Initial publication | W. Mazurczyk, S. Wendzel, K. Cabaj in [3]. |
Illustration | This pattern is used when it is possible to exploit the redundancy of the user-data by means of transforming them in such a way that a free space for secret data is obtained (e.g. by means of transcoding). This pattern is a bit similar to the pattern Add Redundancy defined in [1] but can also decrease redundancy and is applied to payload instead of meta-data. |
Context | Network Covert Channel Patterns → Covert Storage Channel Patterns → Modification of Payload → User-data Aware |
Evidence | See [3] for references. At least the following ideas were published that belong to this pattern: 1. Compress existing user-data in order to make a space for secret data. 2. Transform the VAD-enabled IP telephony voice stream into non-VAD one and fill the gaps using artificially generated RTP packets containing secret data. 3. Approximate the F0 parameter of the Speex codec which carries information about the pitch of the speech signal and use the ``saved'' space for secret data. |
Implementation |
References:
[1] S. Wendzel, S. Zander, B. Fechner, C. Herdin: Pattern-based Survey and Categorization of Network Covert Channel Techniques, ACM Computing Surveys, Vol. 47, Issue 3, pp. 50:1-26, ACM, 2015.
An early version of the article is available here: download.
[2] W. Mazurczyk, S. Wendzel, S. Zander, A. Houmansadr, K. Szczypiorski: Information Hiding in Communication Networks, Wiley, 2016. Chapters 3 and 8 contain discussions on hiding patterns, basically on the basis of [1] but with an extension of timing-based patterns.
[3] W. Mazurczyk, S. Wendzel, K. Cabaj: Towards Deriving Insights into Data Hiding Methods Using Pattern-based Approach, in Proc. Second International Workshop on Criminal Use of Information Hiding (CUING 2018) at ARES, pp. 10:1-10:10, ACM, 2018.
Keine Kommentare:
Kommentar veröffentlichen