Hiding Information in Retransmissions

📝 Abstract

The paper presents a new steganographic method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG is presented in the broad context of network steganography, and the utilisation of RSTEG for TCP (Transport Control Protocol) retransmission mechanisms is described in detail. Simulation results are also presented with the main aim to measure and compare the steganographic bandwidth of the proposed method for different TCP retransmission mechanisms as well as to determine the influence of RSTEG on the network retransmissions level.

💡 Analysis

The paper presents a new steganographic method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG is presented in the broad context of network steganography, and the utilisation of RSTEG for TCP (Transport Control Protocol) retransmission mechanisms is described in detail. Simulation results are also presented with the main aim to measure and compare the steganographic bandwidth of the proposed method for different TCP retransmission mechanisms as well as to determine the influence of RSTEG on the network retransmissions level.

📄 Content

Hiding Information in Retransmissions

Wojciech Mazurczyk, Miłosz Smolarczyk, and Krzysztof Szczypiorski Warsaw University of Technology, Institute of Telecommunications
Warsaw, Poland, 00-665, ul. Nowowiejska 15/19

Abstract. The paper presents a new steganographic method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG is presented in the broad context of network steganography, and the utilisation of RSTEG for TCP (Transport Control Protocol) retransmission mechanisms is described in detail. Simulation results are also presented with the main aim to measure and compare the steganographic bandwidth of the proposed method for different TCP retransmission mechanisms as well as to determine the influence of RSTEG on the network retransmissions level.

Key words: RSTEG, steganography, retransmission mechanism

Classification of Network Steganography and Related Work Communication network steganography is a method of hiding secret data in the normal data transmissions of users so that it ideally cannot be detected by third parties. Many new methods have been proposed and analysed, including those in [22], [14] and [13]. Network steganography methods may be viewed as a threat to network security, as they may be used as a tool for confidential information leakage, for example. For this reason, it is important to identify possibilities for covert communication, as knowledge of information hiding procedures may be used to develop countermeasures.

Network steganography may be classified [11] into three broad groups (Fig. 1):

Steganographic methods that modify packets (MP), including network protocol headers or payload fields.

Steganographic methods that modify the structure of packet streams (MS), for example, by affecting the order of packets, modifying inter-packet delay or introducing intentional losses.

Hybrid steganographic methods (HB) that modify both the content of packets and their timing and ordering.

Fig. 1 A network steganography classification

Examples of methods for each group and their characteristic features are described in Tables 1-3.

Table 1. Examples and characteristic features of steganographic MP methods
MP Methods Examples of steganographic methods Features Methods that modify protocol- specific fields Methods based on the modification of IP, TCP, and UDP headers fields [13]. Yield relatively high steganographic capacity. Implementation and detection is relatively straightforward. Drawbacks include potential loss of protocol functionality. Methods that modify packet payload Watermarking algorithms ([4], [2]), speech codec steganographic techniques. Generally yield lower steganographic capacity and are harder to implement and detect. Drawbacks include potential deterioration of transmission quality, e.g., if applied to VoIP (Voice over IP). Mixed techniques HICCUPS (Hidden Communication System for Corrupted Networks, [20]). Offer high steganographic capacity, but the implementation is more difficult than other methods due to the required low-level hardware access. For the same reason, steganalysis is harder to perform. Drawbacks include increased frame error rate.

Table 2. Examples and characteristic features of steganographic MS methods
Examples of MS methods
Features Methods that affect the sequence order of packets [9]. • Sender-receiver synchronisation required.
• Lower steganographic capacity and harder to detect than methods that utilise protocol-specific fields. • Straightforward implementation. • Drawbacks include delays that may affect transmission quality. Methods that modify inter-packet delay [1]. Methods that introduce intentional losses by skipping sequence numbers at the sender [17].

Table 3. Examples and characteristic features of steganographic HB methods
Examples of HB methods
Features LACK (Lost Audio PaCKets Steganography) [12]. • Modify both packets and their time dependencies. • High steganographic capacity. • Hard to detect. • Sender-receiver synchronisation not required.
• Straightforward implementation. • Drawbacks include a loss in connection quality. RSTEG (which is presented in details in this paper).

In the context of the above classification of network steganography methods, we propose a new hybrid method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilise retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retran

This content is AI-processed based on ArXiv data.