Unified Description for Network Information Hiding Methods

Until now hiding methods in network steganography have been described in arbitrary ways, making them difficult to compare. For instance, some publications describe classical channel characteristics, such as robustness and bandwidth, while others describe the embedding of hidden information. We introduce the first unified description of hiding methods in network steganography. Our description method is based on a comprehensive analysis of the existing publications in the domain. When our description method is applied by the research community, future publications will be easier to categorize, compare and extend. Our method can also serve as a basis to evaluate the novelty of hiding methods proposed in the future.Comment: 24 pages, 7 figures, 1 table; currently under revie

"The Good, The Bad And The Ugly": Evaluation of Wi-Fi Steganography

In this paper we propose a new method for the evaluation of network steganography algorithms based on the new concept of "the moving observer". We considered three levels of undetectability named: "good", "bad", and "ugly". To illustrate this method we chose Wi-Fi steganography as a solid family of information hiding protocols. We present the state of the art in this area covering well-known hiding techniques for 802.11 networks. "The moving observer" approach could help not only in the evaluation of steganographic algorithms, but also might be a starting point for a new detection system of network steganography. The concept of a new detection system, called MoveSteg, is explained in detail.Comment: 6 pages, 6 figures, to appear in Proc. of: ICNIT 2015 - 6th International Conference on Networking and Information Technology, Tokyo, Japan, November 5-6, 201

Hidden and Uncontrolled - On the Emergence of Network Steganographic Threats

Network steganography is the art of hiding secret information within innocent network transmissions. Recent findings indicate that novel malware is increasingly using network steganography. Similarly, other malicious activities can profit from network steganography, such as data leakage or the exchange of pedophile data. This paper provides an introduction to network steganography and highlights its potential application for harmful purposes. We discuss the issues related to countering network steganography in practice and provide an outlook on further research directions and problems.Comment: 11 page

Micro protocol engineering for unstructured carriers: On the embedding of steganographic control protocols into audio transmissions

Network steganography conceals the transfer of sensitive information within unobtrusive data in computer networks. So-called micro protocols are communication protocols placed within the payload of a network steganographic transfer. They enrich this transfer with features such as reliability, dynamic overlay routing, or performance optimization --- just to mention a few. We present different design approaches for the embedding of hidden channels with micro protocols in digitized audio signals under consideration of different requirements. On the basis of experimental results, our design approaches are compared, and introduced into a protocol engineering approach for micro protocols.Comment: 20 pages, 7 figures, 4 table

DYST (Did You See That?): An Amplified Covert Channel That Points To Previously Seen Data

Covert channels are unforeseen and stealthy communication channels that enable manifold adversary scenarios. However, they can also allow the exchange of confidential information by journalists. All covert channels described until now therefore need to craft seemingly legitimate information flows for their information exchange, mimicking unsuspicious behavior. In this paper, we present DYST, which represents a new class of covert channels we call history covert channels jointly with the new paradigm of covert channel amplification. History covert channels can communicate almost exclusively by pointing to unaltered legitimate traffic created by regular network nodes. Only a negligible fraction of the covert communication process requires the transfer of actual covert channel information by the covert channel's sender. This allows, for the first time, an amplification of the covert channel's message size, i.e., minimizing the fraction of actually transferred secret data by a covert channel's sender in relation to the overall secret data being exchanged. We extend the current taxonomy for covert channels to show how history channels can be categorized. We describe multiple scenarios in which history covert channels can be realized, theoretically analyze the characteristics of these channels and show how their configuration can be optimized for different implementations. We further evaluate the robustness and detectability of history covert channels.Comment: 18 pages, rev

Network Information Hiding and Science 2.0: Can it be a Match?

Science 2.0 aims at using the information sharingand collaborative features of the Internet to offer new featuresto the research community. Science 2.0 has been already appliedto computer sciences, especially bioinformatics. For networkinformation hiding, a field studying the possibility of concealing acommunication in networks, the application of Science 2.0 is stilla rather uncovered territory. To foster the discussion of potentialbenefits for network information hiding, we provide a disquisitionfor six different Science 2.0 aspects when applied to this domain