BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Wojciech Mazurczyk

Wojciech Mazurczyk contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and SecurityMultimediaNetworking and Internet Architecturecs.CYDistributed, Parallel, and Cluster ComputingPerformance

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
32works
0followers
6topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

32 published item(s)

preprint2021arXiv

A Revised Taxonomy of Steganography Embedding Patterns

Steganography embraces several hiding techniques which spawn across multiple domains. However, the related terminology is not unified among the different domains, such as digital media steganography, text steganography, cyber-physical systems steganography, network steganography (network covert channels), local covert channels, and out-of-band covert channels. To cope with this, a prime attempt has been done in 2015, with the introduction of the so-called hiding patterns, which allow to describe hiding techniques in a more abstract manner. Despite significant enhancements, the main limitation of such a taxonomy is that it only considers the case of network steganography. Therefore, this paper reviews both the terminology and the taxonomy of hiding patterns as to make them more general. Specifically, hiding patterns are split into those that describe the embedding and the representation of hidden data within the cover object. As a first research action, we focus on embedding hiding patterns and we show how they can be applied to multiple domains of steganography instead of being limited to the network scenario. Additionally, we exemplify representation patterns using network steganography. Our pattern collection is available under https://patterns.ztt.hs-worms.de.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Adaptive Warden Strategy for Countering Network Covert Storage Channels

The detection and elimination of covert channels are performed by a network node, known as a warden. Especially if faced with adaptive covert communication parties, a regular warden equipped with a static set of normalization rules is ineffective compared to a dynamic warden. However, dynamic wardens rely on periodically changing rule sets and have their own limitations, since they do not consider traffic specifics. We propose a novel adaptive warden strategy, capable of selecting active normalization rules by taking into account the characteristics of the observed network traffic. Our goal is to disturb the covert channel and provoke the covert peers to expose themselves more by increasing the number of packets required to perform a successful covert data transfer. Our evaluation revealed that the adaptive warden has better efficiency and effectiveness when compared to the dynamic warden because of its adaptive selection of normalization rules.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Countering Adaptive Network Covert Communication with Dynamic Wardens

Network covert channels are hidden communication channels in computer networks. They influence several factors of the cybersecurity economy. For instance, by improving the stealthiness of botnet communications, they aid and preserve the value of darknet botnet sales. Covert channels can also be used to secretly exfiltrate confidential data out of organizations, potentially resulting in loss of market/research advantage. Considering the above, efforts are needed to develop effective countermeasures against such threats. Thus in this paper, based on the introduced novel warden taxonomy, we present and evaluate a new concept of a dynamic warden. Its main novelty lies in the modification of the warden's behavior over time, making it difficult for the adaptive covert communication parties to infer its strategy and perform a successful hidden data exchange. Obtained experimental results indicate the effectiveness of the proposed approach.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

Analysis of Human Awareness of Security and Privacy Threats in Smart Environments

Smart environments integrate Information and Communication Technologies (ICT) into devices, vehicles, buildings and cities to offer an increased quality of life, energy efficiency and economical sustainability. In this perspective, the individual has a core role and so has networking, which enables such entities to cooperate. However, the huge amount of sensitive data, social aspects and the mixed set of protocols offer many opportunities to inject hazards, exfiltrate information, mass profiling of citizens, or produce a new wave of attacks. This work reviews the major risks arising from the usage of ICT-techniques for smart environments, with emphasis on networking. Its main contribution is to explain the role of different stakeholders for causing a lack of security and to envision future threats by considering human aspects.

0 citations0 reviewsNo code linkedOpen access
preprint2015arXiv

Insights from Nature for Cybersecurity

The alarming rise in the quantity of malware in the last few years poses a serious challenge to the security community and requires urgent response. However, current countermeasures seem to be no longer effective. Thus, it is our belief that it is now time for researchers and security experts to turn to nature in the search for novel inspirations for defense systems. Nature has provided species with a whole range of offensive and defensive techniques, which have been developing and improving in the course of billions of years of evolution. The extremely diverse living conditions have promoted a large variation in the devised bio-security solutions. In this paper we introduce a novel PROTECTION framework in which common denominators of the encountered offensive and defensive means are proposed and presented. The bio-inspired solutions are discussed in the context of cybersecurity, where some principles have already been adopted. The deployment of the whole nature-based framework should aid the design and improvement process of modern cyber-defense systems.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

Hidden and Uncontrolled - On the Emergence of Network Steganographic Threats

Network steganography is the art of hiding secret information within innocent network transmissions. Recent findings indicate that novel malware is increasingly using network steganography. Similarly, other malicious activities can profit from network steganography, such as data leakage or the exchange of pedophile data. This paper provides an introduction to network steganography and highlights its potential application for harmful purposes. We discuss the issues related to countering network steganography in practice and provide an outlook on further research directions and problems.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

Improving Hard Disk Contention-based Covert Channel in Cloud Computing Environment

Steganographic methods allow the covert exchange of secret data between parties aware of the procedure. The cloud computing environment is a new and hot target for steganographers, and currently not many solutions have been proposed. This paper proposes CloudSteg which is a steganographic method that allows the creation of a covert channel based on hard disk contention between the two cloud instances that reside on the same physical machine. Experimental results conducted using open source cloud environment OpenStack, show that CloudSteg is able to achieve a bandwidth of about 0.1 bps which is 1000 times higher than is known from the state-of-the-art version.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

On Importance of Steganographic Cost For Network Steganography

Network steganography encompasses the information hiding techniques that can be applied in communication network environments and that utilize hidden data carriers for this purpose. In this paper we introduce a characteristic called steganographic cost which is an indicator for the degradation or distortion of the carrier caused by the application of the steganographic method. Based on exemplary cases for single- and multi-method steganographic cost analyses we observe that it can be an important characteristic that allows to express hidden data carrier degradation - similarly as MSE (Mean-Square Error) or PSNR (Peak Signal-to-Noise Ratio) are utilized for digital media steganography. Steganographic cost can moreover be helpful to analyse the relationships between two or more steganographic methods applied to the same hidden data carrier.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

Security - a perpetual war: lessons from nature

For ages people have sought inspiration in nature. Biomimicry has been the propelling power of such inventions, like Velcro tape or "cat's eyes" - retroreflective road marking. At the same time, scientists have been developing biologically inspired techniques: genetic algorithms, neural and sensor networks, etc. Although at a first glance there is no direct inspiration behind offensive and defensive techniques seen in the Internet and the patterns present in nature, closer inspection reveals many analogies between these two worlds. Botnets, DDoS (Distributed Denial of Service) attacks, IDS/IPSs (Intrusion Detection/Prevention Systems), and others, all employ strategies which very closely resemble actions undertaken by certain species of the kingdoms of living things. The main conclusion of the analysis is that security community should turn to nature in search of new offensive and defensive techniques for virtual world security.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

Steganography in Modern Smartphones and Mitigation Techniques

By offering sophisticated services and centralizing a huge volume of personal data, modern smartphones changed the way we socialize, entertain and work. To this aim, they rely upon complex hardware/software frameworks leading to a number of vulnerabilities, attacks and hazards to profile individuals or gather sensitive information. However, the majority of works evaluating the security degree of smartphones neglects steganography, which can be mainly used to: i) exfiltrate confidential data via camouflage methods, and ii) conceal valuable or personal information into innocent looking carriers. Therefore, this paper surveys the state of the art of steganographic techniques for smartphones, with emphasis on methods developed over the period 2005 to the second quarter of 2014. The different approaches are grouped according to the portion of the device used to hide information, leading to three different covert channels, i.e., local, object and network. Also, it reviews the relevant approaches used to detect and mitigate steganographic attacks or threats. Lastly, it showcases the most popular software applications to embed secret data into carriers, as well as possible future directions.

0 citations0 reviewsNo code linkedOpen access
preprint2013arXiv

Development Trends in Steganography

Steganography is a general term referring to all methods for the embedding of additional secret content into some form of carrier, with the aim of concealment of the introduced alterations. The choice of the carrier is nearly unlimited, it may be an ancient piece of parchment, as well as a network protocol header. Inspired by biological phenomena, adopted by man in the ancient times, it has been developed over the ages. Present day steganographic methods are far more sophisticated than their ancient predecessors, but the main principles have remained unchanged. They typically rely on the utilization of digital media files or network protocols as a carrier, in which secret data is embedded. This paper presents the evolution of the hidden data carrier from the ancient times till the present day and pinpoints the observed development trends, with special emphasis on network steganography.

0 citations0 reviewsNo code linkedOpen access
preprint2013arXiv

SkyDe: a Skype-based Steganographic Method

This paper introduces SkyDe (Skype Hide), a new steganographic method that utilizes Skype encrypted packets with silence to provide the means for clandestine communication. It is possible to reuse packets that do not carry voice signals for steganographic purposes because Skype does not use any silence suppression mechanism. The method's proof-of-concept implementation and first experimental results are presented. They prove that the method is feasible and offers steganographic bandwidth as high as 2.8 kbps.

0 citations0 reviewsNo code linkedOpen access
preprint2013arXiv

StegTorrent: a Steganographic Method for the P2P File Sharing Service

The paper proposes StegTorrent a new network steganographic method for the popular P2P file transfer service-BitTorrent. It is based on modifying the order of data packets in the peer-peer data exchange protocol. Unlike other existing steganographic methods that modify the packets' order it does not require any synchronization. Experimental results acquired from prototype implementation proved that it provides high steganographic bandwidth of up to 270 b/s while introducing little transmission distortion and providing difficult detectability.

0 citations0 reviewsNo code linkedOpen access
preprint2013arXiv

Understanding BitTorrent Through Real Measurements

In this paper the results of the BitTorrent measurement study are presented. Two sources of BitTorrent data were utilized: meta-data files that describe the content of resources shared by BitTorrent users and the logs of one of the currently most popular BitTorrent clients - μTorrent. μTorrent is founded upon a rather newly released UDP-based μTP protocol that is claimed to be more efficient than TCP-based clients. Experimental data have been collected for fifteen days from the popular torrent-discovery site thepiratebay.org (more than 30,000 torrents were captured and analyzed). During this period the activity and logs of an unmodified version of μTorrent client downloading sessions have been also captured. The obtained experimental results are swarm-oriented (not tracker-oriented as has been previously researched), which has allowed us to look at BitTorrent and its users from an exchanged resources perspective. Moreover, comparative analysis of the clients' connections with and without μTP protocol is carried out to verify to what extent μTP improves BitTorrent transmissions. To the authors' best knowledge, none of the previous studies have addressed these issues.

0 citations0 reviewsNo code linkedOpen access
preprint2013arXiv

VoIP Steganography and Its Detection - A Survey

Steganography is an ancient art that encompasses various techniques of information hiding, the aim of which is to secret information into a carrier message. Steganographic methods are usually aimed at hiding the very existence of the communication. Due to the rise in popularity of IP telephony, together with the large volume of data and variety of protocols involved, it is currently attracting the attention of the research community as a perfect carrier for steganographic purposes. This paper is a survey of the existing VoIP steganography (steganophony) methods and their countermeasures.

0 citations0 reviewsNo code linkedOpen access
preprint2012arXiv

Influence of Speech Codecs Selection on Transcoding Steganography

The typical approach to steganography is to compress the covert data in order to limit its size, which is reasonable in the context of a limited steganographic bandwidth. TranSteg (Trancoding Steganography) is a new IP telephony steganographic method that was recently proposed that offers high steganographic bandwidth while retaining good voice quality. In TranSteg, compression of the overt data is used to make space for the steganogram. In this paper we focus on analyzing the influence of the selection of speech codecs on hidden transmission performance, that is, which codecs would be the most advantageous ones for TranSteg. Therefore, by considering the codecs which are currently most popular for IP telephony we aim to find out which codecs should be chosen for transcoding to minimize the negative influence on voice quality while maximizing the obtained steganographic bandwidth.

0 citations0 reviewsNo code linkedOpen access
preprint2012arXiv

Multi-Level Steganography: Improving Hidden Communication in Networks

The paper presents Multi-Level Steganography (MLS), which defines a new concept for hidden communication in telecommunication networks. In MLS, at least two steganographic methods are utilised simultaneously, in such a way that one method (called the upper-level) serves as a carrier for the second one (called the lower-level). Such a relationship between two (or more) information hiding solutions has several potential benefits. The most important is that the lower-level method steganographic bandwidth can be utilised to make the steganogram unreadable even after the detection of the upper-level method: e.g., it can carry a cryptographic key that deciphers the steganogram carried by the upper-level one. It can also be used to provide the steganogram with integrity. Another important benefit is that the lower-layer method may be used as a signalling channel in which to exchange information that affects the way that the upper-level method functions, thus possibly making the steganographic communication harder to detect. The prototype of MLS for IP networks was also developed, and the experimental results are included in this paper.

0 citations0 reviewsNo code linkedOpen access
preprint2012arXiv

Steganalysis of Transcoding Steganography

TranSteg (Trancoding Steganography) is a fairly new IP telephony steganographic method that functions by compressing overt (voice) data to make space for the steganogram by means of transcoding. It offers high steganographic bandwidth, retains good voice quality and is generally harder to detect than other existing VoIP steganographic methods. In TranSteg, after the steganogram reaches the receiver, the hidden information is extracted and the speech data is practically restored to what was originally sent. This is a huge advantage compared with other existing VoIP steganographic methods, where the hidden data can be extracted and removed but the original data cannot be restored because it was previously erased due to a hidden data insertion process. In this paper we address the issue of steganalysis of TranSteg. Various TranSteg scenarios and possibilities of warden(s) localization are analyzed with regards to the TranSteg detection. A steganalysis method based on MFCC (Mel-Frequency Cepstral Coefficients) parameters and GMMs (Gaussian Mixture Models) was developed and tested for various overt/covert codec pairs in a single warden scenario with double transcoding. The proposed method allowed for efficient detection of some codec pairs (e.g., G.711/G.729), whilst some others remained more resistant to detection (e.g., iLBC/AMR).

0 citations0 reviewsNo code linkedOpen access
preprint2012arXiv

Towards Steganography Detection Through Network Traffic Visualisation

The paper presents initial step toward new network anomaly detection method that is based on traffic visualisation. The key design principle of the proposed approach is the lack of direct, linear time dependencies for the created network traffic visualisations. The method's feasibility is demonstrated in network steganography environment by presenting steg-tomography methodology and developing the dedicated visualisation tool. To authors' best knowledge this is the first utilization of network traffic visualisations for steganalysis purposes.

0 citations0 reviewsNo code linkedOpen access
preprint2011arXiv

Hiding Information in a Stream Control Transmission Protocol

The STCP (Stream Control Transmission Protocol) is a candidate for a new transport layer protocol that may replace the TCP (Transmission Control Protocol) and the UDP (User Datagram Protocol) protocols in future IP networks. Currently, the SCTP is implemented in, or can be added to, many popular operating systems (Windows, BSD, Linux, HPUX or Sun Solaris). This paper identifies and presents all possible "places" where hidden information can be exchanged using an SCTP. The paper focuses mostly on proposing new steganographic methods that can be applied to an SCTP and that can utilise new, characteristic SCTP features, such as multi-homing and multi-streaming. Moreover, for each method, the countermeasure is covered. When used with malicious intent, a method may pose a threat to network security. Knowledge about potential SCTP steganographic methods may be used as a supplement to RFC5062, which describes security attacks in an SCTP protocol. Presented in this paper is a complete analysis of information hiding in an SCTP, and this analysis can be treated as a "guide" when developing steganalysis (detection) tools.

0 citations0 reviewsNo code linkedOpen access
preprint2011arXiv

How Hidden Can Be Even More Hidden?

The paper presents Deep Hiding Techniques (DHTs) that define general techniques that can be applied to every network steganography method to improve its undetectability and make steganogram extraction harder to perform. We define five groups of techniques that can make steganogram less susceptible to detection and extraction. For each of the presented group, examples of the usage are provided based on existing network steganography methods. To authors' best knowledge presented approach is the first attempt in the state of the art to systematically describe general solutions that can make steganographic communication more hidden and steganogram extraction harder to perform.

0 citations0 reviewsNo code linkedOpen access
preprint2011arXiv

Is Cloud Computing Steganography-proof?

The paper focuses on characterisation of information hiding possibilities in Cloud Computing. After general introduction to cloud computing and its security we move to brief description of steganography. In particular we introduce classification of steganographic communication scenarios in cloud computing which is based on location of the steganograms receiver. These scenarios as well as the threats that steganographic methods can cause must be taken into account when designing secure cloud computing services.

0 citations0 reviewsNo code linkedOpen access
preprint2011arXiv

Lost Audio Packets Steganography: The First Practical Evaluation

This paper presents first experimental results for an IP telephony-based steganographic method called LACK (Lost Audio PaCKets steganography). This method utilizes the fact that in typical multimedia communication protocols like RTP (Real-Time Transport Protocol), excessively delayed packets are not used for the reconstruction of transmitted data at the receiver, i.e. these packets are considered useless and discarded. The results presented in this paper were obtained basing on a functional LACK prototype and show the method's impact on the quality of voice transmission. Achievable steganographic bandwidth for the different IP telephony codecs is also calculated.

0 citations0 reviewsNo code linkedOpen access
preprint2011arXiv

On Steganography in Lost Audio Packets

The paper presents a new hidden data insertion procedure based on estimated probability of the remaining time of the call for steganographic method called LACK (Lost Audio PaCKets steganography). LACK provides hidden communication for real-time services like Voice over IP. The analytical results presented in this paper concern the influence of LACK's hidden data insertion procedures on the method's impact on quality of voice transmission and its resistance to steganalysis. The proposed hidden data insertion procedure is also compared to previous steganogram insertion approach based on estimated remaining average call duration.

0 citations0 reviewsNo code linkedOpen access
preprint2011arXiv

PadSteg: Introducing Inter-Protocol Steganography

Hiding information in network traffic may lead to leakage of confidential information. In this paper we introduce a new steganographic system: the PadSteg (Padding Steganography). To authors' best knowledge it is the first information hiding solution which represents inter-protocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communication. PadSteg utilizes ARP and TCP protocols together with an Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret communication for hidden groups in LANs (Local Area Networks). Basing on real network traces we confirm that PadSteg is feasible in today's networks and we estimate what steganographic bandwidth is achievable while limiting the chance of disclosure. We also point at possible countermeasures against PadSteg.

0 citations0 reviewsNo code linkedOpen access
preprint2011arXiv

Sending Hidden Data via Google Suggest

Google Suggest is a service incorporated within Google Web Search which was created to help user find the right search phrase by proposing the autocompleting popular phrases while typing. The paper presents a new network steganography method called StegSuggest which utilizes suggestions generated by Google Suggest as a hidden data carrier. The detailed description of the method's idea is backed up with the analysis of the network traffic generated by the Google Suggest to prove its feasibility. The traffic analysis was also performed to discover the occurrence of two TCP options: Window Scale and Timestamp which StegSuggest uses to operate. Estimation of method steganographic bandwidth proves that it is possible to insert 100 bits of steganogram into every suggestions list sent by Google Suggest service.

0 citations0 reviewsNo code linkedOpen access
preprint2011arXiv

Using Transcoding for Hidden Communication in IP Telephony

The paper presents a new steganographic method for IP telephony called TranSteg (Transcoding Steganography). Typically, in steganographic communication it is advised for covert data to be compressed in order to limit its size. In TranSteg it is the overt data that is compressed to make space for the steganogram. The main innovation of TranSteg is to, for a chosen voice stream, find a codec that will result in a similar voice quality but smaller voice payload size than the originally selected. Then, the voice stream is transcoded. At this step the original voice payload size is intentionally unaltered and the change of the codec is not indicated. Instead, after placing the transcoded voice payload, the remaining free space is filled with hidden data. TranSteg proof of concept implementation was designed and developed. The obtained experimental results are enclosed in this paper. They prove that the proposed method is feasible and offers a high steganographic bandwidth. TranSteg detection is difficult to perform when performing inspection in a single network localisation.

0 citations0 reviewsNo code linkedOpen access
preprint2010arXiv

Information Hiding Using Improper Frame Padding

Hiding information in network traffic may lead to leakage of confidential information. In this paper we introduce a new steganographic system: the PadSteg (Padding Steganography). To authors' best knowledge it is the first information hiding solution which represents interprotocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communication. PadSteg utilizes ARP and TCP protocols together with an Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret communication for hidden groups in LANs (Local Area Networks). Basing on real network traces we confirm that PadSteg is feasible in today's networks and we estimate what steganographic bandwidth is achievable while limiting the chance of disclosure. We also point at possible countermeasures against PadSteg.

0 citations0 reviewsNo code linkedOpen access
preprint2010arXiv

Retransmission Steganography Applied

This paper presents experimental results of the implementation of network steganography method called RSTEG (Retransmission Steganography). The main idea of RSTEG is to not acknowledge a successfully received packet to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG can be applied to many network protocols that utilize retransmissions. We present experimental results for RSTEG applied to TCP (Transmission Control Protocol) as TCP is the most popular network protocol which ensures reliable data transfer. The main aim of the performed experiments was to estimate RSTEG steganographic bandwidth and detectability by observing its influence on the network retransmission level.

0 citations0 reviewsNo code linkedOpen access
preprint2010arXiv

What are suspicious VoIP delays?

Voice over IP (VoIP) is unquestionably the most popular real-time service in IP networks today. Recent studies have shown that it is also a suitable carrier for information hiding. Hidden communication may pose security concerns as it can lead to confidential information leakage. In VoIP, RTP (Real-time Transport Protocol) in particular, which provides the means for the successful transport of voice packets through IP networks, is suitable for steganographic purposes. It is characterised by a high packet rate compared to other protocols used in IP telephony, resulting in a potentially high steganographic bandwidth. The modification of an RTP packet stream provides many opportunities for hidden communication as the packets may be delayed, reordered or intentionally lost. In this paper, to enable the detection of steganographic exchanges in VoIP, we examined real RTP traffic traces to answer the questions, what do the "normal" delays in RTP packet streams look like? and, is it possible to detect the use of known RTP steganographic methods based on this knowledge?

0 citations0 reviewsNo code linkedOpen access