Application of Steganography for Anonymity through the Internet

In this paper, a novel steganographic scheme based on chaotic iterations is proposed. This research work takes place into the information hiding security framework. The applications for anonymity and privacy through the Internet are regarded too. To guarantee such an anonymity, it should be possible to set up a secret communication channel into a web page, being both secure and robust. To achieve this goal, we propose an information hiding scheme being stego-secure, which is the highest level of security in a well defined and studied category of attacks called "watermark-only attack". This category of attacks is the best context to study steganography-based anonymity through the Internet. The steganalysis of our steganographic process is also studied in order to show it security in a real test framework.Comment: 14 page

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

Transparent authentication methodology in electronic education

In the context of on-line assessment in e-learning, a problem arises when a student taking an exam may wish to cheat by handing over personal credentials to someone else to take their place in an exam, Another problem is that there is no method for signing digital content as it is being produced in a computerized environment. Our proposed solution is to digitally sign the participant’s work by embedding voice samples in the transcript paper at regular intervals. In this investigation, we have demonstrated that a transparent stenographic methodology will provide an innovative and practical solution for achieving continuous authentication in an online educational environment by successful insertion and extraction of audio digital signatures

Stealthy Plaintext

Correspondence through email has become a very significant way of communication at workplaces. Information of most kinds such as text, video and audio can be shared through email, the most common being text. With confidential data being easily sharable through this method most companies monitor the emails, thus invading the privacy of employees. To avoid secret information from being disclosed it can be encrypted. Encryption hides the data effectively but this makes the data look important and hence prone to attacks to decrypt the information. It also makes it obvious that there is secret information being transferred. The most effective way would be to make the information seem harmless by concealing the information in the email but not encrypting it. We would like the information to pass through the analyzer without being detected. This project aims to achieve this by “encrypting” plain text by replacing suspicious keywords with non-suspicious English words, trying to keep the grammatical syntax of the sentences intact

Exploiting online services to enable anonymous and confidential messaging

Mestrado em Cibersegurança na Escola Superior de Tecnologia e Gestão do Instituto Politécnico de Viana do CasteloMessaging services are usually provided within social network platforms and allow these platforms to collect additional information about users, such as what time, for how long, with whom, and where a user communicates. This information enables user identification and is available to the messaging service provider even when communication is encrypted end-to-end. Thus, a gap still exists for alternative messaging services that enable anonymous and confidential communications and that are independent of a specific online service. Online services can still be used to support this messaging service, but in a way that enables users to communicate anonymously and without the knowledge and scrutiny of the online services. In this paper, we propose messaging using steganography and online services to support anonymous and confidential communication. In the proposed messaging service, only the sender and the receiver are aware of the existence of the exchanged data, even if the online services used or other third parties have access to the exchanged secret data containers. This work reviews the viability of using existing online services to support the proposed messaging service. Moreover, a prototype of the proposed message service is implemented and tested using two online services acting as proxies in the exchange of encrypted information disguised within images and links to those images. The obtained results confirm the viability of such a messaging service.Serviços de envio de mensagens instantâneos são normalmente fornecidos por plataformas de rede social e permitem que estas plataformas recolham informações adicionais sobre os utilizadores, como a que horas, por quanto tempo, com quem e onde um utilizador comunica. Esta informação permite a identificação do utilizador e está disponível para o prestador de serviços mesmo quando a comunicação é encriptada de ponta a ponta. Assim, existe ainda uma lacuna para serviços de mensagens alternativos que permitem comunicações anónimas e confidenciais e que são independentes de um serviço online específico. Os serviços online ainda podem ser utilizados para apoiar este serviço de mensagens, mas de uma forma que permite aos utilizadores comunicarem de forma anónima e sem o conhecimento e escrutínio dos serviços online. Neste artigo, propomos mensagens usando esteganografia e serviços online para apoiar comunicações anónimas e confidenciais. No serviço de mensagens proposto, apenas o remetente e o destinatário estão cientes da existência dos dados trocados, mesmo que os serviços online utilizados ou outros terceiros tenham acesso aos contentores de dados secretos trocados. Este trabalho revê a viabilidade de utilizar os serviços online existentes para apoiar o serviço de mensagens proposto. Além disso, um protótipo do serviço de mensagens proposto é implementado e testado usando dois serviços online agindo como proxies na troca de informações encriptadas escondidas dentro de imagens e links para essas imagens. Os resultados obtidos confirmam a viabilidade de tal solução