Home   >   CSC-OpenAccess Library   >    Manuscript Information
A Steganography-based Covert Keylogger
Megan Thomas, Panagiotis Yialouris, Thomas Yorkshire
Pages - 177 - 191     |    Revised - 10-08-2014     |    Published - 15-09-2014
Volume - 8   Issue - 5    |    Publication Date - September / October 2014  Table of Contents
Network Security, Covert Channels, Steganography, Keylogger, Social Networks.
Identity theft through keyloggers has become very popular the last years. One of the most common ways to intercept and steal victim's data are to use a keylogger that transfers data back to the attacker. Covert keyloggers exist either as hardware or software. In the former case they are introduced as devices that can be attached to a computer (e.g. USB sticks), while in the latter case they try to stay invisible and undetectable as a software in the operating system. Writing a static keylogger which operates locally in victim's machine is not very complex. In contrast, the creation of covert communication between the attacker and the victim, and still remain undetectable is more sophisticated. In such a scenario we have to define how data can be delivered to the attacker and how we can make an efficient use of the channel that transfers the information over the network in order to stay undetectable. In this paper we propose a system based on Steganography that takes advantage of a seemingly innocuous Social Network (Tumblr) in order to avoid direct communication between the victim and the attacker. A core part of this study is the security analysis which is also discussed by presenting experimental results of the system and describing issues regarding surveillance resistance of the system as well as limitations.
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 Scribd 
5 SlideShare 
6 PdfSR 
A. Nappa, A. Fattori, M. Balduzzi, M. Dell'Amico, L. Cavallaro. "Take a deep breath: a stealthy, resilient and cost-effective Botnet using Skype". In Proc. of the DIMVA'10, 7th International conference on Detection of intrusions and malware, and vulnerability assessment, 2010, pp. 81-100.
Athanasopoulos E., Makridakis A, Antonatos S., Antoniades D., Ioannidis S. Anagnostakis K. and Markatos E. “Antisocial networks: turning a social network into a Botnet“ In Proc of the 11th Information Security Conference, Taipei, Taiwan, 2008, pp. 146-160.
Backstrom L., Dwork C., Kleinberg J. “Wherefore art thou r3579x? anonymized social networks, hidden patterns and structural steganography”, In Proc of the 16th international conference on World Wide Web, 2007, pp. 181-190.
C. Raphael -W. Phan, Ling Huo-Chong. "Steganalysis of random LSB insertion using discrete logarithms proposed at CITA03" In Proc. MMU International Symposium on Information and Communication Technologies (M2USIC 2003), Petaling Jaya, Malaysia,2003, pp. 56-59.
D. Damopoulos, G. Kambourakis, S. Gritzalis. "From Keyloggers to Touchloggers: Take the Rough with the Smooth". Computers & Security, Volume 32, pp. 102-114, Feb. 2013.
J. Lu, O. Dunkelman, N.Keller, J. Kim. "New Impossible Differential Attacks on AES". In Proc of the 9th Progress in Cryptology -INDOCRYPT 2008. International Conference on Cryptology in India, 2008, pp. 279-293.
K., Sakamura, X. Dong Wang. "A Study on the Linear Cryptanalysis of AES Cipher".Journal of Faculty of Environmental Science and Technology, Vol.9, No.1, pp. 19-26, Feb.2004.
Makridakis A., Athanasopoulos E., Antonatos S., Antoniades D., Ioannidis S., Markatos E.“Designing malicious applications in social networks”, IEEE Network Special Issue on Online Social Networks, 2010.
Mitra S., Roy T., Mazumbar D., Saha A.B. "Steganalysis of LSB Encoding in Uncompressed Images by Close Color Pair Analysis" IIT Kanpur Hackers' Workshop 2004(IITK-HACK04), 23-24 Feb.2004. Internet:http://www.security.iitk.ac.in/contents/events/workshops/iitkhack04/papers/cp03.pdf, Feb.24, 2004 [Jul 1. 2014].
N. Cottin. "Steganography made easy using Hide and Reveal". Internet:http://hidereveal.ncottin.net/download/HideAndReveal.pdf, May 2010 [ Jun. 2014].
N. Nikiforakis, M. Balduzzi, S. Van Acker, W. Joosen, D.Balzarotti. "Exposing the lack of privacy in file hosting services". In Proc. of the 4th USENIX conference on Large-scale exploit and emergent threats. 2011, pp 1-1. available:https://www.usenix.org/legacy/events/leet11/tech/full_papers/Nikiforakis.pdf?CFID=373638 416&CFTOKEN=62886009
P.Porras, H. Saidi, and V.Yegneswaran. "A Foray into Conficker's Logic and Rendezvous Points". In Proc. 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats(LEET '09), 2009. Available:https://www.usenix.org/legacy/events/leet09/tech/full_papers/porras/porras.pdf, Apr. 2009,[Jul. 2, 2014].
P.Porras, H. Saidi, and V.Yegneswaran. "A multi-perspective analysis of the Storm(Peacomm) worm". Internet: http://www.cyber-ta.org/pubs/StormWorm/SRITechnical-Report-10-01-Storm-Analysis.pdf. Oct. 2007 [Jul. 1, 2014].
R. Albert, H. Jeong, A.L. Barabasi. "Error and attack tolerance of complex networks".Nature, Volume 406, Issue 6794, pp. 378-382, Jul. 2000.
S. Nagaraja, A. Houmansadr, P. Piyawongwisal, V. Singh, P. Agarwal, N. Borisov."Stegobot: a covert social network Botnet". In Proc. of the 13th international conference on Information hiding, 2011, pp. 299-313.
Symantec. "Internet Security Threat Report - 2013 Trends", Volume 19, April 2014.Internet: http://www.symantec.com/content/en/us/enterprise/other_resources/b- istr_main_report_v19_21291018.en-us.pdf, Apr.19,2014 [Jul. 2, 2014].
T. Holz, M. Engelberth, F. Freiling. "Learning more about the underground economy: a case-study of keyloggers and dropzones". In Proc. 14th European conference on Research in Computer Security (ESORICS'09), 2009, pp. 1-18.
Tumblr Press Information, 2014. Tumblr Internet: http://www.tumblr.com/press, [Jul.2,2014].
Tumblr Wikipedia Article, 2014. Internet: http://en.wikipedia.org/wiki/Tumblr [Jul. 2,2014].
W.B. Lampson. "A note on the confinement problem". Communication of the ACM. Volume 16, Issue 10, pp.613-615, Oct. 1973.
Webbiquity. "79 Remarkable Social Media Marketing Facts and Statistics for 2012".Internet: http://webbiquity.com/social-media-marketing/79-remarkable-social-media- marketing-facts-and-statistics-for-2012/, Aug. 2012, [ Jul. 2014].
Wondracek G., Holz T., Kirda E., Kruegel C. “A Practical Attack to De-Anonymize Social Network Users”, Security and Privacy (SP) 2010 IEEE Symposium on, May 2010, pp. 223-238.
Dr. Megan Thomas
University of Birmingham School of Computer Science, B15 2TT, Birmingham, UK - United Kingdom
Dr. Panagiotis Yialouris
University of Birmingham, United Kindom - United Kingdom
Dr. Thomas Yorkshire
University of Birmingham School of Computer Science, B15 2TT, Birmingham, UK - United Kingdom

View all special issues >>