New Generic Taxonomy for Steganography Hiding Methods

We are very pleased to tell that the fundamentally revised version of the patterns-based taxonomy for steganography is now available on the project website. A pre-print can be found here: https://doi.org/10.36227/techrxiv.20215373. The new taxonomy also incorporates the network-level hiding patterns from this website. Additionally, the new pre-print incorporates a revised version of the unified description method.

Poster on Hiding Patterns History

We just published a new poster at EICC'22 that covers a brief history of hiding patterns since their emergence around 2014. The paper is available through its DOI (10.1145/3528580.3532997) and the poster is available here: https://wendzel.de/dr.org/files/Papers/EICC22_poster.pdf.

Update (Jul-06-2022): the poster was updated to additionally cover the most recent paper on patterns (see latest blog post).

New: Indirect Covert Channel Patterns

In an upcoming paper by Tobias Schmidbauer and Steffen Wendzel that will be presented at ASIA CCS 2022, patterns for indirect network covert channels are proposed.

The paper entitled SoK: A Survey Of Indirect Network-level Covert Channels is already available online through this link at ResearchGate. In the future, it should be also available through its DOI: 10.1145/3488932.3517418.

Abstract: Within the last few years, indirect network-level covert channels have experienced a renaissance with new ideas and evolving concepts. Logical network separation may now be crossed and the sending and receiving activities can be performed with temporal distance between sending and receiving operations. Despite these new developments, all indirect network covert channels share certain basic principles that allow a categorization. So far, the concepts of indirect network-level covert channels have never been systematized. In this paper, we introduce a taxonomy containing indirect covert channel patterns that allow a differentiated analysis of all known indirect network-level covert channels. We introduce additional definitions to unify the understanding of the domain and further identify crucial features of indirect covert channels to make them comparable and describable. We further discuss application scenarios as well as potential and already evaluated countermeasures against indirect covert channels. Further, we discuss observable trends and anticipated future developments in the research area of indirect network-level covert channels.

Steganography Hiding Patterns Taxonomy: Brining Patterns to All Stego Domains!

This August, we published the first version of a pattern-based taxonomy of hiding methods for steganography, which also incorporates network steganography but additionally covers other domains of steganography, such as digital media or text steganography. The paper was presented during the CUING workshop at the ARES conference (video of the talk). It essentially shows a first (but major) step towards such a taxonomy. We currently work on the extension/finalization of the initial steganography pattterns taxonomy, which will be published in a few months. This extension will also try to better describe the co-existence of both taxonomies while ensuring that they are synchronized. The paper is a joint work by eleven authors from seven institutions (four countries).

Paper: Caviglione L, Mazurczyk W, Mileva A, Dittmann J, Krätzer C, Lamshöft K, Vielhauer C, Hartmann L, Keller J, Neubert T (2021) A Revised Taxonomy of Steganography Embedding Patterns. In: Proc. 16th International Conference on Availability, Reliability and Security (ARES 2021). ACM, DOI: 10.1145/3465481.3470069

There is a website for steganography hiding patterns: patterns.ztt.hs-worms.de/

More updates on the subject will follow in the coming months.

New pattern PT16 Artificial Resets

There is a new paper that proposes a pattern PT16 Artificial Resets, which exploits reset messages. The covert channel has so far only been described as an indirect covert channel and can be seen as a special form of PT15 (Artificial Reconnections), where an artificial reset is caused instead of an artificial reconnection. There is a proof-of-concept implementation available for CoAP.

The initial study on this pattern was published at the DETONATOR workshop of EICC'22:

Hartmann L, Zillien S, Wendzel S (2021) Reset- and Reconnection-based Covert Channels in CoAP. In: Proc. European Interdisciplinary Cybersecurity Conference (EICC 2021). ACM, DOI: 10.1145/3487405.3487660

Moreover, there is a new study on pattern PT15 Artificial Reconnections in WiFi networks published in the proceedings of this year's IFIP SEC:

S. Zillien, S. Wendzel: Reconnection-Based Covert Channels in Wireless Networks, in Proc. IFIP SEC 2021, Springer. https://link.springer.com/chapter/10.1007%2F978-3-030-78120-0_8

Two new publications and a new pattern

An upcoming publication [1] proposes a new pattern that exploits artificial reconnections. We already added it to the website as PT15 Artificial Reconnections.

• Aleksandra Mileva, Aleksandar Velinov, Laura Hartmann, Steffen Wendzel, Wojciech Mazurczyk: Comprehensive Analysis of MQTT 5.0 Susceptibility to Network Covert Channels, Computers & Security, Elsevier, 2021. 
  

Moreover, my (Steffen's) habilitation thesis is now available, its core topic are hiding patterns:

• Steffen Wendzel: Network Information Hiding: Terminology, Taxonomy, Methodology and Countermeasures (PDF), Habilitation Thesis, Department of Mathematics and Computer Science, Unversity of Hagen, submitted in Nov. 2019, colloquiums passed in Nov. 2020.

(links updated on Feb, 2nd)

New paper shows feasibility of covert channels in hash chains

Our new paper (published in MDPI Appl. Sci., open access) uses the Random Value pattern to realize a plausibly deniable covert channels in one-time passwords based on hash chains.