Multi-Level Steganography: Improving Hidden Communication in Networks

The paper presents Multi-Level Steganography (MLS), which defines a new concept for hidden communication in telecommunication networks. In MLS, at least two steganographic methods are utilised simultaneously, in such a way that one method (called the upper-level) serves as a carrier for the second one (called the lower-level). Such a relationship between two (or more) information hiding solutions has several potential benefits. The most important is that the lower-level method steganographic bandwidth can be utilised to make the steganogram unreadable even after the detection of the upper-level method: e.g., it can carry a cryptographic key that deciphers the steganogram carried by the upper-level one. It can also be used to provide the steganogram with integrity. Another important benefit is that the lower-layer method may be used as a signalling channel in which to exchange information that affects the way that the upper-level method functions, thus possibly making the steganographic communication harder to detect. The prototype of MLS for IP networks was also developed, and the experimental results are included in this paper.Comment: 18 pages, 13 figure

Recipes for Resistance: A Censorship Circumvention Cookbook

The increasing centralization of Internet infrastructure and web services, along with advancements in the application of machine learning techniques to analyze and classify network traffic, have enabled the growth and proliferation of Internet censorship. While the Internet filtering infrastructure of censoring authorities improves, cracks and weaknesses in the censorship systems deployed by the state allow Internet users to appropriate existing network protocols in order to circumvent censorship attempts. The relationship between censors and censorship resistors is often likened to a cat-and-mouse game in which resistors struggle to find new gaps in nation-state firewalls through which they can access content freely, while censors are devoted to discovering and closing these gaps as quickly as possible. The life cycle of censorship resistance tools typically begins with their creation, but often ends very quickly as the tools are discovered and blocked by censors whose ability to identify anomalous network traffic continues to grow. In this thesis, we provide several recipes to create censorship resistance systems that disguise user traffic, despite a censor’s complete knowledge of how the system works. We describe how to properly appropriate protocols, maximize censorship-resistant bandwidth, and deploy censorship resistance systems that can stand the test of time

Evaluation of steganographic cost for covert communication in IP networks

Network steganography encompasses the information hiding techniques that can be applied in communication network environments and that utilize hidden data carriers for this purpose. When describing a network steganography method despite the features like steganographic bandwidth, undetectability and robustness also steganographic cost should be considered. It is used as an indicator for the degradation or distortion of the carrier caused by the application of the steganographic method. In this master thesis we are going to evaluate how steganographic cost is affected in two different scenarios when using different steganographic methods, either separated or combined. We want to check the existence of two phenomena that can take place when combining two or more steganographic methods: superposition steganography and zero cost steganography.Ingeniería de TelecomunicaciónTelekomunikazio Ingeniaritz

An examination of the Asus WL-HDD 2.5 as a nepenthes malware collector

The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact this may have for a home user. The paper then outlines the trivial steps in setting up Nepenthes 0.1.7 (a malware collector) for the Asus WL-HDD 2.5 according to the Nepenthes and tests the feasibility of running the malware collector on the selected device. The paper then concludes on discussing the limitations of the device when attempting to execute Nepenthes