PadSteg: introducing inter-protocol steganography

Bartosz Jankowski; Wojciech Mazurczyk; Krzysztof Szczypiorski

doi:10.1007/s11235-011-9616-z

Download PDF

Telecommunication Systems

February 2013, Volume 52, Issue 2, pp 1101–1111

PadSteg: introducing inter-protocol steganography

Authors
Authors and affiliations

Bartosz Jankowski
Wojciech MazurczykEmail author
Krzysztof Szczypiorski

Open Access

Article

First Online:: 01 September 2011

DOI: 10.1007/s11235-011-9616-z

Cite this article as:: Jankowski, B., Mazurczyk, W. & Szczypiorski, K. Telecommun Syst (2013) 52: 1101. doi:10.1007/s11235-011-9616-z

2 Citations
742 Downloads

Abstract

Hiding information in network traffic may lead to leakage of confidential information. In this paper we introduce a new steganographic system: the PadSteg (Padding Steganography). To authors’ best knowledge it is the first information hiding solution which represents inter-protocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communication. PadSteg utilizes ARP and TCP protocols together with an Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret communication for hidden groups in LANs (Local Area Networks). Basing on real network traces we confirm that PadSteg is feasible in today’s networks and we estimate what steganographic bandwidth is achievable while limiting the chance of disclosure. We also point at possible countermeasures against PadSteg.

Keywords

Steganography ARP Frame padding Etherleak

Download to read the full article text

References

1.
Rowland, C. (1997). Covert channels in the TCP/IP protocol suite. First Monday. Peer Reviewed Journal on the Internet, July 1997.
2.
Zander, S., Armitage, G., & Branch, P. (2007). A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys and Tutorials, 9(3), 44–57. CrossRefGoogle Scholar
3.
Petitcolas, F., Anderson, R., & Kuhn, M. (1999). Information hiding—a survey. IEEE Special Issue on Protection of Multimedia Content, July 1999.
4.
Murdoch, S. J., & Lewis, S. (2005). Embedding covert channels into TCP/IP. In Information hiding (pp. 247–261). CrossRefGoogle Scholar
5.
Ahsan, K., & Kundur, D. (2002). Practical data hiding in TCP/IP. In Proc. ACM wksp. multimedia security, December 2002. Google Scholar
6.
Kundur, D., & Ahsan, K. (2003). Practical Internet steganography: data hiding in IP. In Proc. Texas wksp. security of information systems, April 2003. Google Scholar
7.
Fisk, G., Fisk, M., Papadopoulos, C., & Neil, J. (2002). Eliminating steganography in Internet traffic with active wardens. In Lecture notes in computer science: Vol. 2578. Proc. 5th international workshop on information hiding (pp. 18–35). CrossRefGoogle Scholar
8.
Lucena, N. B., Lewandowski, G., & Chapin, S. J. (2005). Covert channels in IPv6. In Proc. privacy enhancing technologies (PET) (pp. 147–166), May 2005 Google Scholar
9.
Arkin, O., & Anderson, J. (2003). Ethernet frame padding information leakage (Atstake report). http://packetstorm.codar.com.br/advisories/atstake/atstake_etherleak_report.pdf.
10.
Plummer, D. C. (1982). An ethernet address resolution protocol. RFC 826, November 1982.
11.
Girling, C. G. (1987). Covert channels in LAN’s. IEEE Transactions on Software Engineering, SE-13(2), 292–296. CrossRefGoogle Scholar
12.
Handel, T., & Sandford, M. (1996). Hiding data in the OSI network model. In Proceedings of the first international workshop on information hiding (pp. 23–38). CrossRefGoogle Scholar
13.
Wolf, M. (1989). Covert channels in LAN protocols. In Proc. wksp. local area network security (LANSEC) (pp. 91–101). Google Scholar
14.
Mazurczyk, W., & Szczypiorski, K. (2008). Steganography of VoIP streams. In R. Meersman & Z. Tari (Eds.), Lecture notes in computer science: Vol. 5332. OTM 2008, Part II (pp. 1001–1018). Proc. of the 3rd international symposium on information security (IS’08), Monterrey, Mexico, November 2008. Berlin: Springer. Google Scholar
15.
Mazurczyk, W., Smolarczyk, M., & Szczypiorski, K. Retransmission steganography and its detection. Soft Computing, 15(3), 505–515.
16.
Jankowski, B., Mazurczyk, W., & Szczypiorski, K. Information hiding using improper frame padding. Submitted to 14th international telecommunications network strategy and planning symposium (Networks 2010), 27–30.09.2010, Warsaw, Poland.

PadSteg: introducing inter-protocol steganography

Abstract

Keywords

Copyright information

Authors and Affiliations

Personalised recommendations

Cookies