Secure covert communications over streaming media using dynamic steganography

Streaming technologies such as VoIP are widely embedded into commercial and industrial applications, so it is imperative to address data security issues before the problems get really serious. This thesis describes a theoretical and experimental investigation of secure covert communications over streaming media using dynamic steganography. A covert VoIP communications system was developed in C++ to enable the implementation of the work being carried out. A new information theoretical model of secure covert communications over streaming media was constructed to depict the security scenarios in streaming media-based steganographic systems with passive attacks. The model involves a stochastic process that models an information source for covert VoIP communications and the theory of hypothesis testing that analyses the adversary‘s detection performance. The potential of hardware-based true random key generation and chaotic interval selection for innovative applications in covert VoIP communications was explored. Using the read time stamp counter of CPU as an entropy source was designed to generate true random numbers as secret keys for streaming media steganography. A novel interval selection algorithm was devised to choose randomly data embedding locations in VoIP streams using random sequences generated from achaotic process. A dynamic key updating and transmission based steganographic algorithm that includes a one-way cryptographical accumulator integrated into dynamic key exchange for covert VoIP communications, was devised to provide secure key exchange for covert communications over streaming media. The discrete logarithm problem in mathematics and steganalysis using t-test revealed the algorithm has the advantage of being the most solid method of key distribution over a public channel. The effectiveness of the new steganographic algorithm for covert communications over streaming media was examined by means of security analysis, steganalysis using non parameter Mann-Whitney-Wilcoxon statistical testing, and performance and robustness measurements. The algorithm achieved the average data embedding rate of 800 bps, comparable to other related algorithms. The results indicated that the algorithm has no or little impact on real-time VoIP communications in terms of speech quality (< 5% change in PESQ with hidden data), signal distortion (6% change in SNR after steganography) and imperceptibility, and it is more secure and effective in addressing the security problems than other related algorithms

Steganography and steganalysis: data hiding in Vorbis audio streams

The goal of the current work is to introduce ourselves in the world of steganography and steganalysis, centering our efforts in acoustic signals, a branch of steganography and steganalysis which has received much less attention than steganography and steganalysis for images. With this purpose in mind, it’s essential to get first a basic level of understanding of signal theory and the properties of the Human Auditory System, and we will dedicate ourselves to that aim during the first part of this work. Once established those basis, in the second part, we will obtain a precise image of the state of the art in steganographic and steganalytic sciences, from which we will be able to establish or deduce some good practices guides. With both previous subjects in mind, we will be able to create, design and implement a stego-system over Vorbis audio codec and, finally, as conclusion, analyze it using the principles studied during the first and second parts

Towards a Collection of Security and Privacy Patterns

Security and privacy (SP)-related challenges constitute a significant barrier to the wider adoption of Internet of Things (IoT)/Industrial IoT (IIoT) devices and the associated novel applications and services. In this context, patterns, which are constructs encoding re-usable solutions to common problems and building blocks to architectures, can be an asset in alleviating said barrier. More specifically, patterns can be used to encode dependencies between SP properties of individual smart objects and corresponding properties of orchestrations (compositions) involving them, facilitating the design of IoT solutions that are secure and privacy-aware by design. Motivated by the above, this work presents a survey and taxonomy of SP patterns towards the creation of a usable pattern collection. The aim is to enable decomposition of higher-level properties to more specific ones, matching them to relevant patterns, while also creating a comprehensive overview of security- and privacy-related properties and sub-properties that are of interest in IoT/IIoT environments. To this end, the identified patterns are organized using a hierarchical taxonomy that allows their classification based on provided property, context, and generality, while also showing the relationships between them. The two high-level properties, Security and Privacy, are decomposed to a first layer of lower-level sub-properties such as confidentiality and anonymity. The lower layers of the taxonomy, then, include implementation-level enablers. The coverage that these patterns offer in terms of the considered properties, data states (data in transit, at rest, and in process), and platform connectivity cases (within the same IoT platform and across different IoT platforms) is also highlighted. Furthermore, pointers to extensions of the pattern collection to include additional patterns and properties, including Dependability and Interoperability, are given. Finally, to showcase the use of the presented pattern collection, a practical application is detailed, involving the pattern-driven composition of IoT/IIoT orchestrations with SP property guarantees

Tatouage robuste d’images imprimées

Invisible watermarking for ID images printed on plastic card support is a challenging problem that interests the industrial world. In this study, we developed a watermarking algorithm robust to various attacks present in this case. These attacks are mainly related to the print/scan process on the plastic support and the degradations that an ID card can encounter along its lifetime. The watermarking scheme operates in the Fourier domain as this transform has invariance properties against global geometrical transformations. A preventive method consists of pre-processing the host image before the embedding process that reduces the variance of the embeddable vector. A curative method comprises two counterattacks dealing with blurring and color variations. For a false alarm probability of 10⁻⁴, we obtained an average improvement of 22% over the reference method when only preventative method is used. The combination of the preventive and curative methods leads to a detection rate greater than 99%. The detection algorithm takes less than 1 second for a 512×512 image with a conventional computer, which is compatible with the industrial application in question.Le tatouage invisible d’images d’identité imprimées sur un support en plastique est un problème difficile qui intéresse le monde industriel. Dans cette étude, nous avons développé un algorithme de tatouage robuste aux diverses attaques présentes dans ce cas. Ces attaques sont liées aux processus d’impression/numérisation sur le support plastique ainsi qu’aux dégradations qu’une carte plastique peut rencontrer le long de sa durée de vie. La méthode de tatouage opère dans le domaine de Fourier car cette transformée présente des propriétés d’invariances aux attaques géométriques globales. Une méthode préventive consiste en un prétraitement de l’image originale avant le processus d’insertion qui réduit la variance du vecteur support de la marque. Une méthode corrective comporte deux contre-attaques corrigeant le flou et les variations colorimétriques. Pour une probabilité de fausse alarme de 10⁻⁴, nous avons obtenu une amélioration moyenne de 22% par rapport à la méthode de référence lorsque seule la méthode préventive est utilisée. La combinaison de la méthode préventive avec la méthode corrective correspond à un taux de détection supérieur à 99%. L’algorithme de détection prends moins de 1 seconde pour à une image de 512×512 pixels avec un ordinateur classique ce qui est compatible avec l’application industrielle visée