Emerging and unconventional: New Attacks and innovative detection techniques

Nowadays, security must face new and challenging scenarios, for instance, those exploiting cloud and fog computing, the Internet of Things (IoT), or complex frameworks for orchestrating botnets. Therefore, new attacks and innovative countermeasures should be investigated and this special issue focuses on how advancements provided by information and communication technologies influence modern cyberinfrastructures..

Information security methodology, replication studies and information security education

International audienc

Deducing User Presence from Inter-Message Intervals in Home Automation Systems

Part 10: PrivacyInternational audiencePrivacy in Home Automation Systems is a topic of increasing importance, as the number of installed systems constantly grows. In this paper we investigate the ability of an outside observer to link sets of message timestamps together to predict user presence and absence. The question we try to answer is: If attacker Eve has captured 1 hour of traffic from victim Alice’s HAS and knows whether Alice was present at that time, can Eve deduce Alice’s state by capturing another hour of traffic? We apply different statistical tests and show that in certain situations, the attacker can infer the user’s presence state with absolute confidence

The Bergen proton CT system

The Bergen proton Computed Tomography (pCT) is a prototype detector under construction. It aims to have the capability to track and measure ions’ energy deposition to minimize uncertainty in proton treatment planning. It is a high granularity digital tracking calorimeter, where the first two layers will act as tracking layers to obtain positional information of the incoming particle. The remainder of the detector will act as a calorimeter. Beam tests have been performed with multiple beams. These tests have shown that the ALPIDE chip sensor can measure the deposited energy, making it possible for the sensors to distinguish between the tracks in the Digital Tracking Calorimeter (DTC)

POSTER: An educational network protocol for covert channel analysis using patterns

The utilization of information hiding is on the rise among cybercriminals, e.g. to cloak the communication of malicious software as well as by ordinary users for privacy-enhancing purposes. A recent trend is to use network traffic in form of covert channels to convey secrets. In result, security expert training is incomplete if these aspects are not covered. This paper fills this gap by providing a method for teaching covert channel analysis of network protocols. We define a sample protocol called Covert Channel Educational Analysis Protocol (CCEAP) that can be used in didactic environments. Compared to previous works we lower the barrier for understanding network covert channels by eliminating the requirement for students to understand several network protocols in advance and by focusing on so-called hiding patterns

Systematic engineering of control protocols for covert channels

Within the last years, new techniques for network covert channels arose, such as covert channel overlay networking, protocol switching covert channels, and adaptive covert channels. These techniques have in common that they rely on covert channel-internal control protocols (so called micro protocols) placed within the hidden bits of a covert channel’s payload. An adaptable approach for the engineering of such micro protocols is not available. This paper introduces a protocol engineering technique for micro protocols. We present a two-layer system comprising six steps to create a micro protocol design. The approach tries to combine different goals: (1) simplicity, (2) ensuring a standard-conform behaviour of the underlying protocol if the micro protocol is used within a binary protocol header, as well as we provide an optimization technique to (3) raise as little attention as possible. We apply a context-free and regular grammar to analyze the micro protocol’s behavior within the context of the underlying network protocol

Detecting protocol switching covert channels

Network covert channels enable hidden communication and can be used to break security policies. Within the last years, new techniques for such covert channels arose, including protocol switching covert channels (PSCCs). PSCCs transfer hidden information by sending network packets with different selected network protocols. In this paper we present the first detection methods for PSCCs. We show that the number of packets between network protocol switches and the time between switches can be monitored to detect PSCCs with 98-99% accuracy for bit rates of 4 bits/second or higher

Hidden and under control

Network covert channels are policy-breaking and stealthy communication channels in computer networks. These channels can be used to bypass Internet censorship, to exfiltrate data without raising attention, to allow a safe and stealthy communication for members of political oppositions and for spies, to hide the communication of military units at the battlefield from the enemy, and to provide stealthy communication for today's malware, especially for botnets. To enhance network covert channels, researchers started to add protocol headers, so-called micro-protocols, to hidden payload in covert channels. Such protocol headers enable fundamental features such as reliability, dynamic routing, proxy capabilities, simultaneous connections, or session management for network covert channels-features which enrich future botnet communications to become more adaptive and more stealthy than nowadays. In this survey, we provide the first overview and categorization of existing micro-protocols. We compare micro-protocol features and present currently uncovered research directions for these protocols. Afterwards, we discuss the significance and the existing means for micro-protocol engineering. Based on our findings, we propose further research directions for micro-protocols. These features include to introduce multi-layer protocol stacks, peer auto-configuration, and peer group communication based on micro-protocols, as well as to develop protocol translation in order to achieve inter-connectivity for currently separated overlay networks