Soft Computing

, Volume 15, Issue 3, pp 505–515 | Cite as

Retransmission steganography and its detection

  • Wojciech Mazurczyk
  • Miłosz Smolarczyk
  • Krzysztof Szczypiorski


The paper presents a new steganographic method called RSTEG (retransmission steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG is presented in the broad context of network steganography, and the utilisation of RSTEG for TCP (transmission control protocol) retransmission mechanisms is described in detail. Simulation results are also presented with the main aim of measuring and comparing the steganographic bandwidth of the proposed method for different TCP retransmission mechanisms, as well as to determine the influence of RSTEG on the network retransmission level.


RSTEG Steganography Retransmission mechanism 


  1. Berk V, Giani A, Cybenko G (2005) Detection of covert channel encoding in network packet delays. Tech. Rep. TR2005-536, Department of Computer Science, Dartmouth College, URL:
  2. Chen B, Wornell G (2001) Quantization index modulation: a class of provably good methods for digital watermarking and information embedding. IEEE Trans Info Theory 47(4):1423–1443zbMATHCrossRefMathSciNetGoogle Scholar
  3. Chen C, Mangrulkar M, Ramos N, Sarkar M (2001) Trends in TCP/IP retransmissions and resets. Technical Report.
  4. Cox I, Kilian J, Leighton F, Shamoon T (1997) Secure spread spectrum watermarking for multimedia. IEEE Trans Image Process 6(12):1673–1687CrossRefGoogle Scholar
  5. Fisk G, Fisk M, Papadopoulos C, Neil J (2002) Eliminating steganography in Internet traffic with active wardens, 5th International Workshop on Information Hiding. Lect Notes Comput Sci 2578:18–35CrossRefGoogle Scholar
  6. Handel T, Sandford M (1996) Hiding data in the OSI network model. In: Proceedings of the 1st international workshop on information hiding, pp 23–38Google Scholar
  7. Krätzer C, Dittmann J, Lang A, Kühne T (2006) WLAN steganography: a first practical review. In: Proceedings of the 8th ACM multimedia and security workshopGoogle Scholar
  8. Kundur D, Ahsan K (2003) Practical Internet steganography: data hiding in IP. In: Proceedings of the Texas workshop on security of information systemsGoogle Scholar
  9. Mathis M, Mahdavi J, Floyd S, Romanow A (1996) TCP selective acknowledgment options. IETF RFC 2018Google Scholar
  10. Mazurczyk W, Szczypiorski K (2008) Steganography of VoIP streams. In: Meersman R, Tari Z (eds) OTM 2008. Part II. Lecture notes in computer science (LNCS), vol 5332. Springer, Berlin. Proceedings of the 3rd international symposium on information security (IS’08), Monterrey, Mexico, November 10–11, pp 1001–1018Google Scholar
  11. Mazurczyk W, Lubacz J, Szczypiorski K (2008) Hiding data in VoIP. In: Proceedings of the 26th army science conference (ASC 2008), Orlando, Florida, USA, December 1–4Google Scholar
  12. Murdoch S, Lewis S (2005) Embedding covert channels into TCP/IP. In: Proceedings of the 7th international workshop on information hiding 2005, LNCS, vol 3727. Springer, Heidelberg, pp 247–261Google Scholar
  13. Petitcolas F, Anderson R, Kuhn M (1999) Information hiding–a survey. IEEE Special Issue on Protection of Multimedia Content, vol 87, no. 7, pp 1062–1078Google Scholar
  14. Postel J (1981) Transmission control protocol. IETF RFC 793Google Scholar
  15. Rewaskar S, Kaur J, Smith F (2007) A performance study of loss detection/recovery in real-world TCP implementations. In: Proceedings of the IEEE international conference on network protocols, ICNP 2007, October 16–19, Beijing, China, ISBN 1-4244-1588-8, pp 256–265Google Scholar
  16. Servetto S, Vetterli M (2001) Communication using phantoms: covert channels in the Internet. In: Proceedings of IEEE international symposium on information theoryGoogle Scholar
  17. Stevens W (1997) TCP slow start, congestion avoidance, fast retransmit, and fast recovery algorithms. IETF RFC 2001Google Scholar
  18. Stone J, Partridge C (2000) When the CRC and TCP checksum disagree. In: Proceedings of SIGCOMM 2000Google Scholar
  19. Szczypiorski K (2003) HICCUPS: hidden communication system for corrupted networks. In: Proceedings of: ACS’2003, October 22–24, Miedzyzdroje, Poland, pp 31–40Google Scholar
  20. Zander S, Armitage G, Branch P (2007) A survey of covert channels and countermeasures in computer network protocols. IEEE Commun Surv Tutorials 9(3):44–57 ISSN: 1553-877XCrossRefGoogle Scholar

Copyright information

© Springer-Verlag 2009

Authors and Affiliations

  • Wojciech Mazurczyk
    • 1
  • Miłosz Smolarczyk
    • 1
  • Krzysztof Szczypiorski
    • 1
  1. 1.Warsaw University of Technology, Institute of TelecommunicationsWarsawPoland

Personalised recommendations