Traceroute Based IP Channel for Sending Hidden Short Messages

  • Zouheir Trabelsi
  • Hesham El-Sayed
  • Lilia Frikha
  • Tamer Rabie
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4266)


The paper proposes a novel IP channel for sending hidden short messages, based mainly on the use of the “traceroute” command and the IP header Record route options. Instead of encrypting a hidden message or embedding it into a multimedia object, as in traditional multimedia steganography, we process the entire message and generate several IP packets with different types to carry the secret message. Thereby we foil an eavesdropper who is primarily applying statistical tests to detect encrypted communication channels. We show that our approach provides more protection against Steganalysis and sniffing attacks. A friendly graphical tool has been implemented to demonstrate the proposed secret IP channel.


Covert channel Hidden information IP header Record route option Steganalysis Traceroute 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Singh, A., Nordström, O., Lu, C., dos Santos, A.L.M.: Malicious ICMP Tunnelling: Defence against the Vulnerability. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 226–236. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Kamran, A.: Covert Channel Analysis and Data Hiding in TCP/IP, Master Thesis, University of Toronto (2002)Google Scholar
  3. 3.
    Ahsan, K., Kundur, D.: Practical data hiding in TCP/IP. In: Proceedings of the Workshop on Multimedia Security at ACM Multimedia (December 2002)Google Scholar
  4. 4.
    Lampson, B.W.: A note on the confinement problem. In: Proceedings of the Communications of the ACM, vol. 16(10), pp. 613–615 (October 1973)Google Scholar
  5. 5.
    Girling, C.: Covert channels in LAN’s. IEEE Transactions on Software Engineering, vol. SE-13(2) (February 1987)Google Scholar
  6. 6.
    Rowland, C.H.: Covert channels in the TCP/IP protocol suite. Tech. Rep. 5, First Monday, Peer Reviewed Journal on the Internet (July 1997)Google Scholar
  7. 7.
    Cachin, C.: An information-theoretic model for steganography. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 306–318. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Abad, C.: IP checksum covert channels and selected hash collision, Technical report (2001)Google Scholar
  9. 9.
    Wu, D., Wong, F.: Remote Sniffer Detection. Computer Science Division. University of California, Berkeley, December 14 (1998)Google Scholar
  10. 10.
    Fisk, G., Fisk, M., Papadopoulos, C., Neil, J.: Eliminating Steganography in Internet Traffic with Active Wardens. In: The Proceedings of the 5th International Workshop on Information Hiding, October 07-09, pp. 18–35 (2002)Google Scholar
  11. 11.
    Postel, J.: Internet Control Message Protocol, Protocol Specifications, DARPA Internet Program (September 1984)Google Scholar
  12. 12.
    McHugh, J.: Covert Channel Analysis, Portland State University (December 1995)Google Scholar
  13. 13.
    Giffin, J., Greenstadt, R., Litwack, P., Tibbetts, R.: Covert messaging through TCP timestamps. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 194–208. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Wolf, M.: Covert channels in LAN protocols. In: Berson, T.A., Beth, T. (eds.) LANSEC 1989. LNCS, vol. 396, pp. 91–102. Springer, Heidelberg (1989)Google Scholar
  15. 15.
    Kuhn, M.G., Petitcolas, F.A.P., Anderson, R.J.: Information hiding – a survey. In: Proceedings of the IEEE, special issue on protection of multimedia content, vol. 87(7), pp. 1062–1078 (July 1999)Google Scholar
  16. 16.
    Stevens, R.: – TCP/IP Illustrated: vol. 1 (2001)Google Scholar
  17. 17.
    Anderson, R., Petitcolas, F.A.P.: On the limits of steganography. IEEE Journal on Selected Areas in Communications 16, 474–481 (1998)CrossRefGoogle Scholar
  18. 18.
    RFC 950 - Internet Standard Subnetting ProcedureGoogle Scholar
  19. 19.
    RFC 1466 - Guidelines for Management of IP Address Space Google Scholar
  20. 20.
    RFC 1393 - Traceroute message Google Scholar
  21. 21.
    Katzenbeisser, S., Petitcolas, F.: Information Hiding Techniques for Steganography and Digital Watermarking. Computer Security Series, 685 Canton Street, 02062. Artech House, Inc., Norwood (2000)Google Scholar
  22. 22.
    Handel, T., Sandford, M.: Hiding data in the OSI network model. In: First International Workshop on Information Hiding, Cambridge, U.K (May-June 1996)Google Scholar
  23. 23.
    U.S.D.O.D., Trusted computer system evaluation criteria (1985)Google Scholar
  24. 24.
    Uc davis denial of service (dos) project, meeting notes, January 27 (1999),
  25. 25.
    Radhakrishnan, R., Shanmugasundaram, K., Memon, N.D.: Data masking: a secure-covert channel paradigm. In: IEEE Workshop on Multimedia Signal Processings, pp. 339–342 (2002)Google Scholar
  26. 26.
    Murdoch, S.J., Lewis, S.: Embedding Covert Channels into TCP/IP. In: The 7th Information Hiding Workshop, Barcelona, Catalonia, June 6–8 (Spain) (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Zouheir Trabelsi
    • 1
  • Hesham El-Sayed
    • 1
  • Lilia Frikha
    • 2
  • Tamer Rabie
    • 1
  1. 1.College of Information TechnologyUnited Arab Emirates UniversityAl AinUnited Arab Emirates
  2. 2.College of Telecommunications (SupCom)The University of Tunisia, Cité Technologique des CommunicationsEl Ghazala, ArianaTunisia

Personalised recommendations