On information hiding in retransmissions
The paper presents an idea and experimental results for RSTEG (Retransmission Steganography), which is an intra-protocol hybrid network steganography method. It is intended for a broad class of protocols that utilises retransmission mechanisms. RSTEG enables hidden communication by not acknowledging a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. Experimental results for TCP-based RSTEG traffic analysis are enclosed which were focused on measuring steganographic bandwidth and influence on TCP network traffic in terms of undetectability.
KeywordsRSTEG Network steganography Retransmission mechanism
- 1.Jankowski, B., Mazurczyk, W., & Szczypiorski, K. (2010). Information hiding using improper frame padding. In Proc. of 14th international telecommunications networks strategy and planning symposium (NETWORKS), 27–30 September 2010 (pp. 77–82). ISBN 978-1-4244-6703-7. Google Scholar
- 2.Szczypiorski, K. (2003). HICCUPS: hidden communication system for corrupted networks. In Proc. of: ACS’2003, Miedzyzdroje, Poland, October 22–24, 2003 (pp. 31–40). Google Scholar
- 3.Berk, V., Giani, A., & Cybenko, G. Detection of covert channel encoding in network packet delays (Tech. Rep. TR2005-536). Department of Computer Science, Dartmouth College, Nov. 2005. URL: http://www.ists.dartmouth.edu/library/149.pdf.
- 5.Mazurczyk, W., Smolarczyk, M., & Szczypiorski, K. (2010). Retransmission steganography applied. In Second international workshop on network steganography (IWNS) co-located with the 2010 international conference on multimedia information networking and security (MINES 2010), Nanjing, China, November 4–6, 2010. Google Scholar
- 7.Chen, C., Mangrulkar, M., Ramos, N., & Sarkar, M. Trends in TCP/IP retransmissions and resets. (Technical Report). URL: http://www-cse.ucsd.edu/classes/wi01/cse222/projects/reports/tcp-flags-13.pdf.
- 9.Stone, J., & Partridge, C. (2000). When the CRC and TCP checksum disagree. In Proc. of SIGCOMM 2000 September 2000. Google Scholar