Syntax and Semantics-Preserving Application-Layer Protocol Steganography

  • Norka B. Lucena
  • James Pease
  • Payman Yadollahpour
  • Steve J. Chapin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3200)


Protocol steganography allows users who wish to communicate secretly to embed information within other messages and network control protocols used by common applications. This form of unobservable communication can be used as means to enhance privacy and anonymity as well as for many other purposes, ranging from entertainment to protected business communication or national defense. In this paper, we describe our approach to application-layer protocol steganography, describing how we can embed messages into a commonly used TCP/IP protocol. We also introduce the notions of syntax and semantics preservation, which ensure that messages after embedding still conform to the host protocol. Based on those concepts, we attempt to produce reasonably secure and robust stegosystems. To demonstrate the efficacy of our approach, we have implemented protocol steganography within the Secure Shell (SSH) protocol. Findings indicate that protocol steganographic system is reasonably secure if the statistical profile of the covermessages and the statistical profile of its traffic match their counterparts after embedding.


steganography application protocols syntax semantics SSH 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Katzenbeisser, S., Petitcolas, F.A.: Information Hiding: Techniques for Steganography and Digital Watermarking. Artech House, Norwood (2000)Google Scholar
  2. 2.
    Johnson, N.F., Jajodia, S.: Steganalysis: The investigation of hidden information. In: Proceedings of the IEEE Information Technology Conference, Syracuse, New York, USA, pp. 113–116 (1998)Google Scholar
  3. 3.
    Anderson, R. (ed.): IH 1996. LNCS, vol. 1174. Springer, Heidelberg (1996)Google Scholar
  4. 4.
    Aucsmith, D. (ed.): IH 1998. LNCS, vol. 1525, p. 1. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Moskowitz, I.S. (ed.): IH 2001. LNCS, vol. 2137. Springer, Heidelberg (2001)zbMATHGoogle Scholar
  6. 6.
    Oostveen, J. (ed.): Information Hiding. Preproceedings of the Fifth International Workshop, Noordwijkerhout, The Netherlands (2002)Google Scholar
  7. 7.
    Pfitzmann, A. (ed.): Information Hiding. Proceedings of the Third International Workshop, Dresden, Germany. LNCS, vol. 1768. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Chapin, S.J., Ostermann, S.: Information hiding through semantics-preserving application-layer protocol steganography. Technical report, Center for Systems Assurance, Syracuse University (2002)Google Scholar
  9. 9.
    Kemmerer, R.: A practical approach to identify storage and timing channels: Twenty years later. In: Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC 2002), San Diego, California, pp. 109–118 (2002)Google Scholar
  10. 10.
    Dunigan, T.: Internet steganography. Technical report, Oak Ridge National Laboratory (Contract No. DE-AC05-96OR22464), Oak Ridge, Tennessee (1998) [ORNL/TM-limited distribution]Google Scholar
  11. 11.
    Handel, T., Sandford, M.: Hiding data in the OSI network model. In: Anderson, R. (ed.) Information Hiding: Proceedings of the First International Workshop, Cambridge, U.K, pp. 23–38. Springer, Heidelberg (1996)Google Scholar
  12. 12., Article 6. Phrack Magazine, 49 (1996), Retrieved on (August 27, 2002) from the World Wide Web:
  13. 13.
    Rowland, C.H.: Covert channels in the TCP/IP protocol suite. Psionics Technologies (1996), Retrieved on August 23 (2002) from the World Wide Web:
  14. 14. Characterization of internet traffic loads, segregated by application - OC48 analysis (2002), Retrieved on October 15 (2003) from the World Wide Web:
  15. 15.
    Katzenbeisser, S., Petitcolas, F.A.: Defining security in steganographic systems. In: Electronic Imaging, Photonics West (SPIE). Security and Watermarking of Multimedia Contents IV, vol. 4675, pp. 50–56 (2002)Google Scholar
  16. 16.
    Moskowitz, I.S., Longdon, G.E., WuChang, L.: A new paradigm hidden in steganography. In: Proceedings of the New Security Paradigm Workshop, Cork, Ireland, pp. 41–50 (2000)Google Scholar
  17. 17.
    Cachin, C.: An information-theoreic model for steganography. Technical Report Report 2000/028 (2002),
  18. 18.
    Anderson, R.J., Petitcolas, F.A.: On the limits of steganography. IEEE Journal of Selected Areas in Communications 16, 474–481 (1998)CrossRefGoogle Scholar
  19. 19.
    Mittelholzer, T.: An information-theoretic approach to steganography and watermarking. In: Pfitzmann, A. (ed.) IH 1999. LNCS, vol. 1768, pp. 1–16. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  20. 20.
    Zöllner, J., Federrath, H., Klimant, H., Pfitzmann, A., Piotraschke, R., Westfeld, A., Wicke, G., Wolf, G.: Modeling the security of steganographic systems. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 344–354. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  21. 21.
    Ettinger, J.M.: Steganalysis and game equilibria. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 319–328. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  22. 22.
    Hopper, N., Langford, J., von Ahn, L.: Provably secure steganography. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 77–92. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  23. 23.
    Reyzin, L., Russell, S.: More efficient provably secure steganography. Cryptology ePrint Archive: Report 2003/093 (2003),
  24. 24.
    Fridrich, J., Goljan, M.: Practical steganalysis of digital images - state of the art. In: Proceedings of the SPIE Photonics West (Security and Watermarking of Multimedia Contents IV), San Jose, California, USA, vol. 4675, pp. 1–13 (2002)Google Scholar
  25. 25.
    Provos, N., Honeyman, P.: Hide and seek: An introduction to steganography. IEEE Security & Privacy Magazine 1, 32–44 (2003)CrossRefGoogle Scholar
  26. 26.
    Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Proceedings of CRYPTO 1983, pp. 51–67. Plenum Press, New York (1983)Google Scholar
  27. 27.
    Schneier, B.: Applied Cryptography. John Wiley & Sons, Inc., Chichester (1996)Google Scholar
  28. 28.
    Pfitzmann, B.: Information hiding terminology. In: Anderson, R. (ed.) Information Hiding. Proceedings of the First International Workshop, pp. 347–349. Springer, Cambridge (1996)Google Scholar
  29. 29.
    Korn, F., Muthukrishnan, S., Zhu, Y.: Ipsofacto: A visual correlation tool for aggregate network traffic data. In: Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data, San Diego, California. Demonstration Session, pp. 677–677. ACM Press, New York (2003)CrossRefGoogle Scholar
  30. 30.
    Ka0ticSH: Diggin em walls (part 3) - advanced/other techniques for bypassing firewalls. New Order (2002), Retrieved on August 28 (2002) from the World Wide Web:
  31. 31.
    Fisk, G., Fisk, M., Papadopoulos, C., Neil, J.: Eliminating steganography in Internet traffic with active wardens. In: Oostveen, J. (ed.) Information Hiding. Preproceedings of the Fifth International Workshop, Noordwijkerhout, The Netherlands, pp. 29–46. Springer, Heidelberg (2002)Google Scholar
  32. 32.
    Bowyer, L.: Firewall bypass via protocol steganography. Network Penetration (2002), Retrieved on January 05 (2003) from the World Wide Web:
  33. 33.
    Bauer, M.: New covert channels in HTTP - adding unwitting web browsers to anonymity sets. In: Samarati, P., Syverson, P. (eds.) Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society, Washington, DC, USA, pp. 72–78. ACM Press, New York (2003) ISBN 1-58113-776-1CrossRefGoogle Scholar
  34. 34.
    Secure Shell Working Group, I.E.T.F.I.: The secure shell (2003), Retrieved on October 26 (2003) from the World Wide Web:
  35. 35.
    Barrett, D.J., Silverman, R.: SSH. In: The Secure Shell: The Definitive Guide, O’Reilly, Sebastopol (2001)Google Scholar
  36. 36.
    Watterson, B.: Something Under the Bed is Drooling. Andrews and McMeel, Kansas City, MO, pp. 101–104 (1988)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Norka B. Lucena
    • 1
  • James Pease
    • 1
  • Payman Yadollahpour
    • 1
  • Steve J. Chapin
    • 1
  1. 1.Systems Assurance InstituteSyracuse UniversitySyracuseUSA

Personalised recommendations