A Mixture of Timing Steganography and Series Cryptography

— This Paper presents improvement and extension of previous methodology about timing steganography based on network steganography. The previous article uses time interval between two successive transmissions mixed with cryptography prior to hiding. However this improvement tend to extend and provide new methods based on time format such as hours, minutes, second, millisecond and Nanosecond etc. It further examine how to handle effect of different time zone and high precision timing for ultrafast timing such as millisecond, Nanoseconds, picosecond, femtosecond which human action is too slow for perfect timing. In addition, the extension based on TCP-IP status codes where each elements of set of status code are index and the index represents certain numeric of combination for hiding. Finally, the cryptography method is improved and extended to series based cryptography with any defined number of different cryptographic methods combined altogether with multiple keys generated dynamically. The methods for both cryptography and steganography was integrated and each module carefully tested for their feasibility and appropriate analysis, comparisons is presented too.

INTRODUCTION Information security also refers to, as cyber security [1] is an area that deals with privacy and protection of confidential information. It sub-divides into several branches such as cryptography [2], steganography and many more. Steganography [3] is the practice of hiding information inside another information and can be categories into several sub-categories basing on the media use for hiding and transmitting or carrying hidden message. Network Steganography: is the practise of concealing information in a network carrier by either modifying inter-arrival time for network data packet to network protocols for embedding secret message. Multimedia Steganography: this is another type of steganography which uses Multiemedia [4] such as Images, Text, Audio and Video or motion picture for hidding secret information. Text Steganography: this uses text for embedding secret message inside, by using method such as text formate modification such that the modification is invisible or by some form of text permutation just to embed the confidential message. Video Steganograph: About hidding secret message in video which may include modifying motion picture information etc.
Audio Steganography just as video steganography is about hiding information in audio signal which can be noise signal to many more method describe in article. Image Steganography. Is mostly about hiding secret information in image format such as jpg, png etc. Using some methods like Least Significant bit (LSB) Methods and many more.
II. EXISTING METHODOLOGY There are some previously published articles in the area of timing steganography, which deals with concealing information based on timing especially in network. For the previous manuscript [5]which tend to hides bits using time interval (1) of inter-arrival of packets or events triggered in network Subject to . (2).
≥ − ; ( − ) ∈ 1 ; 1 ≥ 0 (2) Where if ∆ ∈ 2 represents bit one else if ∆ ∉ 2 represents bit zero. However, for ( − ) ∈ 1 must always belong to the set of keys in order to keep track of the previous index of time − . The drawback of the method is that since each interval represents a bit, it is difficult to transmit more bits. For the case of cryptography methods, it only uses two alternating cryptography method i.e. XOR and bitwise shifting i.e. Right shift (≪) and Left shift (≫). For cryptography, method presented previous which uses bi-cryptography methods for encrypting a given piece of secret message ( ) was mainly to scramble secrets information ( ) prior to hiding and scramble ( ) it is = ( ⊕ 1 ) ≫ 2 In addition, to decrypt content in ( ), and is = ( ≪ 2 )⨁ 1 . A similar work presented in an article [6] where they slightly modify inter-arrival time of network packets. Their methods shows that the modification is untraceable as slight modification is undetected. However, due to advancement in detectability of covert timing channel it is possible to detect such slight or very small modification.
III. IMPROVEMENT OF METHODOLOGY This section of the paper discusses and presents new concepts as an improvement of the previous article [5] and extension using TCP-IP status code. First subsection III A introduce Unit of Time and the following sub-section after presents the improvement and extension methodology.
However for larger Units after hours are days, weeks, month, years, Decades, Century, Millennium (Kilo-Year), Mega-Year, Giga-Year, Tera-Year, eon, Supereon up to infinity(∞). Time is a special case where The quest of how big is the biggest (∞) or how small is the smallest (∞ −1 ) lies beyond the realm of my understanding.
Where 00 ≤ ≤ 23 and ∈ 2 Minutes ( ): In minutes, it is express numerically as 00 ≤ ≤ 59 where 2 = {00,01,02,03,04 … . ,99} ∈ 2 And ≤ 59 please see Table I for sample minutes assigned  alphanumerical characters and bit combinations as explains in [7] using two bit combination. Please note in Table I, the following means SP (Space), ST (Full Stop), CM (Comma). Here we use only uppercase letter and some few special character and numeric commonly use.
E. Time Zone Different time zone: Across the globe, there is possibility that sender and receiver of secret message/information are located in different time zone( ). Therefore, if the hidden information is encoded base on sender time zone, therefore for receiver to decode the right time, they must first subtract time zone ( ) from the receiver time (3) to get the sender time . Here sender time zone is define as and receiver time zone . In addition, receiver time as . To find sender time in order to decode the right time from receiver time, see (15).
= ( + ) − (15) However to find receiver time incase when hidden information is to be encoded using receiver time, sender need to use (16) to find the right receiver time for encoding the right information before sending.
= ( + ) − (16) For ( , ) < 0 indicate previous day += 24 and for ( , ) ≥ 24 in 24 hrs system indicates next day −= 24. The same applies for Same Time Zone: For the case when both sender and receiver are located within the same time zone.
= . Therefore, from (15) and (16) = . Furthermore, considering non-real-time system with uniform delays should abstract from (15) and (16) to get the actual , . However, ≈ 0 in real-time transmission system, so there is no need for subtracting anything as in [5]. For ultrafast timing (3), use of automated devices is highly recommended.
F. Extension to TCP-IP Status Code For the use of TCP-IP status code given status code set = { 1 , 2 , 3 , … , } where ∈ and index of the status code represents bit combination as shown in example Table II. Here, combination technique presented in (4) is use. Where combination base value = {0,1} representing binary numbers that is equivalent of bits and for set = {0,1,2,3, … 9} represents numeric integers and a set of TCP-IP status codes. For example see Table II where set of status code for hypertext transfer protocol (http) are index numerically up to 16 index from zero to fifteen, and this number of index are assign four bits combination. So to generate a given bit combination of total ( ) = −1 ⟼ just like in (4) so for instance when = 4. So 4 = {0000, 0001, 0010, … … 1111} for more details see paper [7] on how to generates combination of binary values. Please see Table II for sample http status code where each http status code has an index assigned to them and an equivalent bit combination allocated.
G. Improvement of Cryptography From the previous bi-cryptography methods presented [5], multiple cryptography methods is presented called series based cryptography where a given character/information is encrypted up to a defined number of cryptography method with given number of varying keys as per the cryptography method presented. Supposed function ( , ) represents set of known cryptography methods such that { 1 ( , 1 ), 2 ( , 2 ), . , ( , )} ∈ ( , ) and ∈ are set of keys for encrypting. For parameter ( ) represents character, or information for encrypting by cryptography methods. ( , ) Moreover, ( ) is key for encrypting information. To encrypt character (17).
IV. EXPERIMENTAL RESULTS A. Results for Timing Steganography In this to show that this method can work perfectly, it is perform using minutes where records of chart messages and phone time of calls from the sender to receiver located within the same time zone . Fig 1 shows extracted time from calls in a day from sender and decoded as "MEETING 18:18 AT GULU" please see Table I for reference on how to extract the message and in addition, this is an unencrypted hidden message. However, both sender and receiver should know Table I   B. Results for TCP-IP Status Code The experimental condition to verify the method base on http status code was perform on Server side and Client side where client received http status code message from server by accessing web services from the server. The status code ( ) received is then compare with information in Table  II to extract the hidden contents it represents. The  following  extracted  http  status  code =  {404, 403, 400, 503}, which indices are ID= {6, 5, 3, 9}. Now converting the numeric in base ten to base two binary. 6 is 110 in base two, 5 is 101 in base two, 3 is, 11 in base two, 9 is 1001 in base two. However, total bit combination is four in each base two, so adding zero in front to make four bit combination and Joining {0110 + 0101 + 0011 + 1001} , Converting from binary stream to characters ="e9" and decrypting to "Hi".
C. Results for Cryptography To demonstrate the feasibility of the cryptography method, all ( , ) = ⨁ operation see Fig 2. A console application shown in Fig 2 code written base on Series algorithm using only XOR cipher to test the algorithm and it works efficiently. However, for a mixture of more than one cryptography method like XOR and Bitwise shifting, it is required to modify the code base on (17) and (18). V.
ANALYSIS AND COMPARISON A. Analysis of Timing Steganography Let sample space be define as ( ) (4), which is the cardinality of set for both TCP/IP status code and timing steganography such as in (3). Therefore, the probability that a chosen status code or time format is the right one containing hidden information /character combinations can be express as = 1/ ( ) and that it's not, can be express as ′ = (1 − ). Therefore, this implies that by making ( ) big or large enough, it reduces the chances of guessing the hidden content as shown in the probability see (19). ′ = ( ( ) − 1)( ( )) −1 (19) In comparison to previous methods and some existing methods in timing steganography, this method including TCP/IP status code does not modifies the code or time for carrying hidden message as it only represents combination of bit/character to be hidden, so it is quite difficult to intercept the hidden information flow.

B. Analysis of Cryptography
This method is very hard for cryptanalyst to decrypt the encrypted contents. Let probability that ( , ) is breakable be ′ and that it is not be . Therefore, probability that at least one of ( , ) in (17) is not breakable is express as in (20). (20) increases, approximately equals one, implying strength of cryptography increases with more series. However, more number of keys can delays execution for larger strings/text, as more cryptography methods and keys mean more series or repetitive encryption of the same character/information, so it is advisable to use fewer numbers of cryptography methods and keys with larger string where time performance is more important than security. Also repeating character in key will results into decrypting the encrypted contents like for the case of XOR cipher, which means no work done. Therefore, one should take care to avoid repeating keys.
Time performance analysis of formulae (17) and (18). Let total function of ( , ) operator in a series cryptography be (n) and time taken for each ( , ) in ( , ) operation be . Therefore, total time taken to encrypt a character a given number of operation is the summation of all for using mixture of cryptography. Finally, to encrypt an entire string or text of total character" ", one has to use the formulae below (21) to find total encryption time.
= (∑ ( ) =0 ) (21) To have higher security, element of set ( , ) should be large enough, however making these too large when " " is large makes extremely large, hence significantly slowing down execution time. Therefore, to make time of execution small, for larger value of total of ( , ) elements should be as small as possible. However, by making ( , ) elements small means less keys. Therefore, security strength diminishes too. The equation (21) can embed directly into the algorithm (17) and (18) to calculate total time taken for encrypting a given set of text or string of character.
VI. CONCLUSION This improvement and extension of previous article [5], which hides bits or information by using time format such as in (3). Moreover, TCP-IP status code using numeric index and combination technique that is in paper [7] has made it possible to hide more bits or information unlike in previous article [5] where time interval hides a single bit at each intervals. In addition, time being very reliable and also status code in TCP is very convenient unlike UDP where packets are delivered without acknowledgements or status updates or no delivery feedback makes TCP very desirable to use in the method due to the prompt status feedback.
The method further encrypt information prior to hiding to improve on un-detectability and making it hard to decrypt by improving the previous encryption methods to series base cryptography where contents to be hidden is first encrypted up to a given number of time with different encryption methods and different keys generated dynamically. The use of ∆ , ∆ * , ∆ * ′ for ≫ 1 remains a theoretical work and its practical application are beyond the scope of this work. VII.