CUING 2021

The 5th International Workshop on Criminal Use of Information Hiding (CUING 2021)

to be held in conjunction with the 16 th International Conference on Availability, Reliability and Security
(ARES 2021 – http://www.ares-conference.eu )

August 17 – August 20, 2021

With the constant rise of the number of Internet users, available bandwidth and an increasing number of services shifting into the connected world, criminals are increasingly active in the virtual world. With improving defensive methods cybercriminals have to utilize more and more sophisticated ways to perform their malicious activities. While protecting the privacy of users, many technologies used in current malware and network attacks have been abused in order to allow criminals to carry out their activities undetected. This poses a lot of new challenges for digital forensics analysts, academics, law enforcement agencies (LEAs), and security professionals.

The aim of the Third International Workshop on Criminal Use of Information Hiding (CUIng) is to bring together researchers, practitioners, law enforcement representatives, and security professionals in the area of analysis of information hiding. However data hiding is understood here in a wider manner than in the academic world i.e. all techniques that pertain to camouflaging/masking/hiding various types of data (e.g. identities, behavior, communication, etc.) are included here. This means not only digital steganography/covert channels but also obfuscation/anti-forensics techniques and even underground networks (darknets) or activities related to behavior impersonation or mimicking. This will allow to present a more complete picture on novel research regarding the use of data and communication hiding methods in criminal environments and discuss ideas for fighting misuse of privacy enhancing technologies.

Moreover, this year the CUING workshop is co-organized with the SIMARGL (Secure Intelligent Methods for Advanced RecoGnition of malware and stegomalware) H2020 project.

Topics of interest include, but are not limited to

Information hiding techniques
Studies regarding the use of information hiding in cybercrime
Analysis of cybercrime cases related to CUIng
Large scale coordinated actions by LEAs from CUIng perspective
New steganographic & steganalysis methods
Local, air-gapped, and network covert channels
Side channels and less obvious usage of information hiding techniques
Novel countermeasures against information hiding techniques: detection, prevention, limitation
Evasion, obfuscation and anti-forensics techniques used by cybercriminals
Traffic type obfuscation techniques e.g. traffic morphing
Masking network attacks with another types of threats
Hiding covert communication within network attacks e.g. DDoS, SPAM, etc.
Impersonation of one cybercriminals groups by the other

Underground marketplaces and their business models
Botnet analysis from CUIng perspective
Methods for botnet detection and mitigation from CUIng perspective
Banking Trojans from CUIng perspective
IoT-botnets from CUIng perspective
Privacy enhancing techniques
Analysis of underground environments
Legal and technical aspects of Darknet research
Cybercrime and CPS from CUIng perspective
Future scenarios in cybercrime from CUIng perspective
Aspects and methods for sharing strategic intelligence
Abusing legitimate cloud-based services for masking criminal activities
Abusing legitimate social media services for masking criminal activities

Important Dates
Submission Deadline

May 13, 2021

New deadline May 24, 2021

Author Notification June 01, 2021
New deadline June 07, 2021
Proceedings Version June 13, 2021
ARES EU Symposium August 17, 2021
All-Digital Conference August 17 – August 20, 2021

Stegom alware: what is it and what we can do?

Dr. Luca Caviglione, IMATI CNR, Italy

Abstract : Information hiding and steganographic techniques are increasingly used by attackers to create a new-wave of threats (often called stegomalware) able to covertly exfiltrate data, obfuscate their presence, retrieve malicious payloads or bypass security mechanisms. Despite the increasing volume of attacks, the degree of sophistication, and the growing attention from security-oriented firms, stegomalware is often neglected for a twofold reason. First, its emerging nature still requires precise investigation methodologies and conceptual devices. Second, each hiding technique is tightly coupled with the digital entity exploited to conceal the information. In this talk, we will review some real-world threats exploiting information hiding with emphasis on the used techniques and attack models. Then, we will discuss possible countermeasures, focusing on the challenges arising by the need of inspecting many heterogenous digital contents (e.g., images, network traces or execution flows) without endangering the quality perceived by users. Lastly, we will also present some ideas developed within the H2020 Project SIMARGL – Secure Intelligent Methods for Advanced RecoGnition of malware, which aims at mitigating risks of information-hiding-capable attacks.

Luca Caviglione is a Senior Research Scientist with the Institute for Applied Mathematics and Information Technologies (IMATI), National Research Council of Italy. From 2020 he is the Head of the IMATI Research Unit of the National Inter-University Consortium for Telecommunications. He is a Contract Professor for the University of Genova, where he regularly teaches “Information Hiding” to Ph.D. students and he is a board member of the Ph.D. Course in Security, Reliability and Vulnerability. He is a Work Group Leader of the Italian IPv6 Task Force, a Professional Engineer, and a member of the Steering Committee of the Criminal Use of Information Hiding initiative supported by the European Cybercrime Centre.

He regularly serves as a project evaluator and he organizes special issues in several top-ranked journal and magazines. In 2020, he was the chair for the European Interdisciplinary Cybersecurity Conference.  Currently, he is the principal investigator for IMATI of the EU Project SIMARGL – Secure Intelligent Methods for Advanced RecoGnition of malware, Grant Agreement No. 833042.

His research interests include network security and information hiding, cloud architectures, and optimization of large-scale computing systems. He holds several patents in the field of peer-to-peer networking and energy efficiency of datacenters.