Steganography in Handling Oversized IP Packets

  title={Steganography in Handling Oversized IP Packets},
  author={Wojciech Mazurczyk and Krzysztof Szczypiorski},
  journal={2009 International Conference on Multimedia Information Networking and Security},
  • W. Mazurczyk, K. Szczypiorski
  • Published 2 July 2009
  • Computer Science
  • 2009 International Conference on Multimedia Information Networking and Security
This paper identifies new class of network steganography methods that utilize mechanisms for handling oversized IP packets: IP fragmentation, PMTUD (Path MTU Discovery) and PLPMTUD (Packetization Layer Path MTU Discovery). In particular, for these mechanisms we propose two new steganographic methods and three extensions of existing ones. We present how mentioned mechanisms can be used to enable hidden communication for both versions of IP protocol: 4 and 6. Also the detection of the proposed… 

Figures and Tables from this paper

Evaluation of steganographic methods for oversized IP packets
New network steganography methods that utilize mechanisms for handling oversized IP packets: IP fragmentation, PMTUD (Path MTU Discovery) and PLPMTud (Packetization Layer Path MTU discovery) are described.
Covert Channels in TCP/IP Protocol Stack
A survey of techniques for hiding data inseveral protocols from the TCP/IP protocol stack, according to a ected layer and protocol.
Network Management in Non-classified Data Hiding System Using Master Resident over Hidden Layer
A practical implementation of the NDHS understood as a military platform for information warfare that takes advantage of the hidden data transmission for voice connections in order to gain informational lead over a potential enemy is presented.
InCC: Evading Interception and Inspection by Mimicking Traffic in Network Flows
This article proposes and implements a network covert channel called InCC capable of hiding information on the Internet, which is designed to produce a undetectable communication channel between
Covert channels in TCP/IP protocol stack - extended version-
A survey of different techniques for hiding data in several protocols from the TCP/IP protocol stack, organized according to affected layer and protocol.
A Secure and Robust Covert Channel Based on Secret Sharing Scheme
This paper proposes a novel packet length based covert channel exploiting the secret sharing scheme in order to overcome the drawbacks of existing schemes and shows that the proposed covert channel is provably secure and with great robustness than that of the existing algorithms.
A fragmentation control approach in jumbo frame network
Nowadays, an amazing growth of the Internet has impacted tremendously on the network’s capability; from hundreds to thousands of Gigabits/s in the center of the network as well as at the access, and
InCC: Hiding information by Mimicking traffic in network flows
A light-weight covert channel called InCC is proposed, which is designed to produce a undetectable communication channel between systems, and is able to send messages on the same production network without compromising its existence.


Practical Data Hiding in TCP/IP
By passing supplementary information through IPv4 headers it is demonstrated how security mechanisms can be enhanced in routers, firewalls, and for services such as authentication, audit and logging without considerable additions to software or hardware.
Practical Internet Steganography : Data Hiding in IP
This paper investigates practical techniques and uses of Internet steganography and facilitates the interaction of fundamental steganographic principles with the existing network security environment to more generally bridge the areas of data hiding, network protocols and security.
Hiding Information in Retransmissions
The paper presents a new steganographic method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms, to not acknowledge a successfully received packet in order to intentionally invoke retransmissions.
Data Hiding in Identification and Offset IP Fields
A way to use unused fields in the IP header of TCP/IP packets in order to send information between to nodes over Internet.
Eliminating Steganography in Internet Traffic with Active Wardens
This paper examines the techniques and challenges of a high-bandwidth, unattended, real-time, active warden in the context of a network firewall, and introduces the concept of Minimal Requisite Fidelity (MRF) as a measure of the degree of signal fidelity that is both acceptable to end users and destructive to covert communications.
Embedding Covert Channels into TCP/IP
By examining TCP/IP specifications and open source implementations, tests to detect the use of naive embedding are developed and reversible transforms that map block cipher output onto TCP ISNs are described, indistinguishable from those generated by Linux and OpenBSD.
Communication using phantoms: covert channels in the Internet
  • S. Servetto, M. Vetterli
  • Computer Science
    Proceedings. 2001 IEEE International Symposium on Information Theory (IEEE Cat. No.01CH37252)
  • 2001
The main finding is that the use of inefficient codes to represent data that is intended to be used solely for network control operations (such as routing, sequencing, etc.), gives rise to the unintended creation of a covert channel.
A survey of covert channels and countermeasures in computer network protocols
A survey of the existing techniques for creating covert channels in widely deployed network and application protocols and an overview of common methods for their detection, elimination, and capacity limitation, required to improve security in future computer networks are given.
Covert Channels in the TCP/IP Protocol Suite
This paper attempts to illustrate the weaknesses in the TCP/IP protocol suite in both theoretical and practical examples.
Internet Protocol
Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.