Krzysztof Szczypiorski

Bartosz Lipinski, Wojciech Mazurczyk, Krzysztof Szczypiorski

Steganographic methods allow the covert exchange of secret data between parties aware of the procedure. The cloud computing environment is a new and hot target for steganographers, and currently not many solutions have been proposed. This paper proposes CloudSteg which is a steganographic method that allows the creation of a covert channel based on hard disk contention between the two cloud instances that reside on the same physical machine. Experimental results conducted using open source cloud environment OpenStack, show that CloudSteg is able to achieve a bandwidth of about 0.1 bps which is 1000 times higher than is known from the state-of-the-art version.

Mihaela Todorova, Borislav Stoyanov, Krzysztof Szczypiorski et al.

In this paper, we propose a novel hash function based on irregularly decimated chaotic map. The hash function called SHAH is based on two Tinkerbell maps filtered with irregular decimation rule. Exact study has been provided on the novel scheme using distribution analysis, sensitivity analysis, static analysis of diffusion and confusion, and collision analysis. The experimental data show that SHAH satisfied admirable level of security.

Jedrzej Bieniasz, Krzysztof Szczypiorski

The concept named SocialStegDisc was introduced as an application of the original idea of StegHash method. This new kind of mass-storage was characterized by unlimited space. The design also attempted to improve the operation of StegHash by trade-off between memory requirements and computation time. Applying the mechanism of linked list provided the set of operations on files: creation, reading, deletion and modification. Features, limitations and opportunities were discussed.

Krzysztof Szczypiorski, Wojciech Zydecki

This paper introduces the implementation of steganography method called StegIbiza, which uses tempo modulation as hidden message carrier. With the use of Python scripting language, a bit string was encoded and decoded using WAV and MP3 files. Once the message was hidden into a music files, an internet radio was created to evaluate broadcast possibilities. No dedicated music or signal processing equipment was used in this StegIbiza implementation

Borislav Stoyanov, Krzysztof Szczypiorski, Krasimir Kordov

We propose a novel pseudorandom number generator based on Rössler attractor and bent Boolean function. We estimated the output bits properties by number of statistical tests. The results of the cryptanalysis show that the new pseudorandom number generation scheme provides a high level of data security.

Krzysztof Szczypiorski

In this paper a new method for information hiding in open social networks is introduced. The method, called StegHash, is based on the use of hashtags in various open social networks to connect multimedia files (like images, movies, songs) with embedded hidden messages. The evaluation of the system was performed on two social media services (Twitter and Instagram) with a simple environment as a proof of concept. The experiments proved that the initial idea was correct, thus the proposed system could create a completely new area of threats in social networks.

Krzysztof Szczypiorski, Tomasz Tyl

This article presents a new method for detecting a source point of time based network steganography - MoveSteg. A steganography carrier could be an example of multimedia stream made with packets. These packets are then delayed intentionally to send hidden information using time based steganography methods. The presented analysis describes a method that allows finding the source of steganography stream in network that is under our management.

Wojciech Mazurczyk, Maciej Karas, Krzysztof Szczypiorski et al.

In this paper a new information hiding method for Skype videoconference calls - YouSkyde - is introduced. A Skype traffic analysis revealed that introducing intentional losses into the Skype video traffic stream to provide the means for clandestine communication is the most favourable solution. A YouSkyde proof-of-concept implementation was carried out and its experimental evaluation is presented. The results obtained prove that the proposed method is feasible and offer a steganographic bandwidth as high as 0.93 kbps, while introducing negligible distortions into transmission quality and providing high undetectability.

Krzysztof Szczypiorski

In this paper a new method for information hiding in club music is introduced. The method called StegIbiza is based on using the music tempo as a carrier. The tempo is modulated by hidden messages with a 3-value coding scheme, which is an adoption of Morse code for StegIbiza. The evaluation of the system was performed for several music samples (with and without StegIbiza enabled) on a selected group of testers who had a music background. Finally, for the worst case scenario, none of them could identify any differences in the audio with a 1% margin of changed tempo.

Krzysztof Szczypiorski, Artur Janicki, Steffen Wendzel

In this paper we propose a new method for the evaluation of network steganography algorithms based on the new concept of "the moving observer". We considered three levels of undetectability named: "good", "bad", and "ugly". To illustrate this method we chose Wi-Fi steganography as a solid family of information hiding protocols. We present the state of the art in this area covering well-known hiding techniques for 802.11 networks. "The moving observer" approach could help not only in the evaluation of steganographic algorithms, but also might be a starting point for a new detection system of network steganography. The concept of a new detection system, called MoveSteg, is explained in detail.

Wojciech Fraczek, Krzysztof Szczypiorski

The paper presents StegBlocks, which defines a new concept for performing undetectable hidden communication. StegBlocks is a general approach for constructing methods of network steganography. In StegBlocks, one has to determine objects with defined properties which will be used to transfer hidden messages. The objects are dependent on a specific network protocol (or application) used as a carrier for a given network steganography method. Moreover, the paper presents the approach to perfect undetectability of network steganography, which was developed based on the rules of undetectability for general steganography. The approach to undetectability of network steganography was used to show the possibility of developing perfectly undetectable network steganography methods using the StegBlocks concept.

Jason Hiney, Tejas Dakve, Krzysztof Szczypiorski et al.

Because Facebook is available on hundreds of millions of desktop and mobile computing platforms around the world and because it is available on many different kinds of platforms (from desktops and laptops running Windows, Unix, or OS X to hand held devices running iOS, Android, or Windows Phone), it would seem to be the perfect place to conduct steganography. On Facebook, information hidden in image files will be further obscured within the millions of pictures and other images posted and transmitted daily. Facebook is known to alter and compress uploaded images so they use minimum space and bandwidth when displayed on Facebook pages. The compression process generally disrupts attempts to use Facebook for image steganography. This paper explores a method to minimize the disruption so JPEG images can be used as steganography carriers on Facebook.

Wojciech Mazurczyk, Steffen Wendzel, Ignacio Azagra Villares et al.

Network steganography encompasses the information hiding techniques that can be applied in communication network environments and that utilize hidden data carriers for this purpose. In this paper we introduce a characteristic called steganographic cost which is an indicator for the degradation or distortion of the carrier caused by the application of the steganographic method. Based on exemplary cases for single- and multi-method steganographic cost analyses we observe that it can be an important characteristic that allows to express hidden data carrier degradation - similarly as MSE (Mean-Square Error) or PSNR (Peak Signal-to-Noise Ratio) are utilized for digital media steganography. Steganographic cost can moreover be helpful to analyse the relationships between two or more steganographic methods applied to the same hidden data carrier.

Pawel Kopiczko, Wojciech Mazurczyk, Krzysztof Szczypiorski

The paper proposes StegTorrent a new network steganographic method for the popular P2P file transfer service-BitTorrent. It is based on modifying the order of data packets in the peer-peer data exchange protocol. Unlike other existing steganographic methods that modify the packets' order it does not require any synchronization. Experimental results acquired from prototype implementation proved that it provides high steganographic bandwidth of up to 270 b/s while introducing little transmission distortion and providing difficult detectability.

Wojciech Mazurczyk, Maciej Karas, Krzysztof Szczypiorski

This paper introduces SkyDe (Skype Hide), a new steganographic method that utilizes Skype encrypted packets with silence to provide the means for clandestine communication. It is possible to reuse packets that do not carry voice signals for steganographic purposes because Skype does not use any silence suppression mechanism. The method's proof-of-concept implementation and first experimental results are presented. They prove that the method is feasible and offers steganographic bandwidth as high as 2.8 kbps.

Artur Janicki, Wojciech Mazurczyk, Krzysztof Szczypiorski

TranSteg (Trancoding Steganography) is a fairly new IP telephony steganographic method that functions by compressing overt (voice) data to make space for the steganogram by means of transcoding. It offers high steganographic bandwidth, retains good voice quality and is generally harder to detect than other existing VoIP steganographic methods. In TranSteg, after the steganogram reaches the receiver, the hidden information is extracted and the speech data is practically restored to what was originally sent. This is a huge advantage compared with other existing VoIP steganographic methods, where the hidden data can be extracted and removed but the original data cannot be restored because it was previously erased due to a hidden data insertion process. In this paper we address the issue of steganalysis of TranSteg. Various TranSteg scenarios and possibilities of warden(s) localization are analyzed with regards to the TranSteg detection. A steganalysis method based on MFCC (Mel-Frequency Cepstral Coefficients) parameters and GMMs (Gaussian Mixture Models) was developed and tested for various overt/covert codec pairs in a single warden scenario with double transcoding. The proposed method allowed for efficient detection of some codec pairs (e.g., G.711/G.729), whilst some others remained more resistant to detection (e.g., iLBC/AMR).

Wojciech Mazurczyk, Krzysztof Szczypiorski, Bartosz Jankowski

The paper presents initial step toward new network anomaly detection method that is based on traffic visualisation. The key design principle of the proposed approach is the lack of direct, linear time dependencies for the created network traffic visualisations. The method's feasibility is demonstrated in network steganography environment by presenting steg-tomography methodology and developing the dedicated visualisation tool. To authors' best knowledge this is the first utilization of network traffic visualisations for steganalysis purposes.

Jozef Lubacz, Wojciech Mazurczyk, Krzysztof Szczypiorski

The paper presents basic principles of network steganography, which is a comparatively new research subject in the area of information hiding, followed by a concise overview and classification of network steganographic methods and techniques.

Elzbieta Zielinska, Wojciech Mazurczyk, Krzysztof Szczypiorski

Steganography is a general term referring to all methods for the embedding of additional secret content into some form of carrier, with the aim of concealment of the introduced alterations. The choice of the carrier is nearly unlimited, it may be an ancient piece of parchment, as well as a network protocol header. Inspired by biological phenomena, adopted by man in the ancient times, it has been developed over the ages. Present day steganographic methods are far more sophisticated than their ancient predecessors, but the main principles have remained unchanged. They typically rely on the utilization of digital media files or network protocols as a carrier, in which secret data is embedded. This paper presents the evolution of the hidden data carrier from the ancient times till the present day and pinpoints the observed development trends, with special emphasis on network steganography.

Artur Janicki, Wojciech Mazurczyk, Krzysztof Szczypiorski

The typical approach to steganography is to compress the covert data in order to limit its size, which is reasonable in the context of a limited steganographic bandwidth. TranSteg (Trancoding Steganography) is a new IP telephony steganographic method that was recently proposed that offers high steganographic bandwidth while retaining good voice quality. In TranSteg, compression of the overt data is used to make space for the steganogram. In this paper we focus on analyzing the influence of the selection of speech codecs on hidden transmission performance, that is, which codecs would be the most advantageous ones for TranSteg. Therefore, by considering the codecs which are currently most popular for IP telephony we aim to find out which codecs should be chosen for transcoding to minimize the negative influence on voice quality while maximizing the obtained steganographic bandwidth.