which defines a sample protocol to
teach various network hiding patterns and can be used in didactic environments. The tool is unique as it
lowers the barrier for understanding
network covert channels by eliminating the requirement of understanding several network protocols in advance. However, it must be noted,
that testbeds not based on hiding
patterns33 exist.
˲ Removed Steganography Application Scanner (RSAS) tooll that enables
to discover artifacts of the known steganographic applications even if they
were previously uninstalled or run
from a portable memory storage.
Current CUIng members’ experiences related to the initiative show
that cooperating jointly and building
a robust community will take advantage of the expert knowledge and expertise from academia, industry, law
enforcement, and institutions. This
networking approach does not eliminate but limits the problem of the
criminal use of information hiding
before it becomes a much more widespread phenomenon. It must be also
noted that CUIng is about to release a
first set of guidelines for the protection of organizations and the forensic
analysis in the coming year.
Outlook
The increasing number of known
cases in which modern information
hiding is applied in cybercrime as
well as the constantly rising number
of academic publications in the field
underpin the importance of the topic
and the broad interest in it. It is im-
portant to foster professional and
academic training on information
hiding, a better understanding and
the improvement of the methodology
in the field, especially for forensics.
Another need is to enable a better
sharing of incidents and trends. The
CUIng initiative presented here is a
vehicle to push these processes.
More information about CUIng can
be found at http://www.cuing.org.
Acknowledgments. The authors
thank the anonymous reviewers for
helpful and constructive comments
that greatly contributed to improving
this article.
l https://nicolatalin.github.io/rsas/
References
1. Anderson, R., Needham, R. and Shamir, A. The
steganographic file system. Information Hiding.
Springer, 1998, 73–82.
2. Backs, P., Wendzel, S. and Keller, J. Dynamic routing
in covert channel overlays based on control protocols.
In Proceedings of the ISTP’ 12 Workshop (2012).
IEEE, 32–39.
3. Bortz, A. and Boneh, D. Exposing private information
by timing web applications. In Proceedings of the
WW W (2007). ACM, 621–628.
4. Carrara, B. and Adams, C. Out-of-band covert channels—
A survey. Computing Surveys 49, 2 (2016). ACM, 23.
5. Caviglione, L., Podolski, M., Mazurczyk, W. and
Ianigro, M. Covert channels in personal cloud storage
services: The case of Dropbox. IEEE Trans. Industrial
Informatics, 2016.
6. Cheddad, A., Condell, J., Curran, K. and Mc Kevitt, P.
Digital image steganography: Survey and analysis of
current methods. Signal Processing 90, 3 (Mar. 2010),
727–752.
7. Fisk, G., Fisk, M., Papadopoulos, C. and Neil, J.
Eliminating steganography in Internet traffic with
active wardens. Information Hiding, LNCS 2578
(2002). Springer, 18–35.
8. Fridrich, J. Steganography in Digital Media: Principles,
Algorithms, and Applications. Cambridge University
Press, 2009.
9. Girling, C. G. Covert Channels in LANs. IEEE Trans.
Softw. Engin. 13, 2 (1987). IEEE, 292–296.
10. Gold, B.D., Linde, R.R., Peeler, R.J., Schaefer, M.,
Scheid, J.F. and Ward, P.D. A security retrofit of
VM/370. In Proceedings of the AFIPS Conference
(1979). AFIPS Press, 335–344.
11. Hanspach, M. and Goetz, M. On covert acoustical mesh
networks in air. J. Communications 8, 11 (2013).
12. Hasan, R., Saxena, N., Haleviz, T., Zawoad, S. and
Rinehart, D. Sensing-enabled channels for hard-to-detect command and control of mobile devices. In
Proceedings of the Symp. Information, Computer and
Communications Security. ACM, New York, N Y, 2013,
469–480.
13. Herr, T. and Armbrust, E. Milware: Identification and
implications of state authored malicious software.
In Proceedings of the 2015 New Security Paradigms
Workshop. ACM, New York, NY, 29–43
14. Hu, W.M. Reducing timing channels with fuzzy time.
J. Computer Security 1, 3/4 (1992), 233–254.
15. Johnson, N. F. and Katzenbeisser, S.C. A survey of
steganographic techniques. Information Hiding.
Artech House, 2000.
16. Kemmerer. R.A. Shared resource matrix methodology:
An approach to identifying storage and timing
channels. ACM Trans. Computer Systems 1, 3 (Aug.
1983), 256–277.
17. Kessler, G. C. An overview of steganography for
the computer forensics examiner. Forensic Science
Communications 6, 3 (Jan. 2004), 1–2.
18. Lampson, B. W. A note on the confinement problem.
Commun. ACM 16, 10 (Oct. 1973), 613–615.
19. Lemay, A., Fernandez, J. M. and Knight, S. A Modbus
command and control channel, In Proceedings of the
Annual IEEE Systems Conference. IEEE, 2016.
20. Lucena, N. B., Lewandowski, G. and Chapin, S. J. Covert
channels in IPv6. In Proceedings of Privacy Enhancing
Technologies, LNCS 3856 (2005). Springer, 147–166.
21. Mazurczyk, W. and Caviglione, L. Steganography in
modern smartphones and mitigation techniques. IEEE
Commun. Surveys & Tutorials 17, 1 (2014), 334–357;
DOI: 10.1109/COMS T.2014.2350994
22. Mazurczyk, W. and Caviglione, L. Information hiding as
a challenge for malware detection. IEEE Security and
Privacy, 2 (2015).
23. Mazurczyk, W., Wendzel, S., Zander, S., Houmansadr,
A. and Szczypiorski, K. Information Hiding in
Communication Networks. Wiley-IEEE Press, 2016.
24. Neuner, S., Voyiatzis, A. G., Schmiedecker, M.,
Brunthaler, S., Katzenbeisser, S. and Weippl, E. R. Time
is on my side: Steganography in file system metadata.
Digital Investigation 18 (2016), S76–S86.
25. Pang, H., Tan, K. and Zhou X. Stegfs: A steganographic
file system. In Proceedings of the International Conf.
on Data Engineering, 2003, 657–667.
26. Petitcolas, F., Anderson, R. and Kuhn, M. Information
hiding—A survey. IEEE 87, 7 (1999), 1062–1078.
27. Rezaei, F., Hempel, M., Peng, D., Qian, Y. and Sharif,
H. Analysis and evaluation of covert channels over
LTE advanced. In Proceedings of the Wireless
Communications and Networking Conference. IEEE,
2013, 1903–1908.
28. Rowland, C.H. Covert channels in the TCP/IP protocol
suite. First Monday 2, 5 (1997).
29. Schlegel, R., Zhang, K., Zhou, X., Intwala, X., Kapadia,
A., Wang, X.: Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones, in: Network and
Distributed System Security Symposium, 2011.
30. Thompson, I. and Monroe, M. FragFS: An advanced
data hiding technique. BlackHat Federal, 2006; http://
www.blackhat.com/presentations/bh-federal-06/BH-
Fed-06- Thompson/BH-Fed-06- Thompson-up.pdf
31. Tseby, T., Iglesias Vázquez, F., Bernhardt, V., Frkat,
D. and Annessi, R. A network steganography lab
on detecting TCP/IP covert channels. IEEE Trans.
Education 59, 3 (2016), 224–232.
32. Wendzel, S., Kahler, B. and Rist, T. Covert channels and
their prevention in building automation protocols—A
prototype exemplified using BACnet. GreenCom/
CPSCom. IEEE, 2012, 731-736.
33. Wendzel, S. and Keller, J. Hidden and Under
Control—A survey and outlook on covert
channel-internal control protocols. Annals of
Telecommunications 69, 7 (2014). Springer, 417–430.
34. Wendzel, S. and Mazurczyk, W., Poster: An educational
network protocol for covert channel analysis using
patterns. In Proceedings of the ACM Conference on
Computer and Communications Security (Vienna,
Austria, Oct. 24–28, 2016), 1739–1741.
35. Wendzel, S., Zander, S., Fechner, B. and Herdin, C.
Pattern-based survey and categorization of network
covert channel techniques. Computing Surveys 47, 3
(2015). ACM, 50.
36. Zander, S., Armitage, G. and Branch, P. A survey of
covert channels and countermeasures on computer
network protocols. IEEE Communications Surveys &
Tutorials 9, 3 (2007). IEEE, 44–57.
37. Zander, S., Armitage, G. and Branch, P. Covert
channels in multiplayer first person shooter online
games. . In Proceedings of the 33rd IEEE Conference
on Local Computer Networks (2008), 215–222.
38. Zielin´ska, E., Mazurczyk, W. and Szczypiorski, K. Trends
in steganography. Comm. ACM 57, 3 (Mar. 2014). ACM,
86–95.
Wojciech Mazurczyk ( wmazurczyk@tele.pw.edu.pl)
is an associate professor at Warsaw University of
Technology, Warsaw, Poland.
Steffen Wendzel ( wendzel@hs-worms.de) is
an associate professor at Worms University of Applied
Sciences, Worms, and a researcher at Fraunhofer FKIE,
Bonn, Germany.
© 2018 ACM 0001-0782/18/1 $15.00
Watch the authors discuss
their work in this exclusive
Communications video.
https://cacm.acm.org/videos/
information-hiding