PadSteg: introducing inter-protocol steganography

@article{Jankowski2013PadStegII,
  title={PadSteg: introducing inter-protocol steganography},
  author={B. Jankowski and Wojciech Mazurczyk and Krzysztof Szczypiorski},
  journal={Telecommunication Systems},
  year={2013},
  volume={52},
  pages={1101-1111}
}
Hiding information in network traffic may lead to leakage of confidential information. [] Key Method PadSteg utilizes ARP and TCP protocols together with an Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret communication for hidden groups in LANs (Local Area Networks). Basing on real network traces we confirm that PadSteg is feasible in today’s networks and we estimate what steganographic bandwidth is achievable while limiting the chance of disclosure. We also point at possible…
Inter-Protocol Steganography for Real-Time Services and Its Detection Using Traffic Coloring Approach
TLDR
New inter-protocol hiding techniques which are suitable for real-time services and preliminary results of a novel steganography detection approach which relies on network traffic coloring are introduced.
Introducing Dead Drops to Network Steganography using ARP-Caches and SNMP-Walks
TLDR
This paper introduces a new concept it calls "dead drop", i.e., a covert network storage which does not depend on the direct network traffic exchange between covert communication sides, and stores secret information in the ARP cache of an unaware host that is not involved in the hidden data exchange.
Steg Blocks: Ensuring Perfect Undetectability of Network Steganography
TLDR
The paper presents StegBlocks, which defines a new concept for performing undetectable hidden communication and presents the approach to perfect undetECTability of network steganography, which was developed based on the rules of undetectability for general Steganography.
Perfect undetectability of network steganography
TLDR
The paper presents StegBlocks, which defines a new concept for performing undetectable hidden communication and presents the approach to perfect undetECTability of network steganography, which was developed based on the rules of undetectability for general Steganography.
Future of Data Hiding: A Walk Through Conventional to Network Steganography
TLDR
In this paper various works recently done in the area of different categories of network security has been discussed and analyzed so as to find scope for future research.
ARPNetSteg: Network Steganography using Address Resolution Protocol
TLDR
An algorithm ARPNetSteg is presented that implements Network Steganography using the Address resolution protocol and is a robust technique that can transfer 44 bits of covert data per ARP reply packet.
Steganogaphy Using Mac-Independent Opportunistic Routing and Encoding (MORE) Protocol Based Communications
TLDR
An enhanced version of the proposed steganoraphic scheme using MORE protocol is proposed, increasing its security and performances, and optimized embedding and retrieval algorithms are given leading to a 50% reduced time/computation complexity.
A Secure Stop and Wait Communication Protocol for Disturbed Networks
TLDR
The proposed peer to peer protocol is very useful for insecure channels and disturbed networks and the method is a convenient stop and wait protocol which provides unbeatable security and suitable for mobile phones as well.
A New Network Steganographic Method Based on the Transverse Multi-Protocol Collaboration
TLDR
A new network steganographic method called Transverse Multi-Protocol Collaboration Network Steganographic Method (TMPCNSM) is proposed and experiments showed that the great advantage of this method over others are higher steganography bandwidth and more undetectable characteristics due to the complexity of multi-protocol collaborative.
Hidden and Uncontrolled - On the Emergence of Network Steganographic Threats
TLDR
The issues related to countering network steganography in practice are discussed, an outlook on further research directions and problems are provided and its potential application for harmful purposes is highlighted.
...
...

References

SHOWING 1-10 OF 32 REFERENCES
Information Hiding Using Improper frame padding
TLDR
Basing on real network traces, it is confirmed that PadSteg is feasible in today's networks and it is estimated what steganographic bandwidth is achievable while limiting the chance of disclosure.
Practical Data Hiding in TCP/IP
TLDR
By passing supplementary information through IPv4 headers it is demonstrated how security mechanisms can be enhanced in routers, firewalls, and for services such as authentication, audit and logging without considerable additions to software or hardware.
Embedding Covert Channels into TCP/IP
TLDR
By examining TCP/IP specifications and open source implementations, tests to detect the use of naive embedding are developed and reversible transforms that map block cipher output onto TCP ISNs are described, indistinguishable from those generated by Linux and OpenBSD.
Steganography of VoIP Streams
TLDR
The results of the experiment, that was performed to estimate a total amount of data that can be covertly transferred during typical VoIP conversation phase, regardless of steganalysis, are also included in this paper.
A survey of covert channels and countermeasures in computer network protocols
TLDR
A survey of the existing techniques for creating covert channels in widely deployed network and application protocols and an overview of common methods for their detection, elimination, and capacity limitation, required to improve security in future computer networks are given.
Hiding Data in the OSI Network Model
TLDR
The Alice and Bob analogy, derived from cryptology, is used to present network protocols in a way that more clearly defines the problem.
Practical Internet Steganography : Data Hiding in IP
TLDR
This paper investigates practical techniques and uses of Internet steganography and facilitates the interaction of fundamental steganographic principles with the existing network security environment to more generally bridge the areas of data hiding, network protocols and security.
Eliminating Steganography in Internet Traffic with Active Wardens
TLDR
This paper examines the techniques and challenges of a high-bandwidth, unattended, real-time, active warden in the context of a network firewall, and introduces the concept of Minimal Requisite Fidelity (MRF) as a measure of the degree of signal fidelity that is both acceptable to end users and destructive to covert communications.
Covert Channels in IPv6
TLDR
This paper introduces and analyze 22 different covert channels in the Internet Protocol version 6 (IPv6), and defines three types of active wardens, stateless, stateful, and network-aware, who differ in complexity and ability to block the analyzed covert channels.
Retransmission steganography and its detection
TLDR
The paper presents a new steganographic method called RSTEG (retransmission steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms, to not acknowledge a successfully received packet in order to intentionally invoke retransmissions.
...
...