives, and solid-state drives. The prevalence of the SATA interface makes this attack highly available to attackers in a wide range of computer systems and IT environments. We discuss related work on this topic and provide technical background. We show the design of the transmitter and receiver and present the implementation of these components. We also demonstrate the attack on different computers and provide the evaluation. The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver. Furthermore, we show that the attack can operate from user mode, is effective even from inside a Virtual Machine (VM), and can successfully work with other running workloads in the background. Finally, we discuss defense and mitigation techniques for this new air-gap attack.
... It can not fully support identification of new types of covert channels. Also, the evaluation of covert channels in application layer protocols is relatively new [30]. However, it is not clear whether other patterns would classify covert channels on this layer more suitable. ...
... However, it is not clear whether other patterns would classify covert channels on this layer more suitable. The original pattern-based taxonomy [50] was extended twice [28,30], showing the potential for further improvements and additions. ...
Article
Full-text available
Synchronized clocks are vital for most communication scenarios in networks of Information Technology (IT) and Operational Technology (OT). The process of time synchronisation requires transmission of high-precision timestamps often originating from external sources. In this paper, we analyze how time synchronization protocols impose a threat by being leveraged as carrier for network covert channels. This paper is an extended version version of our open-access paper [15] in which we performed an in-depth analysis of the Network Time Protocol (NTP) in regards to covert channels. In this extended version, we broaden the view and take a look and time synchronisation in a more general way as we provide two comprehensive threat scenarios regarding covert channels and discuss the applicability of such covert channels to another time synchronisation protocol, namely the Precision Time Protocol, PTP. While the Network Time Protocol (NTP) is the most prevalent protocol for synchronizing clocks in IT networks, the Precision Time Protocol (PTP) is mostly found in networks of Industrial Control Systems (ICS) due to higher demands regarding accuracy and resolution. To illustrate the threat of covert channels in such protocols we describe two threat scenarios, one for the Network Time Protocol and one for the Precision Time Protocol. For NTP we perform a systematic in-depth analysis of covert channels. Our analysis results in the identification of 49 covert channels, by applying a covert channel pattern-based taxonomy. The summary and comparison based on nine selected key attributes show that NTP proofs itself as a plausible carrier for covert channels. The analysis results are evaluated in regards to common behavior of NTP implementations in six major operating systems. Two channels are selected and implemented to be evaluated in network test-beds. By hiding encrypted high entropy data in a high entropy field of NTP we show in our first assessment that practically undetectable channels can be implemented in NTP, motivating the required further research. In our evaluation, we analyze 40,000 NTP server responses from public NTP server providers and discuss potential countermeasures. Finally, we discuss the relevance, applicability and resulting threat of these findings for the Precision Time Protocol.
... As wireless sensor networks are used also for sensitive data, an attacker may have an interest in compromising one sensor node (or several), and exfiltrating some data. A typical means to do this is to use a network covert channel in the sensor node's communication with the network sink [10]. To this end, we present a network covert channel that hides within an LT code [7] as a concrete (and easy to explain) implementation of a fountain code. ...
... Steganography is the art of concealing the existence of a secret message in an innocent carrier [10]. For example, the carrier can be a network connection. ...
... Cryptography is a method of keeping information secret and providing a guarantee that only authorized parties should have access to it by making that structured data difficult to recognize by appearing to be random. This is distinct from steganography [16], which attempts to hide information by embedding it in some other object (e.g., a digital image, a data stream, etc.). With a cryptographic approach, Alice and Bob would like to share information that they want to keep secret from an adversary, Eve. ...
Conference Paper
Full-text available
Cryptography and Machine Learning are two computational science fields that intuitively seem related. Privacy-preserving machine learning-either utilizing encrypted models or learning over encrypted data-is an exploding field thanks to the maturation of primitives such as fully homomorphic encryption and secure multiparty computation. However there has been surprisingly little work on applying recent advances in machine learning to the task of cryptanalysis, the branch of cryptography that studies how cryptographic ciphers can be attacked. In particular, while a cryptographic cipher seeks to keep certain information secret by making it appear random, discerning patterns and structure from random data is a common machine learning task. This poster paper proposes EveGAN, an approach that treats cryptanalysis as a language translation problem. While treating cipher cracking as a language translation problem has been validated against a handful of classical substitution ciphers, the EveGAN approach builds on these results to create a new class of generative deep learning-based cryptanalysis attacks. CCS CONCEPTS • Security and privacy → Cryptanalysis and other attacks; • Computing methodologies → Adversarial learning; Neural networks.
... Cryptography is a method of keeping information secret and providing a guarantee that only authorized parties should have access to it by making that structured data difficult to recognize by appearing to be random. This is distinct from steganography [16], which attempts to hide information by embedding it in some other object (e.g., a digital image, a data stream, etc.). With a cryptographic approach, Alice and Bob would like to share information that they want to keep secret from an adversary, Eve. ...
Preprint
Please see the final published paper at https://dl.acm.org/doi/10.1145/3548606.3563493 Cryptography and Machine Learning are two computational science fields that intuitively seem related. Privacy-preserving machine learning–either utilizing encrypted models or learning over encrypted data–is an exploding field thanks to the maturation of primitives such as fully homomorphic encryption and secure multiparty computation. However there has been surprisingly little work on applying recent advances in machine learning to the task of cryptanalysis, the branch of cryptography that studies how cryptographic ciphers can be attacked. In particular, while a cryptographic cipher seeks to keep certain information secret by making it appear random, discerning patterns and structure from random data is a common machine learning task. This poster paper proposes EveGAN, an approach that treats cryptanalysis as a language translation problem. While treating cipher cracking as a language translation problem has been validated against a handful of classical substitution ciphers, the EveGAN approach builds on these results to create a new class of generative deep learning-based cryptanalysis attacks.
... As a result of the developments in information technologies, different Web tools have been developed and offered for use so that individuals can access the data they need and interact with the data (Akkoyunlu & Kurbanoğlu, 2003;Castells, 2011;Mazurczyk, Wendzel, Zander, Houmansadr & Szczypiorski, 2016). In the process of developing technologies and the integration of these technologies into education, Web 2.0 tools have come to the fore. ...
Article
Full-text available
The purpose of the current study is to investigate the effect of using Web 2.0 tools in the teaching of socio-scientific issues on pre-service science teachers. A total of 24 senior pre-service science teachers attending a state university in the spring term of the 2021-2022 academic year participated in the study. The study was conducted with the participation of pre-service science teachers taking the course of Teaching Practice II, using different Web 2.0 tools on 6 different socio-scientific issues. The study employed the mixed method. In the quantitative dimension of the study, the "Web 2.0 Rapid Content Development Self-Efficacy Belief Scale" and the "Scale of Attitudes towards Socio-scientific Issues" were used as data collection tools. In the qualitative dimension of the study, interviews were conducted with the pre-service science teachers using a semi-structured interview form in order to get the opinions of the pre-service science teachers on the Web 2.0 tools-assisted teaching of socio-scientific issues. The quantitative data were analysed using the SPSS 20.00 program package while the qualitative data were analyzed by using the content analysis method. According to the results of the study, no statistically significant difference was observed between the pre-test and post-test mean attitude scores of the pre-service science teachers. However, a statistically significant difference was observed between the pre-test and post-test mean scores taken from the "Web 2.0 Rapid Content Development Self-Efficacy Belief Scale". When the qualitative findings of the study were evaluated, it was seen that the pre-service teachers were of the opinion that the use of socio-scientific issues in science lessons most improved their skill of solving problems in daily life. When the pre-service teachers were asked the techniques they preferred in the teaching of socio-scientific issues, the discussion technique came to the fore. Pre-service teachers think that socio-scientific issues should be taught as a required or elective course in undergraduate education. Among the discussion topics addressed in the project process, "Genetically Modified Organisms (GMOs)" was the subject that most attracted the attention of the pre-service teachers. When asked about the positive and negative aspects of Web 2.0 tools in science education, the pre-service teachers stated effective and permanent learning as the positive aspect and technological inadequacies as the negative aspect. Permanent learning came to the fore again when the pre-service teachers were asked about the contributions of the use of Web 2.0 tools in the teaching of socio-scientific issues to the educational process. The pre-service teachers found Scrumlr.io and Edmodo applications among the Web 2.0 tools much more useful in the teaching of socio-scientific issues. In addition, the pre-service teachers stated that they would make use of Web 2.0 tools in socio-scientific issue-based teaching in their professional lives in the future.
... In computer security, a covert channel is an attack that enables transferring information between two entities (e.g., computers) that are not allowed to communicate. Over the years, many network protocols have been studied in the context of covert communication, including IP, TCP and UDP, HTTP, SMTP, DNS, and others [37]. It is also possible to encode information in packet timing, and image data [42]. ...
Conference Paper
Highly secure devices are often isolated from the Internet or other public networks due to the confidential information they process. This level of isolation is referred to as an 'air-gap .' In this paper, we present a new technique named ETHERLED, allowing attackers to leak data from air-gapped networked devices such as PCs, printers, network cameras, embedded controllers, and servers. Networked devices have an integrated network interface controller (NIC) that includes status and activity indicator LEDs. We show that malware installed on the device can control the status LEDs by blinking and alternating colors, using documented methods or undocumented firmware commands. Information can be encoded via simple encoding such as Morse code and modulated over these optical signals. An attacker can intercept and decode these signals from tens to hundreds of meters away. We show an evaluation and discuss defensive and preventive countermeasures for this exfiltration attack.
... Further, the creators of such a CC might add random sleep timers to obfuscate the appearance of malicious behavior or might try to normalize the packet runtime. These ideas were for instance described in [43,40] and applied for traffic normalizers [44] to mitigate timing side and timing based covert channels, but they also can be applied to counter our detection approach. Further, the fewer the share of CC packets in a set of data, the less likely it is to detect the existence of covert information flows. ...
Article
Full-text available
In current research, reversible network-level covert channels are receiving more and more attention. The restoration of the original data leaves little evidence for detection, especially if the implementation is plausibly deniable. Recently, such a channel based on one-time password hash chains has been published. The covert channel uses repeated computational intensive operations to restore a modified hash and to extract covert information transferred within. In this paper, we present an approach that observes the influence of repeated MD5, SHA2-384, SHA3-256 and SHA3-512 hash-operations on packet runtimes. Besides these hash algorithms, we also investigate whether the alphabet that the Covert Sender and the Covert Receiver agreed upon, has an influence on our detection approach. For each algorithm, we carry out three experiments with different alphabets: one without a covert channel, one with a covert channel altering all hashes, and finally, one with a covert channel altering every second hash. We further repeat each experiment ten times and define a threshold for packet runtimes without modified hashes. Also, we investigate the detectability of computational intensive reversible covert channels for all our scenarios and evaluate the detection rate depending on the number of observed packets. In addition, we describe countermeasures and limitations of our detection method and, finally, discuss application scenarios for existing network environments.
... Toutefois, elle nécessiterait soit un processus local ad hoc, soit un nombre plus important de transmissions sur le plan de contrôle afin de mettre à jour les tables de flux, au détriment de la longévité de la batterie du drone. D'autres pistes, comme la stéganographie pour transporter des données sensibles pourraient être explorées [93] [94], mais elles sont hors du champ de cette thèse. ...
Thesis
Les drones sont de plus en plus présents, dans nos vies pour le loisir comme dans l'industrie. Les prévisions sur le marché des drones civils envisagent une croissance importante sur les prochaines années et pourrait atteindre 10 à 20 milliards d'euros au niveau mondial.Si les missions confiées aux drones ont tout d'abord considéré des drones isolés, certains types de missions nécessitent la collaboration de plusieurs d'entre eux au sein d'une flotte.Une flotte de drones nécessite la mise en œuvre et la disponibilité d’un réseau sans fil pour toute les tâches ayant trait d’une part à la mission et d’autre part à toute coordination ou synchronisation. Les réseaux sans fil sont par nature ouverts sur l’extérieur et il se pose donc la question de leur sécurisation. Plusieurs travaux de recherche ont abordé cette question avec différents angles d’attaque : la couche physique, les protocoles de routage, les systèmes multi agents. Mais aucun n’aborde la question de la sécurisation de l’accès à ce réseau et peu ont étudié la question des réponses à apporter en cas d’attaque.Dans cette thèse nous proposons une architecture orientée vers la sécurité permettant une meilleure maîtrise des communications dans le réseau, et s'affranchissant entièrement de toute infrastructure fixe au sol. Cette architecture allie les réseaux définis par logiciels (SDN), qui est une technologie qui a émergé récemment, avec AODV, un protocole de routage adapté aux réseaux ad hoc de type FANET. Nous démontrons que cette architecture permet de protéger le réseau contre la plupart des attaques depuis l'extérieur. Cette architecture nous permet également d'obtenir une bonne connaissance de l'activité dans le réseau, pré-requis pour améliorer la sécurité.De cette connaissance, nous proposons d'une part une technique de détection d'injection de trafic depuis l'extérieur et une méthode pour s'en défendre. D'autre part, nous proposons un ensemble de caractéristiques mesurables de l’activité du réseau propres à être utilisées avec un algorithme d’apprentissage automatique.Nous démontrons la pertinence de ces mesures en entraînant un modèle de classification par apprentissage supervisé de type Random Forest sur un ensemble de captures réseaux présentant des attaques sur le réseau: déni de service (DoS), balayage de ports, découverte de mot de passe (brute force) et déni de service distribué (DDoS). Les performances en terme de détection d’attaques basées sur ces caractéristiques sont prometteuses, non seulement en terme de précision mais également en terme de vitesse de détection, offrant ainsi la possibilité d'une réaction en temps réel. Cette réaction peut être mise en œuvre grâce à l'architecture proposée dans cette thèse. Des tests sur des scénarios représentatifs d'un trafic réseau pour une flotte de drones montrent que le modèle est capable de généraliser avec de bonnes performances sur notre cas d'étude.
... Also, the scope of numerical challenges will be extended from chaotic random numbers to other branches of IT security. Moreover, the introduction of redundancy by higher radix representations, e. g. by skipping normalization [2], opens the path for information hiding, e. g. storage covert channels [18], in such representations, which we plan to investigate further. ...
Article
Full-text available
Chaotic Pseudo Random Number Generators have been seen as a promising candidate for secure random number generation. Using the logistic map as state transition function, we perform number generation experiments that illustrate the challenges when trying to do a replication study. Those challenges range from uncertainties about the rounding mode in arithmetic hardware over chosen number representations for variables to compiler or programmer decisions on evaluation order for arithmetic expressions. We find that different decisions lead to different streams with different security properties, where we focus on period length. However, descriptions in articles often are not detailed enough to deduce all decisions unambiguously. To address similar problems in other replication studies for security applications, we propose recommendations for descriptions of numerical experiments on security applications to avoid the above challenges. Moreover, we use the results to propose the use of higher-radix and mixed-radix representations to trade storage size for period length, and investigate if exploiting the symmetry of the logistic map function for number representation is advantageous.
... By using steganography, it is possible to create parasitic communication paths, which are often defined as covert channels, see, e.g., Refs. [6][7][8] for an overview on the topic. Specifically, data can be hidden within a suitable carrier (e.g., part of a protocol data unit that is not used or optional) to allow remote endpoints to covertly exchange information. ...
Article
Full-text available
The DICOM (Digital Imaging and COmmunication in Medicine) standard provides a framework for a diagnostically-accurate representation, processing, transfer, storage and display of medical imaging data. Information hiding in DICOM is currently limited to the application of digital media steganography and watermarking techniques on the media parts of DICOM files, as well as text steganographic techniques for embedding information in metadata of DICOM files. To improve the overall security of the DICOM standard, we investigate its susceptibility to network steganographic techniques. To this aim, we develop several network covert channels that can be created by using a specific transport mechanism – the DICOM Message Service and Upper Layer Service. The bandwidth, undetectability and robustness of the proposed covert channels are evaluated, and potential countermeasures are suggested. Moreover, a detection mechanism leveraging entropy-based metrics is introduced and its performance has been assessed.
... Steganography is a process of hiding data in text, audio, image or video data, and also in computer network traffic [13,23]. Due to the complexity of computer systems, it is easier to construct a hidden, steganographic channel than it is to detect it. ...
Conference Paper
Full-text available
Information hiding techniques are becoming a major threat in network communication. This paper describes how to modify an intrusion detection system (IDS) to detect certain types of steganography. As a sample IDS we use open-source Zeek software. We show how to adapt it for the purpose of steganalysis. Additionally, we propose a set of validation tests that are suitable for detecting steganography and describe how they were applied to different types of covert channels. We also suggest how to build a steganography detection system by integrating Zeek with a security information and event management system with log and alert support. The scripts are freely available for download at https://github.com/indianatoms/Stego-Aware-NIDS.
... For instance, Carrara and Adams surveyed out-of-band covert channels over physical media, such as light, sound and air [13] while other authors analyzed details of such channels, e.g., Hanspach and Goetz [14], Cronin et al. [15] and Matyunin et al. [16]. Network covert channel techniques have been summarized by Mazurczyk et al. [17], Wendzel et al. [9] and Zander et al. [18]. Detailed studies of specific network covert channels and their countermeasures were performed by Cabuk et al. [19], Xing et al. [20], Saenger et al. [21], Zander et al. [22] and Zhang et al. [23], just to mention a few. ...
Article
Full-text available
Covert channels enable stealthy communications over innocent appearing carriers. They are increasingly applied in the network context. However, little work is available that exploits cryptographic primitives in the networking context to establish such covert communications. We present a covert channel between two devices where one device authenticates itself with Lamport’s one-time passwords based on a cryptographic hash function. Our channel enables plausible deniability jointly with reversibility and is applicable in different contexts, such as traditional TCP/IP networks, CPS/IoT communication, blockchain-driven systems and local inter-process communications that apply hash chains. We also present countermeasures to detect the presence of such a covert channel, which are non-trivial because hash values are random-looking binary strings, so that deviations are not likely to be detected. We report on experimental results with MD5 and SHA-3 hash functions for two covert channel variants running in a localhost setup. In particular, we evaluate the channels’ time performance, conduct statistical tests using the NIST suite and run a test for matching hash values between legitimate and covert environments to determine our channels’ stealthiness.
... Covert channels in network steganography have been described and surveyed in several publications, e.g., [12][13][14][15]17]. Yet, the diversity of network covert channels in the field of network steganography has been dynamically evolving in the last few years [15,16]. ...
Conference Paper
Recently, new methods were discovered to secretly store information in network protocol caches by exploiting functionalities of ARP and SNMP. Such a covert storage cache is referred to as a "Dead Drop". In our present research, we demonstrate that hidden information can also be stored on systems with an active NTP service. We present one method based upon ephemeral associations and one method based upon the most recently used (MRU) list and measure their storage duration and capacity. Our approach improves over the previous approach with ARP as it allows to transport hidden information across the internet and thus outside of local area networks. The preliminary results for both Dead Drops indicate that more than 100 entries with secret data can persist for several hours. Finally, we discuss the detectability and countermeasures of the proposed methods as well as their limitations.
... In ancient battlefields, soldiers made use of the board to conceal information to mislead enemies; in a letter, the special shape of some characters was changed and some strokes were added for the same purpose. Over time, these carriers have evolved from the image [2,3] to other fields, such as text [4,5], then video [6,7], network protocol [8,9], audio [10][11][12], and Voice over IP (VoIP) [13][14][15][16]. In contrast with other carriers, VoIP has many advantages, such as high convert bandwidth, flexible conversation length, and a large amount of carrier data. ...
Article
Full-text available
Steganalysis of adaptive multi-rate (AMR) speech is a hot topic for controlling cybercrimes grounded in steganography in related speech streams. In this paper, we first present a novel AMR steganalysis model, which utilizes extreme gradient boosting (XGBoost) as the classifier, instead of support vector machines (SVM) adopted in the previous schemes. Compared with the SVM-based model, this new model can facilitate the excavation of potential information from the high-dimensional features and can avoid overfitting. Moreover, to further strengthen the preceding features based on the statistical characteristics of pulse pairs, we present the convergence feature based on the Markov chain to reflect the global characterization of pulse pairs, which is essentially the final state of the Markov transition matrix. Combining the convergence feature with the preceding features, we propose an XGBoost-based steganalysis scheme for AMR speech streams. Finally, we conducted a series of experiments to assess our presented scheme and compared it with previous schemes. The experimental results demonstrate that the proposed scheme is feasible, and can provide better performance in terms of detecting the existing steganography methods based on AMR speech streams.
... Un canal caché désigne tout procédé par lequel un lien de communication est établi entre deux entités qui ne sont pas autorisées à communiquer par la politique de sécurité et qui échappe à toute supervision [3]. Les canaux cachés sont étudiés depuis longtemps et peuvent intervenir à différentes couches du modèle OSI [4]. Récemment, certains travaux se sont focalisés sur la mise en oeuvre de canaux cachés par compromission d'interfaces de communication radiofréquence [5] par sur-modulation, appelés signaux polyglottes. ...
... Moreover, control protocols can be used on top of covert channels, representing a form of C&C channel. Such control protocols allow to upload a newer version of a malware binary, to select a different encryption or covert signing scheme, to switch from one steganographic method to another or to apply dynamic overlay routing to bypass firewalls [9]. Malware can also apply network covert channels to conceal the exfiltration of organizational data over the network and to bypass firewalls by hiding data in transmissions that are not affected by its filtering policy. ...
Article
Full-text available
Compared to cryptography, steganography is a less discussed domain. However, there is a recent trend of exploiting various information hiding techniques to empower malware, for instance to bypass security frameworks of mobile devices or to exfiltrate sensitive data. This is mostly due to the need to counteract increasingly sophisticated security mechanisms, such as code analysis, runtime countermeasures, or real-time traffic inspection tools. In this perspective, this paper presents malware exploiting information hiding in a broad sense, i.e., it does not focus on classical covert channels, but also discusses other camouflage techniques. Differently from other works, this paper solely focuses on real-world threats observed in the 2011 - 2017 timeframe. The observation indicates a growing number of malware equipped with some form of data hiding capabilities and a lack of effective and universal countermeasures.
... Intraprotocol steganography is part of the so-called deep hiding techniques (DHTs). DHTs involve several similar methods such as steganogram scattering, protocol switching covert channels or multilevel steganography (see [6,Chapter 4] for a survey). Below, we briefly review the two most notable examples where an inter-protocol relationship is used for steganography. ...
Conference Paper
Due to improvements in defensive systems, network threats are becoming increasingly sophisticated and complex as cybercriminals are using various methods to cloak their actions. This, among others, includes the usage of network steganography which is utilized e.g. to hide the communication between the infected host and malicious control server by embedding commands into an innocent-looking traffic. Currently, a new subtype of such methods emerged called inter-protocol steganography which utilize relationships between two or more overt protocols in order to hide data. In this paper, first, we present new inter-protocol hiding techniques which are suitable for real-time services. Then, we introduce and present preliminary results of a novel steganography detection approach which relies on the network traffic coloring.
... Since then, many network flow watermarking algorithms have been developed and proposed. Recently, Mazurczyk et al. [33] and Iacovazzi et al. [21] presented surveys providing a comprehensive analysis and comparison of the main network flow watermarking solutions known in the literature. ...
Article
Watermarking techniques have been proposed during the last 10 years as an approach to trace network flows for intrusion detection purposes. These techniques aim to impress a hidden signature on a traffic flow. A central property of network flow watermarking is invisibility, i.e., the ability to go unidentified by an unauthorized third party. Although widely sought after, the development of an invisible watermark is a challenging task that has not yet been accomplished. In this paper we take a step forward in addressing the invisibility problem with DROPWAT, an active network flow watermarking technique developed for tracing Internet flows directed to the staging server that is the final destination in a data exfiltration attack, even in the presence of several intermediate stepping stones or an anonymous network. DROPWAT is a timing-based technique that indirectly modifies interpacket delays by exploiting network reaction to packet loss. We empirically demonstrate that the watermark embedded by means of DROPWAT is invisible to a third party observing the watermarked traffic. We also validate DROPWAT and analyze its performance in a controlled experimental framework involving the execution of a series of experiments on the Internet, using Web proxy servers as stepping stones executed on several instances in Amazon Web Services, as well as the TOR anonymous network in the place of the stepping stones. Our results show that the detection algorithm is able to identify an embedded watermark achieving over 95% accuracy while being invisible.
... Steganography seems to be a very promising technology for sharing information, especially in the time " before " post quantum cryptography, when there is still a need for the design of tools to communicate securely and no certainty that most of the contemporary cryptography will survive. As observed in [1] recently, major attention has been paid to constructing image [2] and network [3] steganography methods. Lately, less effort has been applied to text steganography [4], so this work revisited this attractive area for research in combination with social media. ...
Article
Full-text available
In this paper a new method for information hiding in open social networks is introduced. The method, called StegHash, is based on the use of hashtags in various open social networks to connect multimedia files (like images, movies, songs) with embedded hidden messages. The evaluation of the system was performed on two social media services (Twitter and Instagram) with a simple environment as a proof of concept. The experiments proved that the initial idea was correct, thus the proposed system could create a completely new area of threats in social networks.
Conference Paper
Full-text available
Steganography embraces several hiding techniques which spawn across multiple domains. However, the related terminology is not unified among the different domains, such as digital media steganography, text steganography, cyber-physical systems steganography, network steganography (network covert channels), local covert channels, and out-of-band covert channels. To cope with this, a prime attempt has been done in 2015, with the introduction of the so-called hiding patterns, which allow to describe hiding techniques in a more abstract manner. Despite significant enhancements, the main limitation of such a taxonomy is that it only considers the case of network steganography. Therefore, this paper reviews both the terminology and the taxonomy of hiding patterns as to make them more general. Specifically, hiding patterns are split into those that describe the embedding and the representation of hidden data within the cover object. As a first research action, we focus on embedding hiding patterns and we show how they can be applied to multiple domains of steganography instead of being limited to the network scenario. Additionally, we exemplify representation patterns using network steganography. Our pattern collection is available under https://patterns.ztt.hs-worms.de.
Article
Message Queuing Telemetry Transport (MQTT) is a publish-subscribe protocol which is currently popular in Internet of Things (IoT) applications. Recently its 5.0 version has been introduced and ensuring that it is capable of providing services in a secure manner is of great importance. It must be noted that holistic security analysis should also evaluate protocol’s susceptibility to network covert channels. That is why in this paper we present a systematic overview of potential data hiding techniques that can be applied to MQTT 5.0. We are especially focusing on network covert channels that, in order to exchange secrets, exploit characteristic features of this MQTT version. Finally, we develop proof-of-concept implementations of the chosen data hiding techniques and conduct their performance evaluation in order to assess their feasibility in practical setups.
Article
Full-text available
Classical or traditional steganography aims at hiding a secret in cover media such as text, image, audio, video or even in network protocols. Recent research has improved this approach called distributed steganography by fragmenting the secret message and embedding each secret piece into a distinct cover media. The major interest of this approach is to make the secret message detection extremely difficult. However, these file modifications leave fingerprints which can reveal a secret channel to an attacker. Our contribution is a new steganography paradigm transparent to any attacker and resistant to the detection and the secret extraction. Two properties contribute to achieve these goals: the files do not undergo any modification while the distribution of the secret in the multi-cloud storage environment allows us to hide the existence of the covert channel between the communicating parties. Information’s are usually hidden inside the cover media. In this work, the covert media is a pointer to information. Therefore the file carries the information without being modified and the only way to access it is to have the key. Experiments show interesting comparison results with remarkable security contributions. The work can be seen as a new open direction for further research in the field.
Article
Full-text available
Network covert channels break a computer's security policy to establish a stealthy communication. They are a threat being increasingly used by malicious software. Most previous studies on detecting network covert channels using Machine Learning (ML) were tested with a dataset that was created using one single covert channel tool and also are ineffective at classifying covert channels into patterns. In this paper, selected ML methods are applied to detect popular network covert channels. The capacity of detecting and classifying covert channels with high precision is demonstrated. A dataset was created from nine standard covert channel tools and the covert channels are then accordingly classified into patterns and labelled. Half of the generated dataset is used to train three different ML algorithms. The remaining half is used to verify the algorithms' performance. The tested ML algorithms are Support Vector Machines (SVM), k-Nearest Neighbors (k-NN) and Deep Neural Networks (DNN). The k-NN model demonstrated the highest precision rate at 98% detection of a given covert channel and with a low false positive rate of 1%.
Conference Paper
Full-text available
Cyber-criminals harness more and more techniques like virtual machines or container-based infrastructures for their malicious activities. The inherent dynamic of these virtual environments simplifies the fast creation of vicious services and hide the involved systems like no other technology before. The primary use of virtualisation and especially containers facilitates software developers and administrators to create new applications, perform tests, debug their code and install pre-defined services based on provided container images. Docker as the most notable container technique provides a great variety of existing container templates, which pave the way for implementing highly dynamic environments. As virtual machines, container-based environments are mostly a short-living on-demand infrastructure, which might be used by cyber-criminals to perform their malicious activities. Especially the virtual layer and the ephemeral nature of the container impede any kind of digital investigation or forensic analysis. In this paper we analyze different methods for network forensic investigation in Docker environments. The virtualisation demands for adapted techniques of packet capture like iptables-manipulation, accessing the internal network bridges or vNICs and the use of software-based techniques. We propose the use of further monitoring processes in Docker swarms to implement a valid packet capture and to collect all relevant network packets. As a result, we define appropriate techniques of packet captures based on parameters of the related container.
Conference Paper
Steganography is the art to hide secret information behind video, which should be closely related with video coding standard. As the newest video coding standard, high efficiency video coding (HEVC) has great potential as a new information hiding carrier. This paper proposes a reversible information hiding algorithm based on motion vector for HEVC video. First, The algorithm of this paper chooses information hiding points by assigning different thresholds to different coding unit types. Then the modulation vector is introduced, and the secret embedding is realized on the basis of the inner product of f the motion vector difference and the modulation vector. Experimental results show that the proposed method makes it possible to maintain the visual perceived quality of the secret embedded video. And has higher capacity than other existing schemes. All the extracted information can be recovered without loss of the original compressed video carrier which achieves the reversibility of information hiding.
Article
As the importance and prevalence of web analytics have increased over the last decade, so has the number of user trying to maintain their online anonymity. The Onion Routing (TOR) system is often seen as the best anonymity tool out there and is used by nearly 2.5 million people daily. For a significant number of these users, many of TOR’s features and terms are rather difficult to comprehend; yet, these users tend to believe that TOR offers more privacy protection than what it is actually intended or able to provide. In this paper, the authors specifically focus on the TOR browser – one of the two key components of the TOR system. In particular, the authors demonstrate that if used in its default settings, the TOR browser provides little if any protection against four most common forms of user tracking. Hence, to achieve true online anonymity, extra efforts and vigilance need to be exercised on the part of the TOR user.
Preprint
Full-text available
This paper presents a new general framework of information hiding, in which the hidden information is embedded into a collection of activities conducted by selected human and computer entities (e.g., a number of online accounts of one or more online social networks) in a selected digital world. Different from other traditional schemes, where the hidden information is embedded into one or more selected or generated cover objects, in the new framework the hidden information is embedded in the fact that some particular digital activities with some particular attributes took place in some particular ways in the receiver-observable digital world. In the new framework the concept of "cover" almost disappears, or one can say that now the whole digital world selected becomes the cover. The new framework can find applications in both security (e.g., steganography) and non-security domains (e.g., gaming). For security applications we expect that the new framework calls for completely new steganalysis techniques, which are likely more complicated, less effective and less efficient than existing ones due to the need to monitor and analyze the whole digital world constantly and in real time. A proof-of-concept system was developed as a mobile app based on Twitter activities to demonstrate the information hiding framework works. We are developing a more hybrid system involving several online social networks. Download fulltext from https://kar.kent.ac.uk/69008/ or https://arxiv.org/abs/1809.02888. Published in Proceedings of 2nd International Workshop on Multimedia Privacy and Security (MPS 2018, co-location with ACM CCS 2018), 2018, ACM
Conference Paper
Many studies have focused on threats induced by electromagnetic compatibility for information security. A po- tential correlation between the information processed by an electronic device and its emanations represents a real threat for the confidentiality of the information. Studies have also shown that the susceptibility of electronic devices represents a non- negligible risk for its integrity and its availability. In particular, several Soft-Tempest attacks have been proposed recently in order to create electromagnetic physical covert channels. These however focus on a direct correlation between the processed data and the electromagnetic emanations. In this paper we propose to investigate indirect attacks involving a local impact of the electromagnetic emanations, such as a crosstalk, modifying the behaviour of a component which in turn will contribute to establish the covert channel. To introduce such second order Soft- Tempest attack, the case of an attacker controlled communication line inducing perturbations on the local oscillator of a radio frequency front-end and creating a polyglot modulation based covert channel is detailed.
Conference Paper
Full-text available
During the last 5 years, the possibility of using physical covert channels to communicate with air-gapped information systems has been widely investigated, the main idea being the instrumentation of software or hardware components in order to code information on a shared physical medium. In complement, logical covert channels in communication protocols have been intensively studied for several decades, mostly relying on unused or reserved fields in frames at logical layers or on the instrumentation of timings and state transitions in the target protocols. Interestingly, the exploitation of physical layer characteristics of legitimate transmissions as covert channels seems to have been underestimated. More recently, an approach was proposed to superimpose two different protocols, one ASK-based and one PSK-based, within the same transmitted PHY frames, thus illustrating the possibility of covert channels using so-called polyglot signals. In this study, we decided to focus on the possibility of using a compromised radiofrequency transceiver in order to create a covert channel on the physical layer while preserving a legitimate communication. To this end, we considered a classical QPSK transmission system on which a covert communication was implemented by modulating the legitimate (modulated) signal. Several modulation schemes were formalized showing that covert channels based on polyglot signals are not restricted to the use of complementary carrier characteristics (e.g. amplitude for channel 1 and phase for channel 2). For each attack model, a specific receiver has been designed. Finally, we will show that the detection of this kind of RF covert channel, which is not possible with a classical receiver, can be achieved by monitoring some simple RF characteristics with state-of-the-art signal processing algorithms.
Article
Full-text available
Betimsel nitelikteki bu çalışmanın amacı temel eğitim bölümü, sınıf eğitimi anabilim dalı öğretim elemanlarının Web 2.0 araçlarına yönelik görüşlerini belirlemektir. Türkiye’deki farklı üniversitelerde sınıf öğretmenliği bölümünde görev yapan on öğretim elemanının katılımıyla gerçekleştirilen çalışmada, veri toplama araçları olarak demografik bilgi formu ve açık uçlu sorulardan oluşan bir anket formu kullanılmıştır. Veriler içerik analizi ile analiz edilmiştir. Araştırmada, öğretim elemanlarının genel olarak, (a) Web 2.0 araçlarını öğretimsel içerikleri öğrencilere dağıtmak amacıyla kullandıkları; (b) işbirliğine dayalı öğrenme ortamları oluşturmak için kullanılabilecek Web 2.0 araçlarını yeterince kullanmadıkları ve gelecekte de kullanmak istemedikleri; (c) Web 2.0 araçlarını kullanırken teknolojik ve pedagojik boyutta sorunlar yaşadıkları; (d) Web 2.0 araçlarını, öğrenci merkezli öğrenme ortamlarında etkin olarak kullanabilmeleri için ise hizmet içi eğitime ihtiyaç duydukları sonuçlarına ulaşılmıştır. The purpose of this descriptive study is to set out the views of instructors in the basic education department towards Web 2.0 tools. Survey method was used in the study. Demographic information form and a questionnaire consisting of open ended questions were used as data collection tools in the study carried out with the participation of ten instructors working in basic education departments in different universities of Turkey. The obtained data were analyzed through content analysis. The study results indicated the following: (a) the instructors generally used Web 2.0 tools to distribute instructional content to students; (b) they do not use Web 2.0 tools that can be used to create collaborative learning environments and do not want to use them in future; (c) they experienced problems in technological and pedagogical aspects while using Web 2.0 tools; (d) they need in-service training in order to effectively use Web 2.0 tools in student-centered learning environments.
Article
The cloud concept promises computing as a utility. More and more functions are moved to cloud environments. But this transition comes at a cost: Security and privacy solutions have to be adapted to new challenges in cloud environments. We investigate secret communication possibilities – data transmission concealing its mere existence or some of its characteristics – in clouds. The ability to establish such secret communication provides a powerful instrument to adversaries and can be used to gather information for attack preparation, to conceal the coordination of malicious instances or to leak sensitive data.
Conference Paper
In this paper a new method for information hiding in club music is introduced. The method called StegIbiza is based on using the music tempo as a carrier. The tempo is modulated by hidden messages with a 3-value coding scheme, which is an adoption of Morse code for StegIbiza. The evaluation of the system was performed for several music samples (with and without StegIbiza enabled) on a selected group of testers who had a music background. Finally, for the worst case scenario, none of them could identify any differences in the audio with a 1% margin of changed tempo.
Article
Full-text available
This paper presents possibility of using of the DNS (Domain Name System) protocol for creating a simplex communication channel between a malware-infected computer with a compromised DNS server. The proposed channel can be used to steal data or confidential enterprise information secretly.
Article
Full-text available
This paper summarizes the experience and the learning outcomes of students of the “Informatics” specialty at the Episkop Konstantin Preslavsky University of Shumen (Bulgaria) on the problems of computer and network security as a component of their professional training. It is a continuous process starting from the “Computer steganography” course and turning into diploma papers, masters programs, specializations and PhDs in computer and network steganography. The outcome of this training would be bachelors and masters theses, practical activities of experimentation of stego software and steganology in a parallel computing environment, joint scientific publications of lecturers and students.
ResearchGate has not been able to resolve any references for this publication.