Communications of the ACM

which defines a sample protocol to teach various network hiding patterns and can be used in didactic environments. The tool is unique as it lowers the barrier for understanding network covert channels by eliminating the requirement of understanding several network protocols in advance. However, it must be noted, that testbeds not based on hiding patterns33 exist.

˲ Removed Steganography Application Scanner (RSAS) tooll that enables to discover artifacts of the known steganographic applications even if they were previously uninstalled or run from a portable memory storage.

Current CUIng members’ experiences related to the initiative show that cooperating jointly and building a robust community will take advantage of the expert knowledge and expertise from academia, industry, law enforcement, and institutions. This networking approach does not eliminate but limits the problem of the criminal use of information hiding before it becomes a much more widespread phenomenon. It must be also noted that CUIng is about to release a first set of guidelines for the protection of organizations and the forensic analysis in the coming year.

Outlook

The increasing number of known
cases in which modern information
hiding is applied in cybercrime as
well as the constantly rising number
of academic publications in the field
underpin the importance of the topic
and the broad interest in it. It is im-
portant to foster professional and
academic training on information
hiding, a better understanding and
the improvement of the methodology
in the field, especially for forensics.
Another need is to enable a better
sharing of incidents and trends. The
CUIng initiative presented here is a
vehicle to push these processes.
More information about CUIng can
be found at http://www.cuing.org.

Acknowledgments. The authors thank the anonymous reviewers for helpful and constructive comments that greatly contributed to improving this article.

l https://nicolatalin.github.io/rsas/

References

1. Anderson, R., Needham, R. and Shamir, A. The steganographic file system. Information Hiding. Springer, 1998, 73–82.

2. Backs, P., Wendzel, S. and Keller, J. Dynamic routing in covert channel overlays based on control protocols.

In Proceedings of the ISTP’ 12 Workshop (2012).

IEEE, 32–39.

3. Bortz, A. and Boneh, D. Exposing private information by timing web applications. In Proceedings of the WW W (2007). ACM, 621–628.

4. Carrara, B. and Adams, C. Out-of-band covert channels— A survey. Computing Surveys 49, 2 (2016). ACM, 23.

5. Caviglione, L., Podolski, M., Mazurczyk, W. and Ianigro, M. Covert channels in personal cloud storage services: The case of Dropbox. IEEE Trans. Industrial Informatics, 2016.

6. Cheddad, A., Condell, J., Curran, K. and Mc Kevitt, P. Digital image steganography: Survey and analysis of current methods. Signal Processing 90, 3 (Mar. 2010), 727–752.

7. Fisk, G., Fisk, M., Papadopoulos, C. and Neil, J.

Eliminating steganography in Internet traffic with active wardens. Information Hiding, LNCS 2578

(2002). Springer, 18–35.

8. Fridrich, J. Steganography in Digital Media: Principles, Algorithms, and Applications. Cambridge University Press, 2009.

9. Girling, C. G. Covert Channels in LANs. IEEE Trans.

Softw. Engin. 13, 2 (1987). IEEE, 292–296.

10. Gold, B.D., Linde, R.R., Peeler, R.J., Schaefer, M., Scheid, J.F. and Ward, P.D. A security retrofit of VM/370. In Proceedings of the AFIPS Conference

(1979). AFIPS Press, 335–344.

11. Hanspach, M. and Goetz, M. On covert acoustical mesh networks in air. J. Communications 8, 11 (2013).

12. Hasan, R., Saxena, N., Haleviz, T., Zawoad, S. and Rinehart, D. Sensing-enabled channels for hard-to-detect command and control of mobile devices. In

Proceedings of the Symp. Information, Computer and Communications Security. ACM, New York, N Y, 2013,

469–480.

13. Herr, T. and Armbrust, E. Milware: Identification and implications of state authored malicious software.

In Proceedings of the 2015 New Security Paradigms Workshop. ACM, New York, NY, 29–43

14. Hu, W.M. Reducing timing channels with fuzzy time.

J. Computer Security 1, 3/4 (1992), 233–254.

15. Johnson, N. F. and Katzenbeisser, S.C. A survey of steganographic techniques. Information Hiding.

Artech House, 2000.

16. Kemmerer. R.A. Shared resource matrix methodology: An approach to identifying storage and timing channels. ACM Trans. Computer Systems 1, 3 (Aug. 1983), 256–277.

17. Kessler, G. C. An overview of steganography for the computer forensics examiner. Forensic Science Communications 6, 3 (Jan. 2004), 1–2.

18. Lampson, B. W. A note on the confinement problem.

Commun. ACM 16, 10 (Oct. 1973), 613–615.

19. Lemay, A., Fernandez, J. M. and Knight, S. A Modbus command and control channel, In Proceedings of the Annual IEEE Systems Conference. IEEE, 2016.

20. Lucena, N. B., Lewandowski, G. and Chapin, S. J. Covert channels in IPv6. In Proceedings of Privacy Enhancing Technologies, LNCS 3856 (2005). Springer, 147–166.

21. Mazurczyk, W. and Caviglione, L. Steganography in modern smartphones and mitigation techniques. IEEE Commun. Surveys & Tutorials 17, 1 (2014), 334–357; DOI: 10.1109/COMS T.2014.2350994

22. Mazurczyk, W. and Caviglione, L. Information hiding as a challenge for malware detection. IEEE Security and Privacy, 2 (2015).

23. Mazurczyk, W., Wendzel, S., Zander, S., Houmansadr, A. and Szczypiorski, K. Information Hiding in Communication Networks. Wiley-IEEE Press, 2016.

24. Neuner, S., Voyiatzis, A. G., Schmiedecker, M., Brunthaler, S., Katzenbeisser, S. and Weippl, E. R. Time is on my side: Steganography in file system metadata.

Digital Investigation 18 (2016), S76–S86.

25. Pang, H., Tan, K. and Zhou X. Stegfs: A steganographic file system. In Proceedings of the International Conf. on Data Engineering, 2003, 657–667.

26. Petitcolas, F., Anderson, R. and Kuhn, M. Information hiding—A survey. IEEE 87, 7 (1999), 1062–1078.

27. Rezaei, F., Hempel, M., Peng, D., Qian, Y. and Sharif, H. Analysis and evaluation of covert channels over LTE advanced. In Proceedings of the Wireless Communications and Networking Conference. IEEE,

2013, 1903–1908.

28. Rowland, C.H. Covert channels in the TCP/IP protocol suite. First Monday 2, 5 (1997).

29. Schlegel, R., Zhang, K., Zhou, X., Intwala, X., Kapadia, A., Wang, X.: Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones, in: Network and Distributed System Security Symposium, 2011.

30. Thompson, I. and Monroe, M. FragFS: An advanced data hiding technique. BlackHat Federal, 2006; http:// www.blackhat.com/presentations/bh-federal-06/BH- Fed-06- Thompson/BH-Fed-06- Thompson-up.pdf

31. Tseby, T., Iglesias Vázquez, F., Bernhardt, V., Frkat, D. and Annessi, R. A network steganography lab on detecting TCP/IP covert channels. IEEE Trans. Education 59, 3 (2016), 224–232.

32. Wendzel, S., Kahler, B. and Rist, T. Covert channels and their prevention in building automation protocols—A prototype exemplified using BACnet. GreenCom/ CPSCom. IEEE, 2012, 731-736.

33. Wendzel, S. and Keller, J. Hidden and Under Control—A survey and outlook on covert channel-internal control protocols. Annals of Telecommunications 69, 7 (2014). Springer, 417–430.

34. Wendzel, S. and Mazurczyk, W., Poster: An educational network protocol for covert channel analysis using patterns. In Proceedings of the ACM Conference on Computer and Communications Security (Vienna, Austria, Oct. 24–28, 2016), 1739–1741.

35. Wendzel, S., Zander, S., Fechner, B. and Herdin, C. Pattern-based survey and categorization of network covert channel techniques. Computing Surveys 47, 3 (2015). ACM, 50.

36. Zander, S., Armitage, G. and Branch, P. A survey of covert channels and countermeasures on computer network protocols. IEEE Communications Surveys & Tutorials 9, 3 (2007). IEEE, 44–57.

37. Zander, S., Armitage, G. and Branch, P. Covert channels in multiplayer first person shooter online games. . In Proceedings of the 33rd IEEE Conference on Local Computer Networks (2008), 215–222.

38. Zielin´ska, E., Mazurczyk, W. and Szczypiorski, K. Trends in steganography. Comm. ACM 57, 3 (Mar. 2014). ACM, 86–95.

Wojciech Mazurczyk ( wmazurczyk@tele.pw.edu.pl) is an associate professor at Warsaw University of Technology, Warsaw, Poland.

Steffen Wendzel ( wendzel@hs-worms.de) is an associate professor at Worms University of Applied Sciences, Worms, and a researcher at Fraunhofer FKIE, Bonn, Germany.