Telecommunication Systems

, Volume 49, Issue 2, pp 207–217 | Cite as

Evaluation of steganographic methods for oversized IP packets

  • Wojciech Mazurczyk
  • Krzysztof Szczypiorski
Open Access


This paper describes new network steganography methods that utilize mechanisms for handling oversized IP packets: IP fragmentation, PMTUD (Path MTU Discovery) and PLPMTUD (Packetization Layer Path MTU Discovery). In particular, for these mechanisms we propose two new steganographic methods and three extensions of existing ones. We present how mentioned mechanisms can be used to enable hidden communication for both versions of IP protocol: 4 and 6 and how they can be detected. Results for experimental evaluation of IP fragmentation steganographic methods are also enclosed in this paper.


Network steganography IP fragmentation PMTUD PLPMTUD 


  1. 1.
    Rowland, C. (1997). Covert channels in the TCP/IP protocol suite, first Monday. Peer Reviewed Journal on the Internet, July 1997. Google Scholar
  2. 2.
    Zander, S., Armitage, G., & Branch, P. (2007). A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys & Tutorials, 9(3), 44–57. ISSN: 1553-877X. CrossRefGoogle Scholar
  3. 3.
    Petitcolas, F., Anderson, R., & Kuhn, M. (1999). Information hiding—a survey. IEEE Special Issue on Protection of Multimedia Content, July 1999. Google Scholar
  4. 4.
    Murdoch, S. J., & Lewis, S. (2005). Embedding covert channels into TCP/IP. Information Hiding, 247–260. Google Scholar
  5. 5.
    Postel, J. (1981). Internet protocol. IETF RFC 791, September 1981. Google Scholar
  6. 6.
    Mogul, J., & Deering, S. (1990). Path MTU discovery. IETF RFC 1191, November 1990. Google Scholar
  7. 7.
    McCann, J., Mogul, J., & Deering, S. (1996). Path MTU discovery for IP version 6. IETF RFC 1981, August 1996. Google Scholar
  8. 8.
    Mathis, M., & Heffner, J. (2007). Packetization layer path MTU discovery. IETF RFC 4821, March 2007. Google Scholar
  9. 9.
    Deering, S., & Hinden, R. (1998). Internet protocol, version 6 (IPv6) specification. IETF RFC 2460, December 1998. Google Scholar
  10. 10.
    Conta, A., Deering, S., & Gupta, M. (2006). Internet control message protocol (ICMPv6) for the Internet protocol version 6 (IPv6) specification. IETF RFC 4443, March 2006. Google Scholar
  11. 11.
    Lahey, K. (2000). TCP problems with path MTU discovery. IETF RFC 2923, September 2000. Google Scholar
  12. 12.
    Ahsan, K., & Kundur, D. (2002). Practical data hiding in TCP/IP. In Proc. ACM wksp. multimedia security, December 2002. Google Scholar
  13. 13.
    Mazurczyk, W., & Szczypiorski, K. (2009). Steganography in handling oversized IP packets. In Proc. of first international workshop on network steganography (IWNS 2009), November 18–20, 2009, Wuhan, China. Google Scholar
  14. 14.
    Cauich, E., Gomez Cardenas, R., & Watanabe, R. (2005). Data hiding in identification and offset IP fields. In Proc. 5th int’l. school and symp. advanced distributed systems (ISSADS), January 2005 (pp. 118–125). Google Scholar
  15. 15.
    Lucena, N. B., Lewandowski, G., & Chapin, S. J. (2005). Covert channels in IPv6. In Proc. privacy enhancing technologies (PET), May 2005 (pp. 147–166). Google Scholar
  16. 16.
    Chakinala, R., Kumarasubramaniam, A., Manokaran, R., Noubir, G., Pandu Rangan, C., & Sundaram, R. (2006). Steganographic communication in ordered channels, materiały. In Information hiding workshop, IHW 2006, LNCS 4437/2007 (pp. 42–57). Google Scholar
  17. 17.
    Kundur, D., & Ahsan, K. (2003). Practical Internet steganography: data hiding in IP. In Proc. of Texas workshop: security of information systems, April 2003. Google Scholar
  18. 18.
    Girling, C. G. (1987). Covert channels in LAN’s. IEEE Transactions on Software Engineering, SE-13(2), 292–296. CrossRefGoogle Scholar
  19. 19.
    Servetto, S. D., & Vetterli, M. (2001). Communication using phantoms: covert channels in the Internet. In Proc. IEEE international symposium information theory (ISIT), June 2001. Google Scholar
  20. 20.
    Fisk, G., Fisk, M., Papadopoulos, C., & Neil, J. (2002). Eliminating steganography in Internet traffic with active wardens. In Lecture notes in computer science : Vol. 2578. Proc. 5th international workshop on information hiding (pp. 18–35). Berlin: Springer. CrossRefGoogle Scholar
  21. 21.
    Mazurczyk, W., Smolarczyk, S., & Szczypiorski, K. (2009). Hiding information in retransmissions. In Computing research repository (CoRR). arXiv:0905.0363 [abs].

Copyright information

© The Author(s) 2010

Authors and Affiliations

  1. 1.Institute of TelecommunicationsWarsaw University of TechnologyWarsawPoland

Personalised recommendations