Telecommunication Systems

, Volume 52, Issue 2, pp 1113–1121 | Cite as

On information hiding in retransmissions

  • Wojciech Mazurczyk
  • Miłosz Smolarczyk
  • Krzysztof Szczypiorski
Open Access


The paper presents an idea and experimental results for RSTEG (Retransmission Steganography), which is an intra-protocol hybrid network steganography method. It is intended for a broad class of protocols that utilises retransmission mechanisms. RSTEG enables hidden communication by not acknowledging a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. Experimental results for TCP-based RSTEG traffic analysis are enclosed which were focused on measuring steganographic bandwidth and influence on TCP network traffic in terms of undetectability.


RSTEG Network steganography Retransmission mechanism 


  1. 1.
    Jankowski, B., Mazurczyk, W., & Szczypiorski, K. (2010). Information hiding using improper frame padding. In Proc. of 14th international telecommunications networks strategy and planning symposium (NETWORKS), 27–30 September 2010 (pp. 77–82). ISBN 978-1-4244-6703-7. Google Scholar
  2. 2.
    Szczypiorski, K. (2003). HICCUPS: hidden communication system for corrupted networks. In Proc. of: ACS’2003, Miedzyzdroje, Poland, October 22–24, 2003 (pp. 31–40). Google Scholar
  3. 3.
    Berk, V., Giani, A., & Cybenko, G. Detection of covert channel encoding in network packet delays (Tech. Rep. TR2005-536). Department of Computer Science, Dartmouth College, Nov. 2005. URL:
  4. 4.
    Mazurczyk, W., Smolarczyk, M., & Szczypiorski, K. (2009). Retransmission steganography and its detection. Soft Computing, 15(3), 505–515. CrossRefGoogle Scholar
  5. 5.
    Mazurczyk, W., Smolarczyk, M., & Szczypiorski, K. (2010). Retransmission steganography applied. In Second international workshop on network steganography (IWNS) co-located with the 2010 international conference on multimedia information networking and security (MINES 2010), Nanjing, China, November 4–6, 2010. Google Scholar
  6. 6.
    Rewaskar, S., Kaur, J., & Smith, F. (2007). A performance study of loss detection/recovery in real-world TCP implementations. In Proc. of the IEEE international conference on network protocols, ICNP 2007, Beijing, China, October 16–19, 2007 (pp. 256–265). ISBN 1-4244-1588-8. CrossRefGoogle Scholar
  7. 7.
    Chen, C., Mangrulkar, M., Ramos, N., & Sarkar, M. Trends in TCP/IP retransmissions and resets. (Technical Report). URL:
  8. 8.
    Fisk, G., Fisk, M., Papadopoulos, C., & Neil, J. (2002). Eliminating steganography in Internet traffic with active wardens. In Lecture notes in computer science: Vol. 2578. 5th international workshop on information hiding (pp. 18–35). CrossRefGoogle Scholar
  9. 9.
    Stone, J., & Partridge, C. (2000). When the CRC and TCP checksum disagree. In Proc. of SIGCOMM 2000 September 2000. Google Scholar

Copyright information

© The Author(s) 2011

Authors and Affiliations

  • Wojciech Mazurczyk
    • 1
  • Miłosz Smolarczyk
    • 1
  • Krzysztof Szczypiorski
    • 1
  1. 1.Institute of TelecommunicationsWarsaw University of TechnologyWarsawPoland

Personalised recommendations