xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs

In this paper we show how attackers can covertly leak data (e.g., encryption keys, passwords and files) from highly secure or air-gapped networks via the row of status LEDs that exists in networking equipment such as LAN switches and routers. Although it is known that some network equipment emanates optical signals correlated with the information being processed by the device ('side-channel'), intentionally controlling the status LEDs to carry any type of data ('covert-channel') has never studied before. A malicious code is executed on the LAN switch or router, allowing full control of the status LEDs. Sensitive data can be encoded and modulated over the blinking of the LEDs. The generated signals can then be recorded by various types of remote cameras and optical sensors. We provide the technical background on the internal architecture of switches and routers (at both the hardware and software level) which enables this type of attack. We also present amplitude and frequency based modulation and encoding schemas, along with a simple transmission protocol. We implement a prototype of an exfiltration malware and discuss its design and implementation. We evaluate this method with a few routers and different types of LEDs. In addition, we tested various receivers including remote cameras, security cameras, smartphone cameras, and optical sensors, and also discuss different detection and prevention countermeasures. Our experiment shows that sensitive data can be covertly leaked via the status LEDs of switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per LED

Limiting DNS covert channels and network validated DNS

Despite the variety and number of network security devices and policies available, sensitive data, such as intellectual property and business data, can still be surreptitiously sent via the Internet to unscrupulous receivers. Furthermore, few security mechanisms address securing or limiting covert channels. This study defines a framework for determining a rule set to minimize covert channel capacity on the DNS protocol specifically. The information and techniques used in this study may be useful in aiding security professionals and developers with enforcing security policies on DNS and other Internet protocols.;This research resulted in the development of a rudimentary tool, referred to as NV-DNS, capable of detecting and effectively limiting the capability of covert channels in DNS communication packets

Secure digital documents using Steganography and QR Code

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University LondonWith the increasing use of the Internet several problems have arisen regarding the processing of electronic documents. These include content filtering, content retrieval/search. Moreover, document security has taken a centre stage including copyright protection, broadcast monitoring etc. There is an acute need of an effective tool which can find the identity, location and the time when the document was created so that it can be determined whether or not the contents of the document were tampered with after creation. Owing the sensitivity of the large amounts of data which is processed on a daily basis, verifying the authenticity and integrity of a document is more important now than it ever was. Unsurprisingly document authenticity verification has become the centre of attention in the world of research. Consequently, this research is concerned with creating a tool which deals with the above problem. This research proposes the use of a Quick Response Code as a message carrier for Text Key-print. The Text Key-print is a novel method which employs the basic element of the language (i.e. Characters of the alphabet) in order to achieve authenticity of electronic documents through the transformation of its physical structure into a logical structured relationship. The resultant dimensional matrix is then converted into a binary stream and encapsulated with a serial number or URL inside a Quick response Code (QR code) to form a digital fingerprint mark. For hiding a QR code, two image steganography techniques were developed based upon the spatial and the transform domains. In the spatial domain, three methods were proposed and implemented based on the least significant bit insertion technique and the use of pseudorandom number generator to scatter the message into a set of arbitrary pixels. These methods utilise the three colour channels in the images based on the RGB model based in order to embed one, two or three bits per the eight bit channel which results in three different hiding capacities. The second technique is an adaptive approach in transforming domain where a threshold value is calculated under a predefined location for embedding in order to identify the embedding strength of the embedding technique. The quality of the generated stego images was evaluated using both objective (PSNR) and Subjective (DSCQS) methods to ensure the reliability of our proposed methods. The experimental results revealed that PSNR is not a strong indicator of the perceived stego image quality, but not a bad interpreter also of the actual quality of stego images. Since the visual difference between the cover and the stego image must be absolutely imperceptible to the human visual system, it was logically convenient to ask human observers with different qualifications and experience in the field of image processing to evaluate the perceived quality of the cover and the stego image. Thus, the subjective responses were analysed using statistical measurements to describe the distribution of the scores given by the assessors. Thus, the proposed scheme presents an alternative approach to protect digital documents rather than the traditional techniques of digital signature and watermarking

Smart Street Lights and Mobile Citizen Apps for Resilient Communication in a Digital City

Currently, nearly four billion people live in urban areas. Since this trend is increasing, natural disasters or terrorist attacks in such areas affect an increasing number of people. While information and communication technology is crucial for the operation of urban infrastructures and the well-being of its inhabitants, current technology is quite vulnerable to disruptions of various kinds. In future smart cities, a more resilient urban infrastructure is imperative to handle the increasing number of hazardous situations. We present a novel resilient communication approach based on smart street lights as part of the public infrastructure. It supports people in their everyday life and adapts its functionality to the challenges of emergency situations. Our approach relies on various environmental sensors and in-situ processing for automatic situation assessment, and a range of communication mechanisms (e.g., public WiFi hotspot functionality and mesh networking) for maintaining a communication network. Furthermore, resilience is not only achieved based on infrastructure deployed by a digital city's municipality, but also based on integrating citizens through software that runs on their mobile devices (e.g., smartphones and tablets). Web-based zero-installation and platform-agnostic apps can switch to device-to-device communication to continue benefiting people even during a disaster situation. Our approach, featuring a covert channel for professional responders and the zero-installation app, is evaluated through a prototype implementation based on a commercially available street light.Comment: 2019 IEEE Global Humanitarian Technology Conference (GHTC

Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses

As the convergence between our physical and digital worlds continue at a rapid pace, securing our digital information is vital to our prosperity. Most current typical computer systems are unwittingly helpful to attackers through their predictable responses. In everyday security, deception plays a prominent role in our lives and digital security is no different. The use of deception has been a cornerstone technique in many successful computer breaches. Phishing, social engineering, and drive-by-downloads are some prime examples. The work in this dissertation is structured to enhance the security of computer systems by using means of deception and deceit

Anti-Counterfeiting Warnings: Do they Influence Consumer Behavior and Perception of Overt Indicators?

This study examined if overt anti-counterfeiting indicators on product packages and warning labels added to the product, informing that the product might be a counterfeit, influenced participants to spend more time examining the product package for genuineness. The overt indicators used were a QR code, and a holographic security tag that were added to packages as a sticker. There was little research regarding what consumers were looking for when examining a product package to determine if the product was genuine or counterfeit. Arguments for both involving the consumers in the counterfeit identification process, and not involving the consumers in this process were found in previous literature. In this study, the participants wore a set of eye tracking glasses and were given 13 different products to examine, some with no added indicators, some with added QR code indicator, and some with holographic security tag added indicator. Half of the subjects saw the added warning label sticker, and the other half saw the same products with no added warning label. After the participants finished viewing each of the products, they filled out a survey that asked them if they thought the product was genuine or counterfeit, how likely they would be to purchase the product, how much they trusted that the product, and what it was about the product that made them rate it this way. The total amount of time that the participants spent examining the product package, as well as the total amount of time the participants spent examining the added overt anti-counterfeiting indicators on the product package were measured as well. The results revealed that the warning label did have an overall effect on the total amount of time that the participants spent examining the product package, and there was no difference on total time between the two types of indicators. Participants did not pay more attention to one indicator over the other. Further research will be needed to examine true counterfeit products when compared to genuine products, after the addition of the warning labels and the overt anti-counterfeiting indicators to the product package

Black-hearted Sellers in the Skincare Industry: Their Activities and Prevention Strategies

While online purchases have increased substantially since the pandemic, the cases of “black-hearted” sellers taking advantage of their buyers using unethical activities or marketing tactics are increasing as well, especially in the skincare industry. If this continues, it will subsequently result in the online platform to become ‘untrustable’ among the skincare buyers. Hence, this paper aims to examine the activities of black-hearted sellers and suggest solutions that could prevent them from conducting their businesses. Using semi-structured interviews conducted with 20 experienced official skin care sellers, this paper found that the activities generated by the black-hearted sellers are counterfeiting, parallel imports, misleading information, reselling without authorisation, and identity theft. Also, several strategies that can prevent these activities are quality strategy, adjusting price strategies, technology strategies, enforcement strategies, supply chain structure, and marketing communication strategies