Abstract
This paper describes new network steganography methods that utilize mechanisms for handling oversized IP packets: IP fragmentation, PMTUD (Path MTU Discovery) and PLPMTUD (Packetization Layer Path MTU Discovery). In particular, for these mechanisms we propose two new steganographic methods and three extensions of existing ones. We present how mentioned mechanisms can be used to enable hidden communication for both versions of IP protocol: 4 and 6 and how they can be detected. Results for experimental evaluation of IP fragmentation steganographic methods are also enclosed in this paper.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Rowland, C. (1997). Covert channels in the TCP/IP protocol suite, first Monday. Peer Reviewed Journal on the Internet, July 1997.
Zander, S., Armitage, G., & Branch, P. (2007). A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys & Tutorials, 9(3), 44–57. ISSN: 1553-877X.
Petitcolas, F., Anderson, R., & Kuhn, M. (1999). Information hiding—a survey. IEEE Special Issue on Protection of Multimedia Content, July 1999.
Murdoch, S. J., & Lewis, S. (2005). Embedding covert channels into TCP/IP. Information Hiding, 247–260.
Postel, J. (1981). Internet protocol. IETF RFC 791, September 1981.
Mogul, J., & Deering, S. (1990). Path MTU discovery. IETF RFC 1191, November 1990.
McCann, J., Mogul, J., & Deering, S. (1996). Path MTU discovery for IP version 6. IETF RFC 1981, August 1996.
Mathis, M., & Heffner, J. (2007). Packetization layer path MTU discovery. IETF RFC 4821, March 2007.
Deering, S., & Hinden, R. (1998). Internet protocol, version 6 (IPv6) specification. IETF RFC 2460, December 1998.
Conta, A., Deering, S., & Gupta, M. (2006). Internet control message protocol (ICMPv6) for the Internet protocol version 6 (IPv6) specification. IETF RFC 4443, March 2006.
Lahey, K. (2000). TCP problems with path MTU discovery. IETF RFC 2923, September 2000.
Ahsan, K., & Kundur, D. (2002). Practical data hiding in TCP/IP. In Proc. ACM wksp. multimedia security, December 2002.
Mazurczyk, W., & Szczypiorski, K. (2009). Steganography in handling oversized IP packets. In Proc. of first international workshop on network steganography (IWNS 2009), November 18–20, 2009, Wuhan, China.
Cauich, E., Gomez Cardenas, R., & Watanabe, R. (2005). Data hiding in identification and offset IP fields. In Proc. 5th int’l. school and symp. advanced distributed systems (ISSADS), January 2005 (pp. 118–125).
Lucena, N. B., Lewandowski, G., & Chapin, S. J. (2005). Covert channels in IPv6. In Proc. privacy enhancing technologies (PET), May 2005 (pp. 147–166).
Chakinala, R., Kumarasubramaniam, A., Manokaran, R., Noubir, G., Pandu Rangan, C., & Sundaram, R. (2006). Steganographic communication in ordered channels, materiały. In Information hiding workshop, IHW 2006, LNCS 4437/2007 (pp. 42–57).
Kundur, D., & Ahsan, K. (2003). Practical Internet steganography: data hiding in IP. In Proc. of Texas workshop: security of information systems, April 2003.
Girling, C. G. (1987). Covert channels in LAN’s. IEEE Transactions on Software Engineering, SE-13(2), 292–296.
Servetto, S. D., & Vetterli, M. (2001). Communication using phantoms: covert channels in the Internet. In Proc. IEEE international symposium information theory (ISIT), June 2001.
Fisk, G., Fisk, M., Papadopoulos, C., & Neil, J. (2002). Eliminating steganography in Internet traffic with active wardens. In Lecture notes in computer science : Vol. 2578. Proc. 5th international workshop on information hiding (pp. 18–35). Berlin: Springer.
Mazurczyk, W., Smolarczyk, S., & Szczypiorski, K. (2009). Hiding information in retransmissions. In Computing research repository (CoRR). arXiv:0905.0363 [abs].
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Open Access This is an open access article distributed under the terms of the Creative Commons Attribution Noncommercial License (https://creativecommons.org/licenses/by-nc/2.0), which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.
About this article
Cite this article
Mazurczyk, W., Szczypiorski, K. Evaluation of steganographic methods for oversized IP packets. Telecommun Syst 49, 207–217 (2012). https://doi.org/10.1007/s11235-010-9362-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11235-010-9362-7