Skip to main content

A framework for avoiding steganography usage over HTTP

Blasco Alis, Jorge, Hernandez-Castro, Julio C., de Fuentes, Jose Maria, Ramos, Benjamin (2012) A framework for avoiding steganography usage over HTTP. Journal of Network and Computer Applications, 35 (1). pp. 491-501. ISSN 1084-8045. (doi:10.1016/j.jnca.2011.10.003) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:31941)

PDF
Language: English

Restricted to Repository staff only
[thumbnail of A framework for avoiding steganography usage over HTTP.pdf]
Official URL:
http://dx.doi.org/10.1016/j.jnca.2011.10.003

Abstract

Steganographic techniques allow users to covertly transmit information, hiding the existence of the communication itself. These can be used in several scenarios ranging from evading censorship to discreetly extracting sensitive information from an organization. In this paper, we consider the problem of using steganography through a widely used network protocol (i.e. HTTP). We analyze the steganographic possibilities of HTTP, and propose an active warden model to hinder the usage of covert communication channels. Our framework is meant to be useful in many scenarios. It could be employed to ensure that malicious insiders are not able to use steganography to leak information outside an organization. Furthermore, our model could be used by web servers administrators to ensure that their services are not being abused, for example, as anonymous steganographic mailboxes. Our experiments show that steganographic contents can be successfully eliminated, but that dealing with high payload carriers such as large images may introduce notable delays in the communication process.

Item Type: Article
DOI/Identification number: 10.1016/j.jnca.2011.10.003
Uncontrolled keywords: Active warden; Covert channels; HTTP; Sanitization; Steganography
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Julio Hernandez Castro
Date Deposited: 24 Oct 2012 12:43 UTC
Last Modified: 16 Nov 2021 10:09 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/31941 (The current URI for this page, for reference purposes)

University of Kent Author Information

Hernandez-Castro, Julio C..

Creator's ORCID: https://orcid.org/0000-0002-6432-5328
CReDIT Contributor Roles:
  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.