Date of Award
Master of Science
Department of Electrical and Computer Engineering
Barry E. Mullins, PhD
As malware has evolved over the years, it has gone from harmless programs that copy themselves into other executables to modern day botnets that perform bank fraud and identity theft. Modern malware often has a need to communicate back to the author, or other machines that are also infected. Several techniques for transmitting this data covertly have been developed over the years which vary significantly in their level of sophistication. This research creates a new covert channel technique for stealing information from a network by piggybacking on user-generated network traffic. Specifically, steganography drop boxes and passive covert channels are merged to create a novel covert data exfiltration technique. This technique revolves around altering user supplied data being uploaded to online repositories such as image hosting websites. It specifically targets devices that are often used to generate and upload content to the Internet, such as smartphones. The reliability of this technique is tested by creating a simulated version of Flickr as well as simulating how smartphone users interact with the service. Two different algorithms for recovering the exfiltrated data are compared. The results show a clear improvement for algorithms that are user-aware. The results continue on to compare performance for varying rates of infection of mobile devices and show that performance is proportional to the infection rate.
DTIC Accession Number
Barnard, Curtis P., "Hijacking User Uploads to Online Persistent Data Repositories for Covert Data Exfiltration" (2010). Theses and Dissertations. 1992.