| Initial publication | W. Mazurczyk, S. Wendzel, K. Cabaj in [3]. However, this pattern is based on the original PS1. Size Modulation Pattern, which was introduced by S. Wendzel, S. Zander, B. Fechner, C. Herdin in [1]. |
| Illustration | This pattern uses a size of the payload field of a flow's PDUs/messages to encode the hidden message. This pattern is a variant (child) of the pattern P1. Size Modulation of [1] which has been already defined for the modification of the non-payload branch of storage methods. |
| Context | Network Covert Channel Patterns → Covert Storage Channel Patterns → Modification of Payload → User-data Agnostic |
| Evidence | 1. Modulate the size of the data block field in Ethernet frames, cf. Girling'87. 2. Any other method that modulates the size of the payload field in any network protocol. |
| Implementation |
References:
[1] S. Wendzel, S. Zander, B. Fechner, C. Herdin: Pattern-based Survey and Categorization of Network Covert Channel Techniques, ACM Computing Surveys, Vol. 47, Issue 3, pp. 50:1-26, ACM, 2015.
An early version of the article is available here: download.
[2] W. Mazurczyk, S. Wendzel, S. Zander, A. Houmansadr, K. Szczypiorski: Information Hiding in Communication Networks, Wiley, 2016. Chapters 3 and 8 contain discussions on hiding patterns, basically on the basis of [1] but with an extension of timing-based patterns.
[3] W. Mazurczyk, S. Wendzel, K. Cabaj: Towards Deriving Insights into Data Hiding Methods Using Pattern-based Approach, in Proc. Second International Workshop on Criminal Use of Information Hiding (CUING 2018) at ARES, pp. 10:1-10:10, ACM, 2018.
Keine Kommentare:
Kommentar veröffentlichen