Smart techniques and tools to detect Steganography - a viable practice to Security Office Department

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementInternet is today a commodity and a way for being connect to the world. It is through Internet is where most of the information is shared and where people run their businesses. However, there are some people that make a malicious use of it. Cyberattacks have been increasing all over the recent years, targeting people and organizations, looking to perform illegal actions. Cyber criminals are always looking for new ways to deliver malware to victims to launch an attack. Millions of users share images and photos on their social networks and generally users find them safe to use. Contrary to what most people think, images can contain a malicious payload and perform harmful actions. Steganography is the technique of hiding data, which, combined with media files, can be used to place malicious code. This problem, leveraged by the continuous media file sharing through massive use of digital platforms, may become a worldwide threat in malicious content sharing. Like phishing, people and organizations must be trained to suspect about inappropriate content and implement the proper set of actions to reduce probability of infections when accessing files supposed to be inoffensive. The aim of this study will try to help people and organizations by trying to set a toolbox where it can be possible to get some tools and techniques to assist in dealing with this kind of situations. A theoretical overview will be performed over other concepts such as Steganalysis, touching also Deep Learning and in Machine Learning to assess which is the range of its applicability in find solutions in detection and facing these situations. In addition, understanding the current main technologies, architectures and users’ hurdles will play an important role in designing and developing the proposed toolbox artifact

Covert channels in IoT deployments through data hiding techniques

Interconnected and always on devices are continuously and rapidly growing in number and, according to a study from Cisco, will be three times the number of humans on earth in 2021. Unfortunately, recent events such as the DDoS mounted using the Mirai botnet, have shown that the level of resilience to intrusion and hacking of these devices is far from optimal and puts the systems connected to the Internet of Things in serious danger. Among such systems, industrial systems that are now being integrated into the IoT ecosystem, have revealed to be weak against the threat coming from the IT world. Such previously inexistent scenario opens up to a plethora of new attack patterns leveraging previously unexploited techniques. Among these, we argue that convert channels built by leveraging information hiding techniques could be exploited. To this aim, this position paper introduces the usage of convert channels, built on information hiding techniques, in IoT scenarios