Skip to main content
Log in

Retransmission steganography and its detection

  • Focus
  • Published:
Soft Computing Aims and scope Submit manuscript


The paper presents a new steganographic method called RSTEG (retransmission steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG is presented in the broad context of network steganography, and the utilisation of RSTEG for TCP (transmission control protocol) retransmission mechanisms is described in detail. Simulation results are also presented with the main aim of measuring and comparing the steganographic bandwidth of the proposed method for different TCP retransmission mechanisms, as well as to determine the influence of RSTEG on the network retransmission level.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others


  • Berk V, Giani A, Cybenko G (2005) Detection of covert channel encoding in network packet delays. Tech. Rep. TR2005-536, Department of Computer Science, Dartmouth College, URL:

  • Chen B, Wornell G (2001) Quantization index modulation: a class of provably good methods for digital watermarking and information embedding. IEEE Trans Info Theory 47(4):1423–1443

    Article  MATH  MathSciNet  Google Scholar 

  • Chen C, Mangrulkar M, Ramos N, Sarkar M (2001) Trends in TCP/IP retransmissions and resets. Technical Report.

  • Cox I, Kilian J, Leighton F, Shamoon T (1997) Secure spread spectrum watermarking for multimedia. IEEE Trans Image Process 6(12):1673–1687

    Article  Google Scholar 

  • Fisk G, Fisk M, Papadopoulos C, Neil J (2002) Eliminating steganography in Internet traffic with active wardens, 5th International Workshop on Information Hiding. Lect Notes Comput Sci 2578:18–35

    Article  Google Scholar 

  • Handel T, Sandford M (1996) Hiding data in the OSI network model. In: Proceedings of the 1st international workshop on information hiding, pp 23–38

  • Krätzer C, Dittmann J, Lang A, Kühne T (2006) WLAN steganography: a first practical review. In: Proceedings of the 8th ACM multimedia and security workshop

  • Kundur D, Ahsan K (2003) Practical Internet steganography: data hiding in IP. In: Proceedings of the Texas workshop on security of information systems

  • Mathis M, Mahdavi J, Floyd S, Romanow A (1996) TCP selective acknowledgment options. IETF RFC 2018

  • Mazurczyk W, Szczypiorski K (2008) Steganography of VoIP streams. In: Meersman R, Tari Z (eds) OTM 2008. Part II. Lecture notes in computer science (LNCS), vol 5332. Springer, Berlin. Proceedings of the 3rd international symposium on information security (IS’08), Monterrey, Mexico, November 10–11, pp 1001–1018

  • Mazurczyk W, Lubacz J, Szczypiorski K (2008) Hiding data in VoIP. In: Proceedings of the 26th army science conference (ASC 2008), Orlando, Florida, USA, December 1–4

  • Murdoch S, Lewis S (2005) Embedding covert channels into TCP/IP. In: Proceedings of the 7th international workshop on information hiding 2005, LNCS, vol 3727. Springer, Heidelberg, pp 247–261

  • Petitcolas F, Anderson R, Kuhn M (1999) Information hiding–a survey. IEEE Special Issue on Protection of Multimedia Content, vol 87, no. 7, pp 1062–1078

  • Postel J (1981) Transmission control protocol. IETF RFC 793

  • Rewaskar S, Kaur J, Smith F (2007) A performance study of loss detection/recovery in real-world TCP implementations. In: Proceedings of the IEEE international conference on network protocols, ICNP 2007, October 16–19, Beijing, China, ISBN 1-4244-1588-8, pp 256–265

  • Servetto S, Vetterli M (2001) Communication using phantoms: covert channels in the Internet. In: Proceedings of IEEE international symposium on information theory

  • Stevens W (1997) TCP slow start, congestion avoidance, fast retransmit, and fast recovery algorithms. IETF RFC 2001

  • Stone J, Partridge C (2000) When the CRC and TCP checksum disagree. In: Proceedings of SIGCOMM 2000

  • Szczypiorski K (2003) HICCUPS: hidden communication system for corrupted networks. In: Proceedings of: ACS’2003, October 22–24, Miedzyzdroje, Poland, pp 31–40

  • Zander S, Armitage G, Branch P (2007) A survey of covert channels and countermeasures in computer network protocols. IEEE Commun Surv Tutorials 9(3):44–57 ISSN: 1553-877X

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Wojciech Mazurczyk.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Mazurczyk, W., Smolarczyk, M. & Szczypiorski, K. Retransmission steganography and its detection. Soft Comput 15, 505–515 (2011).

Download citation

  • Published:

  • Issue Date:

  • DOI: