research-article

Open access

A Revised Taxonomy of Steganography Embedding Patterns

Authors:

Steffen Wendzel,

Luca Caviglione,

Wojciech Mazurczyk,

Aleksandra Mileva,

Christian Krätzer,

Kevin Lamshöft,

Claus Vielhauer,

Laura Hartmann,

Tom NeubertAuthors Info & Claims

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Article No.: 67, Pages 1 - 12

https://doi.org/10.1145/3465481.3470069

Published: 17 August 2021 Publication History

All formats PDF

Abstract

Steganography embraces several hiding techniques which spawn across multiple domains. However, the related terminology is not unified among the different domains, such as digital media steganography, text steganography, cyber-physical systems steganography, network steganography (network covert channels), local covert channels, and out-of-band covert channels. To cope with this, a prime attempt has been done in 2015, with the introduction of the so-called hiding patterns, which allow to describe hiding techniques in a more abstract manner. Despite significant enhancements, the main limitation of such a taxonomy is that it only considers the case of network steganography.

Therefore, this paper reviews both the terminology and the taxonomy of hiding patterns as to make them more general. Specifically, hiding patterns are split into those that describe the embedding and the representation of hidden data within the cover object.

As a first research action, we focus on embedding hiding patterns and we show how they can be applied to multiple domains of steganography instead of being limited to the network scenario. Additionally, we exemplify representation patterns using network steganography. Our pattern collection is available under https://patterns.ztt.hs-worms.de.

References

[1]

Milad Taleby Ahvanooey, Qianmu Li, Jun Hou, Ahmed Raza Rajput, and Yini Chen. 2019. Modern Text Hiding, Text Steganalysis, and Applications: A Comparative Analysis. Entropy 21, 4 (2019), 355.

[2]

Walter Bender, Daniel Gruhl, Norishige Morimoto, and Anthony Lu. 1996. Techniques for data hiding. IBM Systems Journal 35 (Nos3&4) (1996), 313––336.

[3]

Mehdi Bezahaf, David Hutchison, Daniel King, and Nicholas Race. 2020. Internet Evolution: Critical Issues. IEEE Internet Computing 24, 4 (2020), 5–14.

[4]

Luca Caviglione. 2021. Trends and Challenges in Network Covert Channels Countermeasures. Applied Sciences 11, 4 (2021), 1641.

[5]

Gabriele Costa, Fabio Pinelli, Simone Soderi, and Gabriele Tolomei. 2021. Covert Channel Attack to Federated Learning Systems. arxiv:2104.10561 [cs.CR]

[6]

Alex Dyatlov and Simon Castro. 2003. Exploitation of Data Streams Authorized by a Network Access Control System for Arbitrary Data Transfers: Tunneling and Covert Channels over the HTTP Protocol. Gray-world.

[7]

Knut Eckstein and Marko Jahnke. 2005. Data hiding in journaling file systems. In Proceedings of 5th Digital Forensic Research Workshop.

[8]

Sally Fincher. 2004. PLML: Pattern Language Markup Language / Perspectives on HCI Patterns: Concepts and Tools. CHI 2003 summary document, https://www.cs.kent.ac.uk/people/staff/saf/patterns/plml.html.

[9]

Jessica Fridrich. 2009. Steganography in Digital Media: Principles, Algorithms, and Applications. Cambridge University Press. https://doi.org/10.1017/CBO978113919290

[10]

Thomas Graf. 2003. Messaging over IPv6 Destination Options. Swiss Unix User Group.

[11]

S. Gupta and D. Gupta. 2011. Text-Steganography: Review Study & Comparative Analysis. International Journal of Computer Science and Information Technologies (IJCSIT) 2, 5(2011), 2060–2062.

[12]

Theodore G. Handel and Maxwell T. Sandford II.1996. Hiding data in the OSI network model. In Proceedings of the 1st International Workshop on Information Hiding. 23–38.

[13]

Mario Hildebrandt, Robert Altschaffel, Kevin Lamshöft, Mathias Lange, Martin Szemkus, Tom Neubert, Claus Vielhauer, Yongdian Ding, and Jana Dittmann. 2020. Threat Analysis of Steganographic and Covert Communication in Nuclear I&C Systems. In International Conference on Nuclear Security: Sustaining and Strengthening Efforts.

[14]

Hassan Khan, Mobin Javed, Syed Ali Khayam, and Fauzan Mirza. 2011. Designing a cluster-based covert channel to evade disk investigation and forensics. Computers & Security 30 (1) (2011), 35–49.

[15]

Prashanth Krishnamurthy, Farshad Khorrami, Ramesh Karri, David Paul-Pena, and Hossein Salehghaffari. 2018. Process-Aware Covert Channels Using Physical Instrumentation in Cyber-Physical Systems. IEEE Transactions on Information Forensics and Security 13 (11) (2018), 2761–2771.

[16]

Liping Ji, Yu Fan, and Chuan Ma. 2010. Covert channel for local area network. In 2010 IEEE International Conference on Wireless Communications, Networking and Information Security. 316–319. https://doi.org/10.1109/WCINS.2010.5541791

[17]

Norka B Lucena, Grzegorz Lewandowski, and Steve J Chapin. 2005. Covert channels in IPv6. In International Workshop on Privacy Enhancing Technologies. Springer, 147–166.

[18]

Wojciech Mazurczyk and Luca Caviglione. 2014. Steganography in modern smartphones and mitigation techniques. IEEE Communications Surveys & Tutorials 17, 1 (2014), 334–357.

Digital Library

[19]

W. Mazurczyk and J. Lubacz. 2010. LACK – a VoIP steganographic method. Telecommun Syst 45(2010), 153–163. https://doi.org/10.1007/s11235-009-9245-y

Digital Library

[20]

Wojciech Mazurczyk, Paweł Szaga, and Krzysztof Szczypiorski. 2014. Using Transcoding for Hidden Communication in IP Telephony. Multimedia Tools Appl. 70, 3 (2014), 2139–2165.

Digital Library

[21]

Wojciech Mazurczyk and Steffen Wendzel. 2017. Information Hiding: Challenges for Forensic Experts. Commun. ACM 61, 1 (Dec. 2017), 86–94. https://doi.org/10.1145/3158416

Digital Library

[22]

Wojciech Mazurczyk, Steffen Wendzel, and Krzysztof Cabaj. 2018. Towards Deriving Insights into Data Hiding Methods Using Pattern-based Approach. In Proc. Second International Workshop on Criminal Use of Information Hiding (CUING 2018). ACM, 10:1–10:10.

Digital Library

[23]

Wojciech Mazurczyk, Steffen Wendzel, Mehdi Chourib, and Jörg Keller. 2019. Countering Adaptive Network Covert Communication with Dynamic Wardens. Future Generation Computer Systems (FGCS) 94 (2019), 712–725.

Digital Library

[24]

Wojciech Mazurczyk, Steffen Wendzel, Sebastian Zander, Amir Houmansadr, and Krzysztof Szczypiorski. 2016. Information Hiding in Communication Networks: Fundamentals, Mechanisms, and Applications. Wiley.

Digital Library

[25]

Gary McGraw, Richie Bonett, Victor Shepardson, and Harold Figueroa. 2020. The Top 10 Risks of Machine Learning Security. IEEE Computer 53, 6 (2020), 57–61.

[26]

Aleksandra Mileva, Aleksandar Velinov, Laura Hartmann, Steffen Wendzel, and Wojciech Mazurczyk. 2021. Comprehensive Analysis of MQTT 5.0 Susceptibility to Network Covert Channels. Computers & Security (COSE) 104, 102207 (2021). https://doi.org/10.1016/j.cose.2021.102207

Digital Library

[27]

Fabien A. P. Petitcolas, Ross J. Anderson, and Markus G. Kuhn. 1999. Information hiding-a survey. Proc. IEEE 87, 7 (1999), 1062–1078.

[28]

Birgit Pfitzmann. 1996. Information hiding terminology. In Information Hiding, Ross Anderson (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 347–350.

[29]

Tobias Schmidbauer, Steffen Wendzel, Aleksandra Mileva, and Wojciech Mazurczyk. 2019. Introducing Dead Drops to Network Steganography Using ARP-Caches and SNMP-Walks. In Proceedings of the 14th International Conference on Availability, Reliability and Security(Canterbury, CA, United Kingdom) (ARES ’19). Association for Computing Machinery, New York, NY, USA, Article 64, 10 pages. https://doi.org/10.1145/3339252.3341488

Digital Library

[30]

Jonathan Spring. 2020. Adversarial ML Threat Matrix: Adversarial Tactics, Techniques, and Common Knowledge of Machine Learning, Carnegie Mellon University, Software Engineering Institute (SEI). https://insights.sei.cmu.edu/blog/adversarial-ml-threat-matrix-adversarial-tactics-techniques-and-common-knowledge-of-machine-learning/

[31]

Martin Steinebach, Andre Ester, and Huajian Liu. 2018. Channel steganalysis. In Proceedings of the 13th International Conference on Availability, Reliability and Security. 1–8.

Digital Library

[32]

Thomas Ulz, Markus Feldbacher, Thomas Pieber, and Christian Steger. 2019. Sensing danger: exploiting sensors to build covert channels. In Proceedings of the 5th International Conference on Information Systems Security and Privacy (ICISSP 2019), Prague, Czech Republic. 100–113.

[33]

Steffen Wendzel and Jörg Keller. 2012. Systematic Engineering of Control Protocols for Covert Channels. In Communications and Multimedia Security, Bart De Decker and David W. Chadwick (Eds.). Springer, Berlin, Heidelberg, 131–144.

[34]

Steffen Wendzel, Wojciech Mazurczyk, and Georg Haas. 2017. Don’t You Touch My Nuts: Information Hiding in Cyber Physical Systems. In 2017 IEEE Security and Privacy Workshops (SPW). IEEE, 29–34. https://doi.org/10.1109/SPW.2017.40

[35]

Steffen Wendzel, Wojciech Mazurczyk, and Sebastian Zander. 2016. A Unified Description Method for Network Information Hiding Methods. Journal of Universal Computer Science (J.UCS) 22, 11 (2016), 1456–1486. https://doi.org/10.3217/jucs-022-11-1456 http://dx.doi.org/10.3217/jucs-022-11-1456.

[36]

Steffen Wendzel and Carolin Palmer. 2015. Creativity in Mind: Evaluating and Maintaining Advances in Network Steganographic Research.Journal of Universal Computer Science (J.UCS) 21, 12 (2015), 1684–1705. https://doi.org/10.3217/jucs-021-12-1684 https://dx.doi.org/10.3217/jucs-021-12-1684.

[37]

Steffen Wendzel, Sebastian Zander, Bernhard Fechner, and Christian Herdin. 2015. Pattern-Based Survey and Categorization of Network Covert Channel Techniques. Computing Surveys (CSUR) 47, 3 (2015).

[38]

Sebastian Zander, Grenville Armitage, and Philip Branch. 2007. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys & Tutorials 9, 3 (2007), 44–57.

Digital Library

[39]

Sebastian Zander, Grenville Armitage, and Philip Branch. 2008. Covert channels in multiplayer first person shooter online games. In 2008 33rd IEEE Conference on Local Computer Networks (LCN). IEEE, 215–222.

Cited By

Strachanski FPetrov DSchmidbauer TWendzel S(2024)A Comprehensive Pattern-based Overview of StegomalwareProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670886(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670886
Hölk KMazurczyk WZuppelli MCaviglione L(2024)Investigating HTTP Covert Channels Through Fuzz TestingProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3664493(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3664493
Knöchel MKarius SPérez-González FComesaña-Alfaro PKrätzer CVicky Zhao H(2024)Text Steganography Methods and their Influence in Malware: A Comprehensive Overview and EvaluationProceedings of the 2024 ACM Workshop on Information Hiding and Multimedia Security10.1145/3658664.3659637(113-124)Online publication date: 24-Jun-2024
https://dl.acm.org/doi/10.1145/3658664.3659637
Show More Cited By

Recommendations

Towards Deriving Insights into Data Hiding Methods Using Pattern-based Approach
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

In network information hiding, hiding patterns are used to describe hiding methods and their taxonomy. In this paper, we analyze the current state of hiding patterns and we further improve their taxonomy. In order to more thoroughly characterize and ...
High-performance JPEG steganography using quantization index modulation in DCT domain

This paper presents two JPEG steganographic methods using quantization index modulation (QIM) in the discrete cosine transform (DCT) domain. The two methods approximately preserve the histogram of quantized DCT coefficients, aiming at secure JPEG ...
Novel Multi-bit and Multi-image Steganography Using Adaptive Embedding Algorithms with Minimum Error
IMIS '11: Proceedings of the 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing

This paper presents a novel multi-bit and multi-image steganography system using adaptive embedding algorithms with minimum error. These embedding algorithms can embed multi-bit (k-bit, k>=1) secret data into cover data only introduce minimum embedding ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

August 2021

1447 pages

ISBN:9781450390514

DOI:10.1145/3465481

Copyright © 2021 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2021

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

EU H2020
EU EFRE/RLP MWWK
BMWi

Conference

ARES 2021

ARES 2021: The 16th International Conference on Availability, Reliability and Security

August 17 - 20, 2021

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
1,115
Total Downloads

Downloads (Last 12 months)432
Downloads (Last 6 weeks)41

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Strachanski FPetrov DSchmidbauer TWendzel S(2024)A Comprehensive Pattern-based Overview of StegomalwareProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670886(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670886
Hölk KMazurczyk WZuppelli MCaviglione L(2024)Investigating HTTP Covert Channels Through Fuzz TestingProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3664493(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3664493
Knöchel MKarius SPérez-González FComesaña-Alfaro PKrätzer CVicky Zhao H(2024)Text Steganography Methods and their Influence in Malware: A Comprehensive Overview and EvaluationProceedings of the 2024 ACM Workshop on Information Hiding and Multimedia Security10.1145/3658664.3659637(113-124)Online publication date: 24-Jun-2024
https://dl.acm.org/doi/10.1145/3658664.3659637
Gangwar ALakhina UVashisth R(2024)MultiPhased Technique for Enhancing Security in Data Center Environment2024 International Conference on Computational Intelligence and Computing Applications (ICCICA)10.1109/ICCICA60014.2024.10585004(109-116)Online publication date: 23-May-2024
https://doi.org/10.1109/ICCICA60014.2024.10585004
Ren HPan WYang SZheng W(2024)Whispering Packets: Hiding Messages in VoIP Traffic2024 5th International Conference on Computer Engineering and Application (ICCEA)10.1109/ICCEA62105.2024.10603460(145-150)Online publication date: 12-Apr-2024
https://doi.org/10.1109/ICCEA62105.2024.10603460
Schneider MSpiekermann DKeller J(2023)Network Covert Channels in Routing ProtocolsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605021(1-8)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605021
Heßeling CKeller JLitzinger S(2023)Reversible Network Covert Channel by Payload Modulation in Streams of Decimal Sensor Values2023 IEEE 19th International Conference on e-Science (e-Science)10.1109/e-Science58273.2023.10254946(1-8)Online publication date: 9-Oct-2023
https://doi.org/10.1109/e-Science58273.2023.10254946
Bistarelli SImparato ASantini F(2023)A TCP-based Covert Channel with Integrity Check and Retransmission2023 20th Annual International Conference on Privacy, Security and Trust (PST)10.1109/PST58708.2023.10320204(1-7)Online publication date: 21-Aug-2023
https://doi.org/10.1109/PST58708.2023.10320204
Cassavia NCaviglione LGuarascio MLiguori AZuppelli M(2023)Learning autoencoder ensembles for detecting malware hidden communications in IoT ecosystemsJournal of Intelligent Information Systems10.1007/s10844-023-00819-8Online publication date: 3-Nov-2023
https://doi.org/10.1007/s10844-023-00819-8
Keller JLangsdorf S(2023)Error Codes in and for Network SteganographyArchitecture of Computing Systems10.1007/978-3-031-42785-5_6(81-93)Online publication date: 13-Jun-2023
https://dl.acm.org/doi/10.1007/978-3-031-42785-5_6
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents