Covert Channel Cyber-Attack over Video Stream DCT Payload
- 538 Downloads
The two main cyber-attack techniques via video packets are based on using the packet header or the payload. Most of the standard software protection tools easily detect anomalies in headers since there are fewer places to embed the malicious content. Moreover, due to the relatively small header size, such attacks are limited by the data volumes that can transfer. On the other hand, a cyber-attack that uses video packets’ payload can effectively conceal much more information and produce covert channels. Multimedia covert channels provide reasonable bandwidth and long-lasting transmission streams, suitable for planting malicious information and therefore used as an exploit alternative. The primary focus of this article is a proof of concept of cyber-attack that conceals malicious data in a video payload in the compressed domain, using steganography (in real time). This malicious data is extracted using a covert channel and a malware (that had previously planted at the end user side), on the other side. Additionally, after the implementation of the attack, it is necessary to review its parameters and conclude what the optimal parameters to use in different video scenarios.
In this paper, we will demonstrate attacks that take advantage of compressed domain video payload.
It is important to note that this method can be used as a method of copyright protection.
KeywordsExploit Invisible covert channel Steganography Watermarking Cyber Steno objects Intra prediction Inter prediction Discrete Cosine Transform DCT Motion vectors
This work was supported by the Israel National Cyber Bureau. The authors gratefully thank Mr. Lior Yahav for implementing the attack algorithm.
- 1.Cisco: Cisco Visual Networking Index: Forecast and Methodology, 2016–2021 (2017)Google Scholar
- 2.Neufeld, A., Ker, A.D.: A study of embedding operations and locations for steganography in H.264 video. In: SPIE, Multimedia Watermarking, Security, and Forensics, vol. 8665 (2013)Google Scholar
- 3.Morkel, T., Eloff, J.H., Olivier, M.S.: An overview of image steganography. In: Proceedings of the Fifth Annual Information Security South Africa Conference, ISSA 2005 (2005)Google Scholar
- 4.Amsden, N.D., Chen, L., Yuan, X.: Transmitting hidden information using steganography via Facebook. In: International Conference on Computing, Communication and Networking Technologies (ICCCNT) (2014)Google Scholar
- 6.Cox, I.J., Kilian, J., Leighton, T., Shamoon, T.: Secure spread spectrum watermarking for image, audio and video. In: IEEE International Conference on Image Processing, vol. 3, pp. 243–246 (1996)Google Scholar
- 8.Verma, H.K., Singh, A.N., Kumar, R.: Robustness of the digital image watermarking techniques against brightness and rotation attack. Int. J. Comput. Sci. Inf. Secur. IJCSIS, 5 (2009)Google Scholar
- 9.Jianfeng, L., Zhenhua, Y., Fan, Y., Li, L.: A MPEG2 video watermarking algorithm based on DCT domain. In: Digital Media and Digital Content Management (DMDCM) (2011)Google Scholar
- 10.Amsalem, Y., Hadar, O., Puzanov, A., Bedinerman, A., Kutcher, M.: DCT-based cyber defense techniques. In: Applications of Digital Image Processing XXXVIII (2015)Google Scholar
- 11.Katzenbeisser, S.: Information Hiding Techniques for Steganography and Digital. Artech House (2000)Google Scholar
- 12.Fouant, S.: Man in the Middle (MITM) Attacks Explained: ARP Poisoning. ShortestPathFirs (2010)Google Scholar
- 13.Richardson, I.E.G.: The H.264 Advanced Video Compression Standard. Wiley (2011)Google Scholar
- 14.“H.264 encoder decoder scheme”Google Scholar
- 16.Juneja, M., Mukesh, D.: Overview of video steganography in compressed domain. Int. J. Control. Theory Appl. 1–11 (2018)Google Scholar
- 17.Yang, M., Bourbakis, N.: A high bitrate information hiding algorithm for digital video content under H.264/AVC compression. In: Midwest Symposium on Circuits and Systems, vol. 2005, pp. 935–938 (2005)Google Scholar
- 18.Shou-Dao, W., Chuang-Bai, X., Yu, L.: A high bitrate information hiding algorithm for video in video. Eng. Technol. 413–418 (2009)Google Scholar