-
SHAH: Hash Function based on Irregularly Decimated Chaotic Map
Authors:
Mihaela Todorova,
Borislav Stoyanov,
Krzysztof Szczypiorski,
Krasimir Kordov
Abstract:
In this paper, we propose a novel hash function based on irregularly decimated chaotic map. The hash function called SHAH is based on two Tinkerbell maps filtered with irregular decimation rule. Exact study has been provided on the novel scheme using distribution analysis, sensitivity analysis, static analysis of diffusion and confusion, and collision analysis. The experimental data show that SHAH…
▽ More
In this paper, we propose a novel hash function based on irregularly decimated chaotic map. The hash function called SHAH is based on two Tinkerbell maps filtered with irregular decimation rule. Exact study has been provided on the novel scheme using distribution analysis, sensitivity analysis, static analysis of diffusion and confusion, and collision analysis. The experimental data show that SHAH satisfied admirable level of security.
△ Less
Submitted 19 August, 2018; v1 submitted 29 July, 2018;
originally announced August 2018.
-
SocialStegDisc: Application of steganography in social networks to create a file system
Authors:
Jedrzej Bieniasz,
Krzysztof Szczypiorski
Abstract:
The concept named SocialStegDisc was introduced as an application of the original idea of StegHash method. This new kind of mass-storage was characterized by unlimited space. The design also attempted to improve the operation of StegHash by trade-off between memory requirements and computation time. Applying the mechanism of linked list provided the set of operations on files: creation, reading, d…
▽ More
The concept named SocialStegDisc was introduced as an application of the original idea of StegHash method. This new kind of mass-storage was characterized by unlimited space. The design also attempted to improve the operation of StegHash by trade-off between memory requirements and computation time. Applying the mechanism of linked list provided the set of operations on files: creation, reading, deletion and modification. Features, limitations and opportunities were discussed.
△ Less
Submitted 29 June, 2017;
originally announced June 2017.
-
StegIbiza: Steganography in Club Music Implemented in Python
Authors:
Krzysztof Szczypiorski,
Wojciech Zydecki
Abstract:
This paper introduces the implementation of steganography method called StegIbiza, which uses tempo modulation as hidden message carrier. With the use of Python scripting language, a bit string was encoded and decoded using WAV and MP3 files. Once the message was hidden into a music files, an internet radio was created to evaluate broadcast possibilities. No dedicated music or signal processing eq…
▽ More
This paper introduces the implementation of steganography method called StegIbiza, which uses tempo modulation as hidden message carrier. With the use of Python scripting language, a bit string was encoded and decoded using WAV and MP3 files. Once the message was hidden into a music files, an internet radio was created to evaluate broadcast possibilities. No dedicated music or signal processing equipment was used in this StegIbiza implementation
△ Less
Submitted 22 May, 2017;
originally announced May 2017.
-
Yet Another Pseudorandom Number Generator
Authors:
Borislav Stoyanov,
Krzysztof Szczypiorski,
Krasimir Kordov
Abstract:
We propose a novel pseudorandom number generator based on Rössler attractor and bent Boolean function. We estimated the output bits properties by number of statistical tests. The results of the cryptanalysis show that the new pseudorandom number generation scheme provides a high level of data security.
We propose a novel pseudorandom number generator based on Rössler attractor and bent Boolean function. We estimated the output bits properties by number of statistical tests. The results of the cryptanalysis show that the new pseudorandom number generation scheme provides a high level of data security.
△ Less
Submitted 24 February, 2017;
originally announced February 2017.
-
StegHash: New Method for Information Hiding in Open Social Networks
Authors:
Krzysztof Szczypiorski
Abstract:
In this paper a new method for information hiding in open social networks is introduced. The method, called StegHash, is based on the use of hashtags in various open social networks to connect multimedia files (like images, movies, songs) with embedded hidden messages. The evaluation of the system was performed on two social media services (Twitter and Instagram) with a simple environment as a pro…
▽ More
In this paper a new method for information hiding in open social networks is introduced. The method, called StegHash, is based on the use of hashtags in various open social networks to connect multimedia files (like images, movies, songs) with embedded hidden messages. The evaluation of the system was performed on two social media services (Twitter and Instagram) with a simple environment as a proof of concept. The experiments proved that the initial idea was correct, thus the proposed system could create a completely new area of threats in social networks.
△ Less
Submitted 1 November, 2016;
originally announced November 2016.
-
MoveSteg: A Method of Network Steganography Detection
Authors:
Krzysztof Szczypiorski,
Tomasz Tyl
Abstract:
This article presents a new method for detecting a source point of time based network steganography - MoveSteg. A steganography carrier could be an example of multimedia stream made with packets. These packets are then delayed intentionally to send hidden information using time based steganography methods. The presented analysis describes a method that allows finding the source of steganography st…
▽ More
This article presents a new method for detecting a source point of time based network steganography - MoveSteg. A steganography carrier could be an example of multimedia stream made with packets. These packets are then delayed intentionally to send hidden information using time based steganography methods. The presented analysis describes a method that allows finding the source of steganography stream in network that is under our management.
△ Less
Submitted 6 October, 2016;
originally announced October 2016.
-
YouSkyde: Information Hiding for Skype Video Traffic
Authors:
Wojciech Mazurczyk,
Maciej Karas,
Krzysztof Szczypiorski,
Artur Janicki
Abstract:
In this paper a new information hiding method for Skype videoconference calls - YouSkyde - is introduced. A Skype traffic analysis revealed that introducing intentional losses into the Skype video traffic stream to provide the means for clandestine communication is the most favourable solution. A YouSkyde proof-of-concept implementation was carried out and its experimental evaluation is presented.…
▽ More
In this paper a new information hiding method for Skype videoconference calls - YouSkyde - is introduced. A Skype traffic analysis revealed that introducing intentional losses into the Skype video traffic stream to provide the means for clandestine communication is the most favourable solution. A YouSkyde proof-of-concept implementation was carried out and its experimental evaluation is presented. The results obtained prove that the proposed method is feasible and offer a steganographic bandwidth as high as 0.93 kbps, while introducing negligible distortions into transmission quality and providing high undetectability.
△ Less
Submitted 25 August, 2016;
originally announced August 2016.
-
StegIbiza: New Method for Information Hiding in Club Music
Authors:
Krzysztof Szczypiorski
Abstract:
In this paper a new method for information hiding in club music is introduced. The method called StegIbiza is based on using the music tempo as a carrier. The tempo is modulated by hidden messages with a 3-value coding scheme, which is an adoption of Morse code for StegIbiza. The evaluation of the system was performed for several music samples (with and without StegIbiza enabled) on a selected gro…
▽ More
In this paper a new method for information hiding in club music is introduced. The method called StegIbiza is based on using the music tempo as a carrier. The tempo is modulated by hidden messages with a 3-value coding scheme, which is an adoption of Morse code for StegIbiza. The evaluation of the system was performed for several music samples (with and without StegIbiza enabled) on a selected group of testers who had a music background. Finally, for the worst case scenario, none of them could identify any differences in the audio with a 1% margin of changed tempo.
△ Less
Submitted 9 August, 2016;
originally announced August 2016.
-
"The Good, The Bad And The Ugly": Evaluation of Wi-Fi Steganography
Authors:
Krzysztof Szczypiorski,
Artur Janicki,
Steffen Wendzel
Abstract:
In this paper we propose a new method for the evaluation of network steganography algorithms based on the new concept of "the moving observer". We considered three levels of undetectability named: "good", "bad", and "ugly". To illustrate this method we chose Wi-Fi steganography as a solid family of information hiding protocols. We present the state of the art in this area covering well-known hidin…
▽ More
In this paper we propose a new method for the evaluation of network steganography algorithms based on the new concept of "the moving observer". We considered three levels of undetectability named: "good", "bad", and "ugly". To illustrate this method we chose Wi-Fi steganography as a solid family of information hiding protocols. We present the state of the art in this area covering well-known hiding techniques for 802.11 networks. "The moving observer" approach could help not only in the evaluation of steganographic algorithms, but also might be a starting point for a new detection system of network steganography. The concept of a new detection system, called MoveSteg, is explained in detail.
△ Less
Submitted 9 September, 2015; v1 submitted 20 August, 2015;
originally announced August 2015.
-
StegBlocks: ensuring perfect undetectability of network steganography
Authors:
Wojciech Fraczek,
Krzysztof Szczypiorski
Abstract:
The paper presents StegBlocks, which defines a new concept for performing undetectable hidden communication. StegBlocks is a general approach for constructing methods of network steganography. In StegBlocks, one has to determine objects with defined properties which will be used to transfer hidden messages. The objects are dependent on a specific network protocol (or application) used as a carrier…
▽ More
The paper presents StegBlocks, which defines a new concept for performing undetectable hidden communication. StegBlocks is a general approach for constructing methods of network steganography. In StegBlocks, one has to determine objects with defined properties which will be used to transfer hidden messages. The objects are dependent on a specific network protocol (or application) used as a carrier for a given network steganography method. Moreover, the paper presents the approach to perfect undetectability of network steganography, which was developed based on the rules of undetectability for general steganography. The approach to undetectability of network steganography was used to show the possibility of develo** perfectly undetectable network steganography methods using the StegBlocks concept.
△ Less
Submitted 7 June, 2015;
originally announced June 2015.
-
Using Facebook for Image Steganography
Authors:
Jason Hiney,
Tejas Dakve,
Krzysztof Szczypiorski,
Kris Gaj
Abstract:
Because Facebook is available on hundreds of millions of desktop and mobile computing platforms around the world and because it is available on many different kinds of platforms (from desktops and laptops running Windows, Unix, or OS X to hand held devices running iOS, Android, or Windows Phone), it would seem to be the perfect place to conduct steganography. On Facebook, information hidden in ima…
▽ More
Because Facebook is available on hundreds of millions of desktop and mobile computing platforms around the world and because it is available on many different kinds of platforms (from desktops and laptops running Windows, Unix, or OS X to hand held devices running iOS, Android, or Windows Phone), it would seem to be the perfect place to conduct steganography. On Facebook, information hidden in image files will be further obscured within the millions of pictures and other images posted and transmitted daily. Facebook is known to alter and compress uploaded images so they use minimum space and bandwidth when displayed on Facebook pages. The compression process generally disrupts attempts to use Facebook for image steganography. This paper explores a method to minimize the disruption so JPEG images can be used as steganography carriers on Facebook.
△ Less
Submitted 5 June, 2015;
originally announced June 2015.
-
On Importance of Steganographic Cost For Network Steganography
Authors:
Wojciech Mazurczyk,
Steffen Wendzel,
Ignacio Azagra Villares,
Krzysztof Szczypiorski
Abstract:
Network steganography encompasses the information hiding techniques that can be applied in communication network environments and that utilize hidden data carriers for this purpose. In this paper we introduce a characteristic called steganographic cost which is an indicator for the degradation or distortion of the carrier caused by the application of the steganographic method. Based on exemplary c…
▽ More
Network steganography encompasses the information hiding techniques that can be applied in communication network environments and that utilize hidden data carriers for this purpose. In this paper we introduce a characteristic called steganographic cost which is an indicator for the degradation or distortion of the carrier caused by the application of the steganographic method. Based on exemplary cases for single- and multi-method steganographic cost analyses we observe that it can be an important characteristic that allows to express hidden data carrier degradation - similarly as MSE (Mean-Square Error) or PSNR (Peak Signal-to-Noise Ratio) are utilized for digital media steganography. Steganographic cost can moreover be helpful to analyse the relationships between two or more steganographic methods applied to the same hidden data carrier.
△ Less
Submitted 10 June, 2014;
originally announced June 2014.
-
Improving Hard Disk Contention-based Covert Channel in Cloud Computing Environment
Authors:
Bartosz Lipinski,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
Steganographic methods allow the covert exchange of secret data between parties aware of the procedure. The cloud computing environment is a new and hot target for steganographers, and currently not many solutions have been proposed. This paper proposes CloudSteg which is a steganographic method that allows the creation of a covert channel based on hard disk contention between the two cloud instan…
▽ More
Steganographic methods allow the covert exchange of secret data between parties aware of the procedure. The cloud computing environment is a new and hot target for steganographers, and currently not many solutions have been proposed. This paper proposes CloudSteg which is a steganographic method that allows the creation of a covert channel based on hard disk contention between the two cloud instances that reside on the same physical machine. Experimental results conducted using open source cloud environment OpenStack, show that CloudSteg is able to achieve a bandwidth of about 0.1 bps which is 1000 times higher than is known from the state-of-the-art version.
△ Less
Submitted 2 February, 2014;
originally announced February 2014.
-
StegTorrent: a Steganographic Method for the P2P File Sharing Service
Authors:
Pawel Kopiczko,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
The paper proposes StegTorrent a new network steganographic method for the popular P2P file transfer service-BitTorrent. It is based on modifying the order of data packets in the peer-peer data exchange protocol. Unlike other existing steganographic methods that modify the packets' order it does not require any synchronization. Experimental results acquired from prototype implementation proved tha…
▽ More
The paper proposes StegTorrent a new network steganographic method for the popular P2P file transfer service-BitTorrent. It is based on modifying the order of data packets in the peer-peer data exchange protocol. Unlike other existing steganographic methods that modify the packets' order it does not require any synchronization. Experimental results acquired from prototype implementation proved that it provides high steganographic bandwidth of up to 270 b/s while introducing little transmission distortion and providing difficult detectability.
△ Less
Submitted 18 March, 2013;
originally announced March 2013.
-
SkyDe: a Skype-based Steganographic Method
Authors:
Wojciech Mazurczyk,
Maciej Karas,
Krzysztof Szczypiorski
Abstract:
This paper introduces SkyDe (Skype Hide), a new steganographic method that utilizes Skype encrypted packets with silence to provide the means for clandestine communication. It is possible to reuse packets that do not carry voice signals for steganographic purposes because Skype does not use any silence suppression mechanism. The method's proof-of-concept implementation and first experimental resul…
▽ More
This paper introduces SkyDe (Skype Hide), a new steganographic method that utilizes Skype encrypted packets with silence to provide the means for clandestine communication. It is possible to reuse packets that do not carry voice signals for steganographic purposes because Skype does not use any silence suppression mechanism. The method's proof-of-concept implementation and first experimental results are presented. They prove that the method is feasible and offers steganographic bandwidth as high as 2.8 kbps.
△ Less
Submitted 16 January, 2013;
originally announced January 2013.
-
Steganalysis of Transcoding Steganography
Authors:
Artur Janicki,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
TranSteg (Trancoding Steganography) is a fairly new IP telephony steganographic method that functions by compressing overt (voice) data to make space for the steganogram by means of transcoding. It offers high steganographic bandwidth, retains good voice quality and is generally harder to detect than other existing VoIP steganographic methods. In TranSteg, after the steganogram reaches the receive…
▽ More
TranSteg (Trancoding Steganography) is a fairly new IP telephony steganographic method that functions by compressing overt (voice) data to make space for the steganogram by means of transcoding. It offers high steganographic bandwidth, retains good voice quality and is generally harder to detect than other existing VoIP steganographic methods. In TranSteg, after the steganogram reaches the receiver, the hidden information is extracted and the speech data is practically restored to what was originally sent. This is a huge advantage compared with other existing VoIP steganographic methods, where the hidden data can be extracted and removed but the original data cannot be restored because it was previously erased due to a hidden data insertion process. In this paper we address the issue of steganalysis of TranSteg. Various TranSteg scenarios and possibilities of warden(s) localization are analyzed with regards to the TranSteg detection. A steganalysis method based on MFCC (Mel-Frequency Cepstral Coefficients) parameters and GMMs (Gaussian Mixture Models) was developed and tested for various overt/covert codec pairs in a single warden scenario with double transcoding. The proposed method allowed for efficient detection of some codec pairs (e.g., G.711/G.729), whilst some others remained more resistant to detection (e.g., iLBC/AMR).
△ Less
Submitted 22 October, 2012;
originally announced October 2012.
-
Towards Steganography Detection Through Network Traffic Visualisation
Authors:
Wojciech Mazurczyk,
Krzysztof Szczypiorski,
Bartosz Jankowski
Abstract:
The paper presents initial step toward new network anomaly detection method that is based on traffic visualisation. The key design principle of the proposed approach is the lack of direct, linear time dependencies for the created network traffic visualisations. The method's feasibility is demonstrated in network steganography environment by presenting steg-tomography methodology and develo** the…
▽ More
The paper presents initial step toward new network anomaly detection method that is based on traffic visualisation. The key design principle of the proposed approach is the lack of direct, linear time dependencies for the created network traffic visualisations. The method's feasibility is demonstrated in network steganography environment by presenting steg-tomography methodology and develo** the dedicated visualisation tool. To authors' best knowledge this is the first utilization of network traffic visualisations for steganalysis purposes.
△ Less
Submitted 14 August, 2012;
originally announced August 2012.
-
Principles and Overview of Network Steganography
Authors:
Jozef Lubacz,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
The paper presents basic principles of network steganography, which is a comparatively new research subject in the area of information hiding, followed by a concise overview and classification of network steganographic methods and techniques.
The paper presents basic principles of network steganography, which is a comparatively new research subject in the area of information hiding, followed by a concise overview and classification of network steganographic methods and techniques.
△ Less
Submitted 4 July, 2012;
originally announced July 2012.
-
Development Trends in Steganography
Authors:
Elzbieta Zielinska,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
Steganography is a general term referring to all methods for the embedding of additional secret content into some form of carrier, with the aim of concealment of the introduced alterations. The choice of the carrier is nearly unlimited, it may be an ancient piece of parchment, as well as a network protocol header. Inspired by biological phenomena, adopted by man in the ancient times, it has been d…
▽ More
Steganography is a general term referring to all methods for the embedding of additional secret content into some form of carrier, with the aim of concealment of the introduced alterations. The choice of the carrier is nearly unlimited, it may be an ancient piece of parchment, as well as a network protocol header. Inspired by biological phenomena, adopted by man in the ancient times, it has been developed over the ages. Present day steganographic methods are far more sophisticated than their ancient predecessors, but the main principles have remained unchanged. They typically rely on the utilization of digital media files or network protocols as a carrier, in which secret data is embedded. This paper presents the evolution of the hidden data carrier from the ancient times till the present day and pinpoints the observed development trends, with special emphasis on network steganography.
△ Less
Submitted 30 July, 2013; v1 submitted 23 February, 2012;
originally announced February 2012.
-
Influence of Speech Codecs Selection on Transcoding Steganography
Authors:
Artur Janicki,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
The typical approach to steganography is to compress the covert data in order to limit its size, which is reasonable in the context of a limited steganographic bandwidth. TranSteg (Trancoding Steganography) is a new IP telephony steganographic method that was recently proposed that offers high steganographic bandwidth while retaining good voice quality. In TranSteg, compression of the overt data i…
▽ More
The typical approach to steganography is to compress the covert data in order to limit its size, which is reasonable in the context of a limited steganographic bandwidth. TranSteg (Trancoding Steganography) is a new IP telephony steganographic method that was recently proposed that offers high steganographic bandwidth while retaining good voice quality. In TranSteg, compression of the overt data is used to make space for the steganogram. In this paper we focus on analyzing the influence of the selection of speech codecs on hidden transmission performance, that is, which codecs would be the most advantageous ones for TranSteg. Therefore, by considering the codecs which are currently most popular for IP telephony we aim to find out which codecs should be chosen for transcoding to minimize the negative influence on voice quality while maximizing the obtained steganographic bandwidth.
△ Less
Submitted 30 January, 2012;
originally announced January 2012.
-
Using Transcoding for Hidden Communication in IP Telephony
Authors:
Wojciech Mazurczyk,
Pawel Szaga,
Krzysztof Szczypiorski
Abstract:
The paper presents a new steganographic method for IP telephony called TranSteg (Transcoding Steganography). Typically, in steganographic communication it is advised for covert data to be compressed in order to limit its size. In TranSteg it is the overt data that is compressed to make space for the steganogram. The main innovation of TranSteg is to, for a chosen voice stream, find a codec that wi…
▽ More
The paper presents a new steganographic method for IP telephony called TranSteg (Transcoding Steganography). Typically, in steganographic communication it is advised for covert data to be compressed in order to limit its size. In TranSteg it is the overt data that is compressed to make space for the steganogram. The main innovation of TranSteg is to, for a chosen voice stream, find a codec that will result in a similar voice quality but smaller voice payload size than the originally selected. Then, the voice stream is transcoded. At this step the original voice payload size is intentionally unaltered and the change of the codec is not indicated. Instead, after placing the transcoded voice payload, the remaining free space is filled with hidden data. TranSteg proof of concept implementation was designed and developed. The obtained experimental results are enclosed in this paper. They prove that the proposed method is feasible and offers a high steganographic bandwidth. TranSteg detection is difficult to perform when performing inspection in a single network localisation.
△ Less
Submitted 4 November, 2011;
originally announced November 2011.
-
Direct Sequence Spread Spectrum Steganographic Scheme for IEEE 802.15.4
Authors:
Elzbieta Zielinska,
Krzysztof Szczypiorski
Abstract:
This work addresses the issues related to network steganography in IEEE 802.15.4 Wireless Personal Area Networks (WPAN). The proposed communication scheme employs illicit Direct Sequence Spread Spectrum code sequences for the transmission of steganographic data. The presented approach is a compromise between minimising the probability of covert channel disclosure and providing robustness against r…
▽ More
This work addresses the issues related to network steganography in IEEE 802.15.4 Wireless Personal Area Networks (WPAN). The proposed communication scheme employs illicit Direct Sequence Spread Spectrum code sequences for the transmission of steganographic data. The presented approach is a compromise between minimising the probability of covert channel disclosure and providing robustness against random errors and a high steganographic data rate. The conducted analyses show that it is possible to create a covert channel with a data rate comparable to the raw data rate of IEEE 802.15.4 without much impact on the perceived receiver sensitivity, the Chip Error Rate and the Bit Error Rate.
△ Less
Submitted 21 July, 2011;
originally announced July 2011.
-
Is Cloud Computing Steganography-proof?
Authors:
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
The paper focuses on characterisation of information hiding possibilities in Cloud Computing. After general introduction to cloud computing and its security we move to brief description of steganography. In particular we introduce classification of steganographic communication scenarios in cloud computing which is based on location of the steganograms receiver. These scenarios as well as the threa…
▽ More
The paper focuses on characterisation of information hiding possibilities in Cloud Computing. After general introduction to cloud computing and its security we move to brief description of steganography. In particular we introduce classification of steganographic communication scenarios in cloud computing which is based on location of the steganograms receiver. These scenarios as well as the threats that steganographic methods can cause must be taken into account when designing secure cloud computing services.
△ Less
Submitted 20 July, 2011;
originally announced July 2011.
-
How Hidden Can Be Even More Hidden?
Authors:
Wojciech Fraczek,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
The paper presents Deep Hiding Techniques (DHTs) that define general techniques that can be applied to every network steganography method to improve its undetectability and make steganogram extraction harder to perform. We define five groups of techniques that can make steganogram less susceptible to detection and extraction. For each of the presented group, examples of the usage are provided base…
▽ More
The paper presents Deep Hiding Techniques (DHTs) that define general techniques that can be applied to every network steganography method to improve its undetectability and make steganogram extraction harder to perform. We define five groups of techniques that can make steganogram less susceptible to detection and extraction. For each of the presented group, examples of the usage are provided based on existing network steganography methods. To authors' best knowledge presented approach is the first attempt in the state of the art to systematically describe general solutions that can make steganographic communication more hidden and steganogram extraction harder to perform.
△ Less
Submitted 20 July, 2011;
originally announced July 2011.
-
Sending Hidden Data via Google Suggest
Authors:
Piotr Bialczak,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
Google Suggest is a service incorporated within Google Web Search which was created to help user find the right search phrase by proposing the autocompleting popular phrases while ty**. The paper presents a new network steganography method called StegSuggest which utilizes suggestions generated by Google Suggest as a hidden data carrier. The detailed description of the method's idea is backed up…
▽ More
Google Suggest is a service incorporated within Google Web Search which was created to help user find the right search phrase by proposing the autocompleting popular phrases while ty**. The paper presents a new network steganography method called StegSuggest which utilizes suggestions generated by Google Suggest as a hidden data carrier. The detailed description of the method's idea is backed up with the analysis of the network traffic generated by the Google Suggest to prove its feasibility. The traffic analysis was also performed to discover the occurrence of two TCP options: Window Scale and Timestamp which StegSuggest uses to operate. Estimation of method steganographic bandwidth proves that it is possible to insert 100 bits of steganogram into every suggestions list sent by Google Suggest service.
△ Less
Submitted 20 July, 2011;
originally announced July 2011.
-
Hiding Information in a Stream Control Transmission Protocol
Authors:
Wojciech Fraczek,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
The STCP (Stream Control Transmission Protocol) is a candidate for a new transport layer protocol that may replace the TCP (Transmission Control Protocol) and the UDP (User Datagram Protocol) protocols in future IP networks. Currently, the SCTP is implemented in, or can be added to, many popular operating systems (Windows, BSD, Linux, HPUX or Sun Solaris). This paper identifies and presents all po…
▽ More
The STCP (Stream Control Transmission Protocol) is a candidate for a new transport layer protocol that may replace the TCP (Transmission Control Protocol) and the UDP (User Datagram Protocol) protocols in future IP networks. Currently, the SCTP is implemented in, or can be added to, many popular operating systems (Windows, BSD, Linux, HPUX or Sun Solaris). This paper identifies and presents all possible "places" where hidden information can be exchanged using an SCTP. The paper focuses mostly on proposing new steganographic methods that can be applied to an SCTP and that can utilise new, characteristic SCTP features, such as multi-homing and multi-streaming. Moreover, for each method, the countermeasure is covered. When used with malicious intent, a method may pose a threat to network security. Knowledge about potential SCTP steganographic methods may be used as a supplement to RFC5062, which describes security attacks in an SCTP protocol. Presented in this paper is a complete analysis of information hiding in an SCTP, and this analysis can be treated as a "guide" when develo** steganalysis (detection) tools.
△ Less
Submitted 17 April, 2011;
originally announced April 2011.
-
PadSteg: Introducing Inter-Protocol Steganography
Authors:
Bartosz Jankowski,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
Hiding information in network traffic may lead to leakage of confidential information. In this paper we introduce a new steganographic system: the PadSteg (Padding Steganography). To authors' best knowledge it is the first information hiding solution which represents inter-protocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communicati…
▽ More
Hiding information in network traffic may lead to leakage of confidential information. In this paper we introduce a new steganographic system: the PadSteg (Padding Steganography). To authors' best knowledge it is the first information hiding solution which represents inter-protocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communication. PadSteg utilizes ARP and TCP protocols together with an Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret communication for hidden groups in LANs (Local Area Networks). Basing on real network traces we confirm that PadSteg is feasible in today's networks and we estimate what steganographic bandwidth is achievable while limiting the chance of disclosure. We also point at possible countermeasures against PadSteg.
△ Less
Submitted 3 April, 2011;
originally announced April 2011.
-
On Steganography in Lost Audio Packets
Authors:
Wojciech Mazurczyk,
Jozef Lubacz,
Krzysztof Szczypiorski
Abstract:
The paper presents a new hidden data insertion procedure based on estimated probability of the remaining time of the call for steganographic method called LACK (Lost Audio PaCKets steganography). LACK provides hidden communication for real-time services like Voice over IP. The analytical results presented in this paper concern the influence of LACK's hidden data insertion procedures on the method'…
▽ More
The paper presents a new hidden data insertion procedure based on estimated probability of the remaining time of the call for steganographic method called LACK (Lost Audio PaCKets steganography). LACK provides hidden communication for real-time services like Voice over IP. The analytical results presented in this paper concern the influence of LACK's hidden data insertion procedures on the method's impact on quality of voice transmission and its resistance to steganalysis. The proposed hidden data insertion procedure is also compared to previous steganogram insertion approach based on estimated remaining average call duration.
△ Less
Submitted 31 January, 2011;
originally announced February 2011.
-
Multi-Level Steganography: Improving Hidden Communication in Networks
Authors:
Wojciech Fraczek,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
The paper presents Multi-Level Steganography (MLS), which defines a new concept for hidden communication in telecommunication networks. In MLS, at least two steganographic methods are utilised simultaneously, in such a way that one method (called the upper-level) serves as a carrier for the second one (called the lower-level). Such a relationship between two (or more) information hiding solutions…
▽ More
The paper presents Multi-Level Steganography (MLS), which defines a new concept for hidden communication in telecommunication networks. In MLS, at least two steganographic methods are utilised simultaneously, in such a way that one method (called the upper-level) serves as a carrier for the second one (called the lower-level). Such a relationship between two (or more) information hiding solutions has several potential benefits. The most important is that the lower-level method steganographic bandwidth can be utilised to make the steganogram unreadable even after the detection of the upper-level method: e.g., it can carry a cryptographic key that deciphers the steganogram carried by the upper-level one. It can also be used to provide the steganogram with integrity. Another important benefit is that the lower-layer method may be used as a signalling channel in which to exchange information that affects the way that the upper-level method functions, thus possibly making the steganographic communication harder to detect. The prototype of MLS for IP networks was also developed, and the experimental results are included in this paper.
△ Less
Submitted 9 April, 2012; v1 submitted 25 January, 2011;
originally announced January 2011.
-
Retransmission Steganography Applied
Authors:
Wojciech Mazurczyk,
Milosz Smolarczyk,
Krzysztof Szczypiorski
Abstract:
This paper presents experimental results of the implementation of network steganography method called RSTEG (Retransmission Steganography). The main idea of RSTEG is to not acknowledge a successfully received packet to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG can be applied to many network protocols that ut…
▽ More
This paper presents experimental results of the implementation of network steganography method called RSTEG (Retransmission Steganography). The main idea of RSTEG is to not acknowledge a successfully received packet to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG can be applied to many network protocols that utilize retransmissions. We present experimental results for RSTEG applied to TCP (Transmission Control Protocol) as TCP is the most popular network protocol which ensures reliable data transfer. The main aim of the performed experiments was to estimate RSTEG steganographic bandwidth and detectability by observing its influence on the network retransmission level.
△ Less
Submitted 5 July, 2010;
originally announced July 2010.
-
Hiding Data in OFDM Symbols of IEEE 802.11 Networks
Authors:
Krzysztof Szczypiorski,
Wojciech Mazurczyk
Abstract:
This paper presents a new steganographic method called WiPad (Wireless Padding). It is based on the insertion of hidden data into the padding of frames at the physical layer of WLANs (Wireless Local Area Networks). A performance analysis based on a Markov model, previously introduced and validated by the authors in [10], is provided for the method in relation to the IEEE 802.11 a/g standards. Its…
▽ More
This paper presents a new steganographic method called WiPad (Wireless Padding). It is based on the insertion of hidden data into the padding of frames at the physical layer of WLANs (Wireless Local Area Networks). A performance analysis based on a Markov model, previously introduced and validated by the authors in [10], is provided for the method in relation to the IEEE 802.11 a/g standards. Its results prove that maximum steganographic bandwidth for WiPad is as high as 1.1 Mbit/s for data frames and 0.44 Mbit/s for acknowledgment (ACK) frames. To the authors' best knowledge this is the most capacious of all the known steganographic network channels.
△ Less
Submitted 2 June, 2010;
originally announced June 2010.
-
Stream Control Transmission Protocol Steganography
Authors:
Wojciech Fraczek,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
Stream Control Transmission Protocol (SCTP) is a new transport layer protocol that is due to replace TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) protocols in future IP networks. Currently, it is implemented in such operating systems like BSD, Linux, HP-UX or Sun Solaris. It is also supported in Cisco network devices operating system (Cisco IOS) and may be used in Windows.…
▽ More
Stream Control Transmission Protocol (SCTP) is a new transport layer protocol that is due to replace TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) protocols in future IP networks. Currently, it is implemented in such operating systems like BSD, Linux, HP-UX or Sun Solaris. It is also supported in Cisco network devices operating system (Cisco IOS) and may be used in Windows. This paper describes potential steganographic methods that may be applied to SCTP and may pose a threat to network security. Proposed methods utilize new, characteristic SCTP features like multi-homing and multistreaming. Identified new threats and suggested countermeasures may be used as a supplement to RFC 5062, which describes security attacks in SCTP protocol and can induce further standard modifications.
△ Less
Submitted 1 June, 2010;
originally announced June 2010.
-
Information Hiding Using Improper Frame Padding
Authors:
Bartosz Jankowski,
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
Hiding information in network traffic may lead to leakage of confidential information. In this paper we introduce a new steganographic system: the PadSteg (Padding Steganography). To authors' best knowledge it is the first information hiding solution which represents interprotocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communicatio…
▽ More
Hiding information in network traffic may lead to leakage of confidential information. In this paper we introduce a new steganographic system: the PadSteg (Padding Steganography). To authors' best knowledge it is the first information hiding solution which represents interprotocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communication. PadSteg utilizes ARP and TCP protocols together with an Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret communication for hidden groups in LANs (Local Area Networks). Basing on real network traces we confirm that PadSteg is feasible in today's networks and we estimate what steganographic bandwidth is achievable while limiting the chance of disclosure. We also point at possible countermeasures against PadSteg.
△ Less
Submitted 5 July, 2010; v1 submitted 11 May, 2010;
originally announced May 2010.
-
What are suspicious VoIP delays?
Authors:
Wojciech Mazurczyk,
Krzysztof Cabaj,
Krzysztof Szczypiorski
Abstract:
Voice over IP (VoIP) is unquestionably the most popular real-time service in IP networks today. Recent studies have shown that it is also a suitable carrier for information hiding. Hidden communication may pose security concerns as it can lead to confidential information leakage. In VoIP, RTP (Real-time Transport Protocol) in particular, which provides the means for the successful transport of v…
▽ More
Voice over IP (VoIP) is unquestionably the most popular real-time service in IP networks today. Recent studies have shown that it is also a suitable carrier for information hiding. Hidden communication may pose security concerns as it can lead to confidential information leakage. In VoIP, RTP (Real-time Transport Protocol) in particular, which provides the means for the successful transport of voice packets through IP networks, is suitable for steganographic purposes. It is characterised by a high packet rate compared to other protocols used in IP telephony, resulting in a potentially high steganographic bandwidth. The modification of an RTP packet stream provides many opportunities for hidden communication as the packets may be delayed, reordered or intentionally lost. In this paper, to enable the detection of steganographic exchanges in VoIP, we examined real RTP traffic traces to answer the questions, what do the "normal" delays in RTP packet streams look like? and, is it possible to detect the use of known RTP steganographic methods based on this knowledge?
△ Less
Submitted 23 February, 2010;
originally announced February 2010.
-
Steganography in Handling Oversized IP Packets
Authors:
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
This paper identifies new class of network steganography methods that utilize mechanisms to handle oversized packets in IP networks: IP fragmentation, PMTUD (Path MTU Discovery) and PLPMTUD (Packetization Layer Path MTU Discovery). In particular, we propose two new steganographic methods and two extensions of existing ones. We show how IP fragmentation simplifies utilizing steganographic methods…
▽ More
This paper identifies new class of network steganography methods that utilize mechanisms to handle oversized packets in IP networks: IP fragmentation, PMTUD (Path MTU Discovery) and PLPMTUD (Packetization Layer Path MTU Discovery). In particular, we propose two new steganographic methods and two extensions of existing ones. We show how IP fragmentation simplifies utilizing steganographic methods which requires transmitter-receiver synchronization. We present how mentioned mechanisms can be used to enable hidden communication for both versions of IP protocol: 4 and 6. Also the detection of the proposed methods is enclosed in this paper.
△ Less
Submitted 2 July, 2009;
originally announced July 2009.
-
A Performance Analysis of HICCUPS - a Steganographic System for WLAN
Authors:
Krzysztof Szczypiorski
Abstract:
The paper presents an analysis of performance features of the HICCUPS (HIdden Communication system for CorrUPted networkS) including the efficiency and the cost of the system in WLANs (Wireless Local Area Networks). The analysis relies on the original CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) 802.11 Markov chain-based model.
The paper presents an analysis of performance features of the HICCUPS (HIdden Communication system for CorrUPted networkS) including the efficiency and the cost of the system in WLANs (Wireless Local Area Networks). The analysis relies on the original CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) 802.11 Markov chain-based model.
△ Less
Submitted 23 June, 2009;
originally announced June 2009.
-
Hiding Information in Retransmissions
Authors:
Wojciech Mazurczyk,
Milosz Smolarczyk,
Krzysztof Szczypiorski
Abstract:
The paper presents a new steganographic method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload fi…
▽ More
The paper presents a new steganographic method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG is presented in the broad context of network steganography, and the utilisation of RSTEG for TCP (Transport Control Protocol) retransmission mechanisms is described in detail. Simulation results are also presented with the main aim to measure and compare the steganographic bandwidth of the proposed method for different TCP retransmission mechanisms as well as to determine the influence of RSTEG on the network retransmissions level.
△ Less
Submitted 14 May, 2009; v1 submitted 4 May, 2009;
originally announced May 2009.
-
TrustMAS: Trusted Communication Platform for Multi-Agent Systems
Authors:
Krzysztof Szczypiorski,
Igor Margasinski,
Wojciech Mazurczyk,
Krzysztof Cabaj,
Pawel Radziszewski
Abstract:
The paper presents TrustMAS - Trusted Communication Platform for Multi-Agent Systems, which provides trust and anonymity for mobile agents. The platform includes anonymous technique based on random-walk algorithm for providing general purpose anonymous communication for agents. All agents, which take part in the proposed platform, benefit from trust and anonymity that is provided for their inter…
▽ More
The paper presents TrustMAS - Trusted Communication Platform for Multi-Agent Systems, which provides trust and anonymity for mobile agents. The platform includes anonymous technique based on random-walk algorithm for providing general purpose anonymous communication for agents. All agents, which take part in the proposed platform, benefit from trust and anonymity that is provided for their interactions. Moreover, in TrustMAS there are StegAgents (SA) that are able to perform various steganographic communication. To achieve that goal, SAs may use methods in different layers of TCP/IP model or specialized middleware enabling steganography that allows hidden communication through all layers of mentioned model. In TrustMAS steganographic channels are used to exchange routing tables between StegAgents. Thus all StegAgents in TrustMAS with their ability to exchange information by using hidden channels form distributed steganographic router (Stegrouter).
△ Less
Submitted 29 August, 2008;
originally announced August 2008.
-
Steganographic Routing in Multi Agent System Environment
Authors:
Krzysztof Szczypiorski,
Igor Margasinski,
Wojciech Mazurczyk
Abstract:
In this paper we present an idea of trusted communication platform for Multi-Agent Systems (MAS) called TrustMAS. Based on analysis of routing protocols suitable for MAS we have designed a new proactive hidden routing. Proposed steg-agents discovery procedure, as well as further routes updates and hidden communication, are cryptographically independent. Steganographic exchange can cover heteroge…
▽ More
In this paper we present an idea of trusted communication platform for Multi-Agent Systems (MAS) called TrustMAS. Based on analysis of routing protocols suitable for MAS we have designed a new proactive hidden routing. Proposed steg-agents discovery procedure, as well as further routes updates and hidden communication, are cryptographically independent. Steganographic exchange can cover heterogeneous and geographically outlying environments using available cross-layer covert channels. Finally we have specified rules that agents have to follow to benefit the TrustMAS distributed router platform.
△ Less
Submitted 3 June, 2008;
originally announced June 2008.
-
Covert Channels in SIP for VoIP signalling
Authors:
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
In this paper, we evaluate available steganographic techniques for SIP (Session Initiation Protocol) that can be used for creating covert channels during signaling phase of VoIP (Voice over IP) call. Apart from characterizing existing steganographic methods we provide new insights by introducing new techniques. We also estimate amount of data that can be transferred in signalling messages for ty…
▽ More
In this paper, we evaluate available steganographic techniques for SIP (Session Initiation Protocol) that can be used for creating covert channels during signaling phase of VoIP (Voice over IP) call. Apart from characterizing existing steganographic methods we provide new insights by introducing new techniques. We also estimate amount of data that can be transferred in signalling messages for typical IP telephony call.
△ Less
Submitted 22 May, 2008;
originally announced May 2008.
-
Steganography of VoIP Streams
Authors:
Wojciech Mazurczyk,
Krzysztof Szczypiorski
Abstract:
The paper concerns available steganographic techniques that can be used for creating covert channels for VoIP (Voice over Internet Protocol) streams. Apart from characterizing existing steganographic methods we provide new insights by presenting two new techniques. The first one is network steganography solution which exploits free/unused protocols' fields and is known for IP, UDP or TCP protoco…
▽ More
The paper concerns available steganographic techniques that can be used for creating covert channels for VoIP (Voice over Internet Protocol) streams. Apart from characterizing existing steganographic methods we provide new insights by presenting two new techniques. The first one is network steganography solution which exploits free/unused protocols' fields and is known for IP, UDP or TCP protocols but has never been applied to RTP (Real-Time Transport Protocol) and RTCP (Real-Time Control Protocol) which are characteristic for VoIP. The second method, called LACK (Lost Audio Packets Steganography), provides hybrid storage-timing covert channel by utilizing delayed audio packets. The results of the experiment, that was performed to estimate a total amount of data that can be covertly transferred during typical VoIP conversation phase, regardless of steganalysis, are also included in this paper.
△ Less
Submitted 25 August, 2008; v1 submitted 19 May, 2008;
originally announced May 2008.