CUING 2020

The 4th International Workshop on Criminal Use of Information Hiding (CUING 2020)

to be held in conjunction with the 15th International Conference on Availability, Reliability and Security
(ARES 2020 – http://www.ares-conference.eu)

August 25 – August 28, 2020

With the constant rise of the number of Internet users, available bandwidth and an increasing number of services shifting into the connected world, criminals are increasingly active in the virtual world. With improving defensive methods cybercriminals have to utilize more and more sophisticated ways to perform their malicious activities. While protecting the privacy of users, many technologies used in current malware and network attacks have been abused in order to allow criminals to carry out their activities undetected. This poses a lot of new challenges for digital forensics analysts, academics, law enforcement agencies (LEAs), and security professionals.

The aim of the Third International Workshop on Criminal Use of Information Hiding (CUIng) is to bring together researchers, practitioners, law enforcement representatives, and security professionals in the area of analysis of information hiding. However data hiding is understood here in a wider manner than in the academic world i.e. all techniques that pertain to camouflaging/masking/hiding various types of data (e.g. identities, behavior, communication, etc.) are included here. This means not only digital steganography/covert channels but also obfuscation/anti-forensics techniques and even underground networks (darknets) or activities related to behavior impersonation or mimicking. This will allow to present a more complete picture on novel research regarding the use of data and communication hiding methods in criminal environments and discuss ideas for fighting misuse of privacy enhancing technologies.

Moreover, this year the CUING workshop is co-organized with the SIMARGL (Secure Intelligent Methods for Advanced RecoGnition of malware and stegomalware) H2020 project.

Topics of interest include, but are not limited to

Information hiding techniques
Studies regarding the use of information hiding in cybercrime
Analysis of cybercrime cases related to CUIng
Large scale coordinated actions by LEAs from CUIng perspective
New steganographic & steganalysis methods
Local, air-gapped, and network covert channels
Side channels and less obvious usage of information hiding techniques
Novel countermeasures against information hiding techniques: detection, prevention, limitation
Evasion, obfuscation and anti-forensics techniques used by cybercriminals
Traffic type obfuscation techniques e.g. traffic morphing
Masking network attacks with another types of threats
Hiding covert communication within network attacks e.g. DDoS, SPAM, etc.
Impersonation of one cybercriminals groups by the other

Underground marketplaces and their business models
Botnet analysis from CUIng perspective
Methods for botnet detection and mitigation from CUIng perspective
Banking Trojans from CUIng perspective
IoT-botnets from CUIng perspective
Privacy enhancing techniques
Analysis of underground environments
Legal and technical aspects of Darknet research
Cybercrime and CPS from CUIng perspective
Future scenarios in cybercrime from CUIng perspective
Aspects and methods for sharing strategic intelligence
Abusing legitimate cloud-based services for masking criminal activities
Abusing legitimate social media services for masking criminal activities

Important Dates
Submission Deadline May 25, 2020 extended to June 05, 2020
Author Notification June 20, 2020
Proceedings Version July 05, 2020
ARES EU Symposium August 25, 2020
All-Digital Conference August 25 – August 28, 2020
Workshop Chairs

Wojciech Mazurczyk (Chair)
Warsaw University of Technology, Poland
wmazurczyk@tele.pw.edu.pl

Philipp Amann (Chair)
Europol, European Cybercrime Centre, The Netherlands
Philipp.Amann@europol.europa.eu

Jart Armin (Chair)
CyberDefcon, The Netherlands
jart@cyberdefcon.com

Angelo Consoli (Chair)
Scuola universitaria professionale della Svizzera italiana (SUPSI), Switzerland
angelo.consoli@supsi.ch

Peter Kieseberg (Chair)
SBA Research, Austria
pkieseberg@sba-research.org

Joerg Keller (Chair)
FernUniversitaet in Hagen, Germany
Joerg.Keller@fernuni-hagen.de

Program Committee 2019

Ahmed A. Abd El-Latif, Menoufia University, Egypt
Soumya Banerjee, CNAM-CEDRIC LAB, INRIA-EVA, Paris, France
Krzysztof Cabaj, Warsaw University of Technology, Poland
Luca Caviglione, IMATI CNR, Italy
Marco Cremonini, University of Milan, Italy
Jana Dittmann, Otto-von-Guericke University Magdeburg, Germany
Mattia Epifani, CNR, Italy
Zeno Geradts, NFI, The Netherlands
Julio Hernandez-Castro, School of Computing, University of Kent, UK
Felix Iglesias, Vienna University of Technology, Austria
Stefan Katzenbeisser, TU Darmstadt, Germany
Zbigniew Kotulski, Warsaw University of Technology, Poland
Christian Kraetzer, Otto-von-Guericke University Magdeburg, Germany
Jean-Francois Lalande, CentraleSupélec, France
Daniel Lerch-Hostalot, Universitat Oberta de Catalunya, Spain
Shujun Li, University of Kent, UK
David Megias, Universitat Oberta de Catalunya, Spain
Aleksandra Mileva, University Goce Delcev, Republic of Macedonia
Avinash Srinivasan, Temple University, USA
Hui Tian, National Huaqiao University, China
Edgar Weippl, SBA Research, Austria
Steffen Wendzel, Worms University of Applied Sciences and Fraunhofer FKIE, Germany
Tanja Zseby, Vienna University of Technology, Austria

Submission Guidelines

The submission guidelines valid for the workshop are the same as for the ARES conference. They can be found at https://www.ares-conference.eu/conference/submission/.

Papers accepted by the workshop will be published in the Conference Proceedings of ARES 2020 that will be published by the International Conference Proceedings Series published by ACM (ACM ICPS).

Moreover, the extended versions of all accepted papers will be considered for publication in a special issue of the Journal of Cyber Security and Mobility (Indexed in Scopus, http://riverpublishers.com/journal.php?j=JCSM/5/1/jdes) or Applied Sciences (IF=2.217) special issue on Data Hiding and Its Applications: Digital Watermarking and Steganography (https://www.mdpi.com/journal/applsci/special_issues/Digital_Watermarking_Steganography).

Keynote speaker

Prof. David Megías
Principal Investigator of the KISON research group of the Internet Interdisciplinary Institute (IN3), Universitat Oberta de Catalunya (UOC)

Targeted image steganalysis using the embedding algorithm in the detection method

Abstract: It is increasingly common to use steganography for malicious purposes, either to maintain secret communications between members of criminal and terrorist groups, or as a means to deploy cyberattacks or infect information systems with malware. For this reason, steganalysis has received growing attention by the research community in the last few years. Steganalysis is the term used to refer to the different techniques that are used to detect statistical anomalies in the potential carriers of steganographic messages in order to identify suspected stego objects.

Images and the network protocols are two of the most frequently used carriers of secret steganographic messages in malicious scenarios. This keynote focuses on image steganalysis and summarizes a research line that has led to different published results in the last few years. The main idea behind the steganalytic methods overviewed in the presentation is to exploit the targeted embedding algorithm itself within the steganalytic method. When appropriately used, the embedding method aimed to be detected can increase the accuracy of current steganalytic methods and even help to predict whether a steganlytic detector will provide a reliable classification of a set of suspected images or not. The pros and cons of this strategy will be discussed, and some ideas for further research will be outlined.

Prof. David Megías is the Principal Investigator of the KISON research group of the Internet Interdisciplinary Institute (IN3), at the Universitat Oberta de Catalunya (UOC). He received the Ph.D. degree in computer science from the Universitat Autònoma de Barcelona (UAB) in July 2000. Since October 2001, he has been at the UOC with a permanent position (currently as Full Professor). At the UOC, he has held several academic positions, until he was appointed director of the IN3 in April 2015. His current teaching is mostly related to computer networks, information security (watermarking and steganography), and research techniques and methodologies in the field of network and information technologies. His current research interests focus on information security and privacy, and include the security and privacy in multimedia content distribution (mainly in the watermarking and fingerprinting topics), steganography and steganalysis, and privacy concerns in different applications of decentralized networks. He has published research papers in numerous international journals and conferences and has participated in several national joint research projects both as a contributor and as principal investigator. He is also member of the editorial board and programme committees of several journals and conferences in the area of security and privacy.