660 research outputs found
Application of Steganography for Anonymity through the Internet
In this paper, a novel steganographic scheme based on chaotic iterations is
proposed. This research work takes place into the information hiding security
framework. The applications for anonymity and privacy through the Internet are
regarded too. To guarantee such an anonymity, it should be possible to set up a
secret communication channel into a web page, being both secure and robust. To
achieve this goal, we propose an information hiding scheme being stego-secure,
which is the highest level of security in a well defined and studied category
of attacks called "watermark-only attack". This category of attacks is the best
context to study steganography-based anonymity through the Internet. The
steganalysis of our steganographic process is also studied in order to show it
security in a real test framework.Comment: 14 page
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
Transparent authentication methodology in electronic education
In the context of on-line assessment in e-learning, a problem arises when a student taking an exam may wish to cheat by handing over personal credentials to someone else to take their place in an exam, Another problem is that there is no method for signing digital content as it is being produced in a computerized environment. Our proposed solution is to digitally sign the participant’s work by embedding voice samples in the transcript paper at regular intervals. In this investigation, we have demonstrated that a transparent stenographic methodology will provide an innovative and practical solution for achieving continuous authentication in an online educational environment by successful insertion and extraction of audio digital signatures
Stealthy Plaintext
Correspondence through email has become a very significant way of communication at workplaces. Information of most kinds such as text, video and audio can be shared through email, the most common being text. With confidential data being easily sharable through this method most companies monitor the emails, thus invading the privacy of employees. To avoid secret information from being disclosed it can be encrypted. Encryption hides the data effectively but this makes the data look important and hence prone to attacks to decrypt the information. It also makes it obvious that there is secret information being transferred. The most effective way would be to make the information seem harmless by concealing the information in the email but not encrypting it. We would like the information to pass through the analyzer without being detected. This project aims to achieve this by “encrypting” plain text by replacing suspicious keywords with non-suspicious English words, trying to keep the grammatical syntax of the sentences intact
Exploiting online services to enable anonymous and confidential messaging
Mestrado em Cibersegurança na Escola Superior de Tecnologia e Gestão do Instituto Politécnico de Viana do CasteloMessaging services are usually provided within social network platforms and allow these platforms to collect additional information about users, such as what time, for how long, with whom, and where a user communicates. This information enables user identification and is available to the messaging service provider even when communication is encrypted end-to-end. Thus, a gap still exists for alternative messaging services that enable anonymous and confidential communications and that are independent of a specific online service. Online services can still be used to support this messaging service, but in
a way that enables users to communicate anonymously and without the knowledge and scrutiny of the online services. In this paper, we propose messaging using steganography and online services to support anonymous and confidential communication. In the proposed messaging service, only the sender and the receiver are aware of the existence of the exchanged data, even if the online services used or other third parties have access to the exchanged secret data containers. This work reviews the viability of using existing online services to support the proposed messaging service. Moreover, a prototype of the proposed message service is implemented and tested using two online services acting as proxies in the exchange of encrypted information disguised within images and links to those images.
The obtained results confirm the viability of such a messaging service.Serviços de envio de mensagens instantâneos são normalmente fornecidos por plataformas de rede social e permitem que estas plataformas recolham informações adicionais sobre os utilizadores, como a que horas, por quanto tempo, com quem e onde um utilizador comunica. Esta informação permite a identificação do utilizador e está disponível para o prestador de serviços mesmo quando a comunicação é encriptada de ponta a ponta. Assim, existe ainda uma lacuna para serviços de mensagens alternativos que permitem comunicações anónimas e confidenciais e que são independentes de um serviço online específico. Os serviços online ainda podem ser utilizados para apoiar este serviço de mensagens,
mas de uma forma que permite aos utilizadores comunicarem de forma anónima e sem o conhecimento e escrutínio dos serviços online. Neste artigo, propomos mensagens usando esteganografia e serviços online para apoiar comunicações anónimas e confidenciais. No serviço de mensagens proposto, apenas o remetente e o destinatário estão cientes da existência dos dados trocados, mesmo que os serviços online utilizados ou outros terceiros tenham acesso aos contentores de dados secretos trocados. Este trabalho revê a viabilidade de utilizar os serviços online existentes para apoiar o serviço de mensagens
proposto. Além disso, um protótipo do serviço de mensagens proposto é implementado e testado usando dois serviços online agindo como proxies na troca de informações encriptadas escondidas dentro de imagens e links para essas imagens. Os resultados obtidos confirmam a viabilidade de tal solução
- …