Eliminating Steganography in Internet Traffic with Active Wardens

@inproceedings{Fisk2002EliminatingSI,
  title={Eliminating Steganography in Internet Traffic with Active Wardens},
  author={Gina Fisk and Mike Fisk and Christos Papadopoulos and Joshua Neil},
  booktitle={Information Hiding},
  year={2002}
}
Active wardens have been an area of postulation in the community for nearly two decades, but to date there have been no published implementations that can be used to stop steganography as it transits networks. [] Key Method For unstructured carriers, which lack objective semantics, wardens can use techniques such as adding noise to block subliminal information. However, these techniques can break the overt communications of structured carriers which have strict semantics.
A framework for avoiding steganography usage over HTTP
Trends toward real-time network data steganography
TLDR
This paper challenges the security community by introducing an entirely new network dat hiding methodology, which it refers to as real-time network data steganography, and provides the groundwork for this fundamental change of covert network data embedding.
Syntax and Semantics-Preserving Application-Layer Protocol Steganography
TLDR
This paper describes the approach to application-layer protocol steganography, describing how to embed messages into a commonly used TCP/IP protocol and introduces the notions of syntax and semantics preservation, which ensure that messages after embedding still conform to the host protocol.
An Empirical Evaluation of IP Time To Live Covert Channels
TLDR
A software framework developed for evaluating covert channels in network protocols is presented and this software is used to empirically evaluate the transmission rates of the different TTL modulation techniques for real Internet traffic.
Stealthy Protocols: Metrics and Open Problems
TLDR
A survey of both methods that could be used to support stealthy communication over both wired and wireless networks and techniques for evaluating them and identifies open problems, point out gaps, and indicate directions for further research.
Steganography of VoIP Streams
TLDR
The results of the experiment, that was performed to estimate a total amount of data that can be covertly transferred during typical VoIP conversation phase, regardless of steganalysis, are also included in this paper.
Analyzing Network-Aware Active Wardens in IPv6
TLDR
A pioneer implementation of network-aware active wardens is presented that eliminates the covert channels exploiting the Routing Header and the hop limit field as well as the well-known Short TTL Attack.
Destroying steganography usage over HTTPS
TLDR
A man in the middle model is proposed to prevent the usage of the stenographic in covert channel and all the digital objects are sanitized, so that there is no information leakage from the organization over a network, both using HTTP as well as HTTPS.
SCONeP: Steganography and Cryptography approach for UDP and ICMP
TLDR
An implementation called SCONeP (Steganography and Cryptography over Network Protocols) that offers the protection of hidden data by encrypting it is proposed, and two less utilized protocols for data hiding, ICMP and UDP are described.
Covert Channels within IRC
TLDR
This research introduces a new class of information hiding techniques for use over Internet Relay Chat (IRC), called the Variable Advanced Network IRC Stealth Handler (VANISH) system, designed for a specific purpose to maximize channel capacity, minimize shape-based detectability, or provide a baseline for comparison using established techniques applied to IRC.
...
...

References

SHOWING 1-10 OF 30 REFERENCES
On the limits of steganography
TLDR
It is shown that public key information hiding systems exist, and are not necessarily constrained to the case where the warden is passive, and the use of parity checks to amplify covertness and provide public key steganography.
Detecting Steganographic Content on the Internet
TLDR
A detection framework that includes tools to retrieve images from the world wide web and automatically detect whether they might contain steganography content is presented, to determine whether there is steganographic content on the Internet.
Transport and application protocol scrubbing
  • G. R. Malan, David Watson, F. Jahanian, Paul Howell
  • Computer Science
    Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064)
  • 2000
TLDR
The design and implementation of a protocol scrubber, a transparent interposition mechanism for explicitly removing network attacks at both the transport and application protocol layers, is described.
Exploring steganography: Seeing the unseen
TLDR
It is argued that steganography by itself does not ensure secrecy, but neither does simple encryption, and if these methods are combined, however, stronger encryption methods result.
On Public-Key Steganography in the Presence of an Active Warden
  • S. Craver
  • Computer Science
    Information Hiding
  • 1998
TLDR
This paper describes techniques for pure steganography, in which no secret information needs to be shared before imprisonment, and a modification of an existing protocol will be shown to admit pure stegans if the warden is not allowed to modify the contents of the channel.
Stretching the Limits of Steganography
TLDR
It was widely believed that public key steganography was impossible; it is shown how to do it and a number of possible approaches to the theoretical security of hidden communications are looked at.
Defeating TCP/IP Stack Fingerprinting
TLDR
This paper evaluates the performance of a fingerprint scrubber implemented in the FreeBSD kernel and looks at the limitations of this approach.
Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics
A fundamental problem for network intrusion detection systems is the ability of a skilled attacker to evade detection by exploiting ambiguities in the traffic stream as seen by the monitor. We
Steganalysis and Game Equilibria
TLDR
This work introduces a two-player, zero-sum, matrix game for the purpose of modeling the contest between a data-hider and aData-attacker, and solves the game for equilibria, demonstrating that the form of the solution depends on whether the permitted distortion is less than or greater than d c, the critical distortion.
...
...