Unified Description for Network Information Hiding Methods

Until now hiding methods in network steganography have been described in arbitrary ways, making them difficult to compare. For instance, some publications describe classical channel characteristics, such as robustness and bandwidth, while others describe the embedding of hidden information. We introduce the first unified description of hiding methods in network steganography. Our description method is based on a comprehensive analysis of the existing publications in the domain. When our description method is applied by the research community, future publications will be easier to categorize, compare and extend. Our method can also serve as a basis to evaluate the novelty of hiding methods proposed in the future.Comment: 24 pages, 7 figures, 1 table; currently under revie

UPnp Port Manipulation as a Covert Channel

Port knocking traditionally has been a technique used from external connections to convey information to or request services from an internal private network [1]. UPnP as a standard allows for devices and services to open ports on network devices in order to enable functionality [2]. By combining these two techniques it is possible to port knock internally, opening ports for an intended viewer on an external network device. This paper proposes a covert channel using this technique to exfiltrate data or broadcast messages from a system behind a UPnP device to any Internet connected system

Flooding attacks to internet threat monitors (ITM): Modeling and counter measures using botnet and honeypots

The Internet Threat Monitoring (ITM),is a globally scoped Internet monitoring system whose goal is to measure, detect, characterize, and track threats such as distribute denial of service(DDoS) attacks and worms. To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address flooding attack against ITM system in which the attacker attempt to exhaust the network and ITM's resources, such as network bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. Based on this model we generalize the flooding attacks and propose an effective attack detection using Honeypots

BridgeSPA: A Single Packet Authorization System for Tor Bridges

Tor is a network designed for low-latency anonymous communications. Tor clients form circuits through relays that are listed in a public directory, and then relay their encrypted traffic through these circuits. This indirection makes it difficult for a local adversary to determine with whom a particular Tor user is communicating. Tor may also be used to circumvent regional Internet censorship, since the final hop of a user's connection can be in a different country. In response, some local adversaries restrict access to Tor by blocking each of the publicly listed relays. To deal with such an adversary, Tor uses bridges, which are unlisted relays that can be used as alternative entry points into the Tor network. Unfortunately, issues with Tor's bridge implementation make it easy to discover large numbers of bridges. This makes bridges easy to block. Also, an adversary that hoards this information may use it to determine when each bridge is online over time. If a bridge operator also browses with Tor on the same machine, this information may be sufficient to deanonymize him. We present BridgeSPA as a method to mitigate these issues. A client using BridgeSPA relies on innocuous single packet authorization (SPA) to present a time-limited key to a bridge. Before this authorization takes place, the bridge will not reveal whether it is online. We have implemented BridgeSPA as a working proof-of-concept for GNU/Linux systems. The implementation is available under a free licence. We have integrated our implementation to work in an OpenWRT environment. This enables BridgeSPA support for any client behind a deployed BridgeSPA OpenWRT router, no matter which operating system they are running

\u201cEvery Writer is Checked for Plagiarism\u201d: Occluded Authorship in Academic Writing

\u201cEvery Writer is Checked for Plagiarism\u201d: Occluded Authorship in Academic Writing This paper takes as its starting point the insights provided by Bhatia (2004), Bhatia / Gotti (2006) and Hyland (2000, 2002, 2005) to investigate the generic features of academic writing in connection with \u201cessay writing services\u201d. These services appear to be playing an ever-expanding role not only in undergraduate but also in postgraduate writing, with serious implications for the quality of higher education and the authenticity of the qualifications awarded by universities. An admixture of far-reaching technological innovation, wide-ranging social changes associated with globalization, and the rapid expansion of higher education appears to have led to the expansion of this phenomenon in academic writing. The paper highlights the discordance between the definition of various forms of plagiarism in academic writing in institutional discourse, and the description of these practices by online \u201cessay writing services\u201d that attempt to present them as legitimate and desirable. An analysis of the generic norms of this occluded discourse community provides evidence that practices once on the margins of the academic world appear to be gaining ground and making increasingly strident claims to legitimacy. In a sociolinguistic perspective, reference is made to Daniel Patrick Moynihan\u2019s 1993 essay on \u201cDefining Deviancy Down\u201d in which he argues that as social pathologies become more common, they tend to be reclassified and no longer seen as a form of deviancy, and this concept may also be applied to academic malpractice. The paper also attempts to cast light on \u201csecondary plagiarism\u201d in which the \u201cessay writing services\u201d that are paid to produce \u201coriginal work\u201d draw from an existing repertoire of material, thus infringing not only the norms laid down in the official academic discourse, but also the internal \u201ccode of conduct\u201d that is part of this occluded genre

An authentication protocol based on chaos and zero knowledge proof

Port Knocking is a method for authenticating clients through a closed stance firewall, and authorising their requested actions, enabling severs to offer services to authenticated clients, without opening ports on the firewall. Advances in port knocking have resulted in an increase in complexity in design, preventing port knocking solutions from realising their potential. This paper proposes a novel port knocking solution, named Crucible, which is a secure method of authentication, with high usability and features of stealth, allowing servers and services to remain hidden and protected. Crucible is a stateless solution, only requiring the client memorise a command, the server's IP and a chosen password. The solution is forwarded as a method for protecting servers against attacks ranging from port scans, to zero-day exploitation. To act as a random oracle for both client and server, cryptographic hashes were generated through chaotic systems