Mittwoch, 15. Juni 2022

Poster on Hiding Patterns History

We just published a new poster at EICC'22 that covers a brief history of hiding patterns since their emergence around 2014. The paper is available through its DOI (10.1145/3528580.3532997) and the poster is available here: https://wendzel.de/dr.org/files/Papers/EICC22_poster.pdf.

Freitag, 25. März 2022

New: Indirect Covert Channel Patterns

In an upcoming paper by Tobias Schmidbauer and Steffen Wendzel that will be presented at ASIA CCS 2022, patterns for indirect network covert channels are proposed.

The paper entitled SoK: A Survey Of Indirect Network-level Covert Channels is already available online through this link at ResearchGate. In the future, it should be also available through its DOI: 10.1145/3488932.3517418.

Abstract: Within the last few years, indirect network-level covert channels have experienced a renaissance with new ideas and evolving concepts. Logical network separation may now be crossed and the sending and receiving activities can be performed with temporal distance between sending and receiving operations. Despite these new developments, all indirect network covert channels share certain basic principles that allow a categorization. So far, the concepts of indirect network-level covert channels have never been systematized. In this paper, we introduce a taxonomy containing indirect covert channel patterns that allow a differentiated analysis of all known indirect network-level covert channels. We introduce additional definitions to unify the understanding of the domain and further identify crucial features of indirect covert channels to make them comparable and describable. We further discuss application scenarios as well as potential and already evaluated countermeasures against indirect covert channels. Further, we discuss observable trends and anticipated future developments in the research area of indirect network-level covert channels.

Mittwoch, 1. Dezember 2021

Steganography Hiding Patterns Taxonomy: Brining Patterns to All Stego Domains!

This August, we published the first version of a pattern-based taxonomy of hiding methods for steganography, which also incorporates network steganography but additionally covers other domains of steganography, such as digital media or text steganography. The paper was presented during the CUING workshop at the ARES conference (video of the talk). It essentially shows a first (but major) step towards such a taxonomy. We currently work on the extension/finalization of the initial steganography pattterns taxonomy, which will be published in a few months. This extension will also try to better describe the co-existence of both taxonomies while ensuring that they are synchronized. The paper is a joint work by eleven authors from seven institutions (four countries).

Paper: Caviglione L, Mazurczyk W, Mileva A, Dittmann J, Krätzer C, Lamshöft K, Vielhauer C, Hartmann L, Keller J, Neubert T (2021) A Revised Taxonomy of Steganography Embedding Patterns. In: Proc. 16th International Conference on Availability, Reliability and Security (ARES 2021). ACM, DOI: 10.1145/3465481.3470069

There is a website for steganography hiding patterns: patterns.ztt.hs-worms.de/

More updates on the subject will follow in the coming months.

New pattern PT16 Artificial Resets

There is a new paper that proposes a pattern PT16 Artificial Resets, which exploits reset messages. The covert channel has so far only been described as an indirect covert channel and can be seen as a special form of PT15 (Artificial Reconnections), where an artificial reset is caused instead of an artificial reconnection. There is a proof-of-concept implementation available for CoAP.

The initial study on this pattern was published at the DETONATOR workshop of EICC'22:

Hartmann L, Zillien S, Wendzel S (2021) Reset- and Reconnection-based Covert Channels in CoAP. In: Proc. European Interdisciplinary Cybersecurity Conference (EICC 2021). ACM, DOI: 10.1145/3487405.3487660

Moreover, there is a new study on pattern PT15 Artificial Reconnections in WiFi networks published in the proceedings of this year's IFIP SEC:

S. Zillien, S. Wendzel: Reconnection-Based Covert Channels in Wireless Networks, in Proc. IFIP SEC 2021, Springer. https://link.springer.com/chapter/10.1007%2F978-3-030-78120-0_8

Dienstag, 2. Februar 2021

Two new publications and a new pattern

An upcoming publication [1] proposes a new pattern that exploits artificial reconnections. We already added it to the website as PT15 Artificial Reconnections.

Moreover, my (Steffen's) habilitation thesis is now available, its core topic are hiding patterns:

(links updated on Feb, 2nd)

Mittwoch, 13. Januar 2021

Donnerstag, 15. Oktober 2020

Hands-on tool for Covert Channel Patterns Detection now available!

The tool NeFiAS (Network Forensic & Anomaly Detection System) is an accessible hands-on tool for network covert channel detection. I just made the code of NeFiAS public. I also attached a documentation. Have fun with it!