A framework for avoiding steganography usage over HTTP

被引:14
作者
Blasco, Jorge [1 ]
Cesar Hernandez-Castro, Julio [2 ]
Maria de Fuentes, Jose [1 ]
Ramos, Benjamin [1 ]
机构
[1] Univ Carlos III Madrid, Dept Comp Sci, Leganes 28911, Spain
[2] Univ Portsmouth, Sch Comp, Portsmouth PO1 3HE, Hants, England
关键词
Steganography; Covert channels; HTTP; Active warden; Sanitization; STEGANALYSIS; CHANNELS;
D O I
10.1016/j.jnca.2011.10.003
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Steganographic techniques allow users to covertly transmit information, hiding the existence of the communication itself. These can be used in several scenarios ranging from evading censorship to discreetly extracting sensitive information from an organization. In this paper, we consider the problem of using steganography through a widely used network protocol (i.e. HTTP). We analyze the steganographic possibilities of HTTP, and propose an active warden model to hinder the usage of covert communication channels. Our framework is meant to be useful in many scenarios. It could be employed to ensure that malicious insiders are not able to use steganography to leak information outside an organization. Furthermore, our model could be used by web servers administrators to ensure that their services are not being abused, for example, as anonymous steganographic mailboxes. Our experiments show that steganographic contents can be successfully eliminated, but that dealing with high payload carriers such as large images may introduce notable delays in the communication process. (C) 2011 Elsevier Ltd. All rights reserved.
引用
收藏
页码:491 / 501
页数:11
相关论文
共 41 条
[1]  
[Anonymous], P 2006 IFIP INT C WI
[2]  
[Anonymous], P WORKSH MULT SEC AC
[3]  
[Anonymous], P 7 AUSTR INF WARF S
[4]  
[Anonymous], 1997, LECT NOTES COMPUTER
[5]  
[Anonymous], FBI BREAKS ALLEGED R
[6]  
[Anonymous], 2008, DIGITAL WATERMARKING
[7]  
[Anonymous], ICISIP 2006
[8]  
[Anonymous], 1998, MP3STEGO
[9]  
[Anonymous], P 3 ANN C PRIV SEC T
[10]  
[Anonymous], LEGITIMATE SITES COV