Retransmission Steganography Applied

  title={Retransmission Steganography Applied},
  author={Wojciech Mazurczyk and Milosz Smolarczyk and Krzysztof Szczypiorski},
  journal={2010 International Conference on Multimedia Information Networking and Security},
This paper presents experimental results of the implementation of network steganography method called RSTEG (Retransmission Steganography). The main idea of RSTEG is to not acknowledge a successfully received packet to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG can be applied to many network protocols that utilize retransmissions. We present experimental results for RSTEG applied to TCP (Transmission… 

Figures and Tables from this paper

On information hiding in retransmissions
The paper presents an idea and experimental results for RSTEG (Retransmission Steganography), which is an intra-protocol hybrid network steganography method. It is intended for a broad class of
Multicast Steganography Using Routing Protocols
The obtained results showed that reactive routing protocols exchange a large amount of routing packets which can be suitable for steganographic purposes due to network flooding mechanism.
Covert Channels in TCP/IP Protocol Stack
A survey of techniques for hiding data inseveral protocols from the TCP/IP protocol stack, according to a ected layer and protocol.
Steganographic methods of communications in distributed computing networks
This paper reviews the problem of a secure data transfer in distributed computing networks. It analysis the most popular covert channels (the steganographic methods of communications) and introduces
Covert channels in TCP/IP protocol stack - extended version-
A survey of different techniques for hiding data in several protocols from the TCP/IP protocol stack, organized according to affected layer and protocol.
Security and privacy issues for the network of the future
The security and privacy challenges of the Network of the Future are discussed and ways to delimit the solutions space on the basis of emerging techniques are reviewed in an effort to provide a more systematic and quantitative treatment of the area in the future.
Multilayer Detection of Network Steganography
A new method based on a multilayer approach for the selective analysis of derived and aggregated metrics utilizing machine learning algorithms to provide steganalysis capability for networks with large numbers of devices and connections is presented.
Implementation of Steganography Based on HOOK
The improved methods contain adaptive sockets functions hooking and speech recognition based on socket functions, which can be generally applied in the instant communication tools, and are implemented in the covert channels of Bol SipPhone and Gtalk.


Eliminating Steganography in Internet Traffic with Active Wardens
This paper examines the techniques and challenges of a high-bandwidth, unattended, real-time, active warden in the context of a network firewall, and introduces the concept of Minimal Requisite Fidelity (MRF) as a measure of the degree of signal fidelity that is both acceptable to end users and destructive to covert communications.
Trends in TCP / IP Retransmissions and Resets
For HTTP connections, an algorithm is provided to distinguish a reset of an impatient user from a network reset and the amount of data retransmitted and the goodput and throughput per flow are calculated.
Design and Implementation
A new approach of constructing the dynamic and adaptive virtual network based on virtual honeypot and network scanning is presented in this paper to puzzle adversaries, delay and divert attacks from their real targets, exhaust attacker resources, and collect the attacking information.
TCP Slow Start, Congestion Avoidance, Fast Retransmit, and Fast Recovery Algorithms
The purpose of this document is to document four intertwined algorithms that have never been fully documented as Internet standards: slow start, congestion avoidance, fast retransmit, and fast recovery.
A Performance Study of Loss Detection/Recovery in Real-world TCP Implementations
This paper systematically evaluates the impact of design parameters associated with TCP's loss detection/recovery mechanisms on the performance of real-world TCP connections and finds that the recommended as well as widely-implemented settings of TCP parameters are not optimal for a significant fraction of Internet connections.
When the CRC and TCP checksum disagree
The highly non-random distribution of errors strongly suggests some applications should employ application-level checksums or equivalents, and proposes simple changes to several protocols which will decrease the rate of undetected error.
TCP/IP architecture, design, and implementation in Linux
This book provides thorough knowledge of Linux TCP/IP stack and kernel framework for its network stack, including complete knowledge of design and implementation, and contains elements on TCP state machine implementation,TCP timer implementation on Linux, TCP memory management onLinux, and debugging TCP/ IP stack using lcrash.
The Transmission Control Protocol
Retransmission steganography and its detection, Soft Computing
  • Journal no. 500 Springer
  • 2009
Transmission Control Protocol, IETF RFC 793
  • Transmission Control Protocol, IETF RFC 793
  • 1981