We are very pleased to tell that the fundamentally revised version of the patterns-based taxonomy for steganography is now available on the project website. A pre-print can be found here: https://doi.org/10.36227/techrxiv.20215373. The new taxonomy also incorporates the network-level hiding patterns from this website. Additionally, the new pre-print incorporates a revised version of the unified description method.
Network Information Hiding Patterns
RESEARCHING SCIENTIFIC FUNDAMENTALS OF NETWORK STEGANOGRAPHY (COVERT CHANNELS) AND PROVIDING A PATTERN COLLECTION
Mittwoch, 6. Juli 2022
New Generic Taxonomy for Steganography Hiding Methods
Mittwoch, 15. Juni 2022
Poster on Hiding Patterns History
We just published a new poster at EICC'22 that covers a brief history of hiding patterns since their emergence around 2014. The paper is available through its DOI (10.1145/3528580.3532997) and the poster is available here: https://wendzel.de/dr.org/files/Papers/EICC22_poster.pdf.
Update (Jul-06-2022): the poster was updated to additionally cover the most recent paper on patterns (see latest blog post).
Freitag, 25. März 2022
New: Indirect Covert Channel Patterns
In an upcoming paper by Tobias Schmidbauer and Steffen Wendzel that will be presented at ASIA CCS 2022, patterns for indirect network covert channels are proposed.
The paper entitled SoK: A Survey Of Indirect Network-level Covert Channels is already available online through this link at ResearchGate. In the future, it should be also available through its DOI: 10.1145/3488932.3517418.
Abstract: Within the last few years, indirect network-level covert channels have
experienced a renaissance with new ideas and evolving concepts. Logical
network separation may now be crossed and the sending and receiving
activities can be performed with temporal distance between sending and
receiving operations. Despite these new developments, all indirect
network covert channels share certain basic principles that allow a
categorization. So far, the concepts of indirect network-level covert
channels have never been systematized. In this paper, we introduce a
taxonomy containing indirect covert channel patterns that allow a
differentiated analysis of all known indirect network-level covert
channels. We introduce additional definitions to unify the understanding
of the domain and further identify crucial features of indirect covert
channels to make them comparable and describable. We further discuss
application scenarios as well as potential and already evaluated
countermeasures against indirect covert channels. Further, we discuss
observable trends and anticipated future developments in the research
area of indirect network-level covert channels.
Mittwoch, 1. Dezember 2021
Steganography Hiding Patterns Taxonomy: Brining Patterns to All Stego Domains!
This August, we published the first version of a pattern-based taxonomy of hiding methods for steganography, which also incorporates network steganography but additionally covers other domains of steganography, such as digital media or text steganography. The paper was presented during the CUING workshop at the ARES conference (video of the talk). It essentially shows a first (but major) step towards such a taxonomy. We currently work on the extension/finalization of the initial steganography pattterns taxonomy, which will be published in a few months. This extension will also try to better describe the co-existence of both taxonomies while ensuring that they are synchronized. The paper is a joint work by eleven authors from seven institutions (four countries).
Paper: Caviglione L, Mazurczyk W, Mileva A, Dittmann J, Krätzer C, Lamshöft K, Vielhauer C, Hartmann L, Keller J, Neubert T (2021) A Revised Taxonomy of Steganography Embedding Patterns. In: Proc. 16th International Conference on Availability, Reliability and Security (ARES 2021). ACM, DOI: 10.1145/3465481.3470069
There is a website for steganography hiding patterns: patterns.ztt.hs-worms.de/
More updates on the subject will follow in the coming months.
New pattern PT16 Artificial Resets
There is a new paper that proposes a pattern PT16 Artificial Resets, which exploits reset messages. The covert channel has so far only been described as an indirect covert channel and can be seen as a special form of PT15 (Artificial Reconnections), where an artificial reset is caused instead of an artificial reconnection. There is a proof-of-concept implementation available for CoAP.
The initial study on this pattern was published at the DETONATOR workshop of EICC'22:
Hartmann L, Zillien S, Wendzel S (2021) Reset- and Reconnection-based Covert Channels in CoAP. In: Proc. European Interdisciplinary Cybersecurity Conference (EICC 2021). ACM, DOI: 10.1145/3487405.3487660
Moreover, there is a new study on pattern PT15 Artificial Reconnections in WiFi networks published in the proceedings of this year's IFIP SEC:
S. Zillien, S. Wendzel: Reconnection-Based Covert Channels in Wireless Networks, in Proc. IFIP SEC 2021, Springer. https://link.springer.com/chapter/10.1007%2F978-3-030-78120-0_8
Dienstag, 2. Februar 2021
Two new publications and a new pattern
An upcoming publication [1] proposes a new pattern that exploits artificial reconnections. We already added it to the website as PT15 Artificial Reconnections.
- Aleksandra Mileva, Aleksandar Velinov, Laura Hartmann, Steffen Wendzel, Wojciech Mazurczyk: Comprehensive Analysis of MQTT 5.0 Susceptibility to Network Covert Channels, Computers & Security, Elsevier, 2021.
Moreover, my (Steffen's) habilitation thesis is now available, its core topic are hiding patterns:
- Steffen Wendzel: Network Information Hiding: Terminology, Taxonomy, Methodology and Countermeasures (PDF), Habilitation Thesis, Department of Mathematics and Computer Science, Unversity of Hagen, submitted in Nov. 2019, colloquiums passed in Nov. 2020.
(links updated on Feb, 2nd)
Mittwoch, 13. Januar 2021
New paper shows feasibility of covert channels in hash chains
Our new paper (published in MDPI Appl. Sci., open access) uses the Random Value pattern to realize a plausibly deniable covert channels in one-time passwords based on hash chains.