Information Hiding Using Improper frame padding

Author

Jankowski, Bartosz ; Mazurczyk, Wojciech ; Szczypiorski, Krzysztof

Author_Institution

Inst. of Telecommun., Warsaw Univ. of Technol., Warsaw, Poland

fYear

2010

fDate

27-30 Sept. 2010

Firstpage

1

Lastpage

6

Abstract

Hiding information in network traffic may lead to leakage of confidential information. In this paper we introduce a new steganographic system: the PadSteg (Padding Steganography). To authors´ best knowledge it is the first information hiding solution which represents inter-protocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communication. PadSteg utilizes ARP and TCP protocols together with an Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret communication for hidden groups in LANs (Local Area Networks). Basing on real network traces we confirm that PadSteg is feasible in today´s networks and we estimate what steganographic bandwidth is achievable while limiting the chance of disclosure. We also point at possible countermeasures against PadSteg.

Keywords

computer network security; cryptographic protocols; data encapsulation; local area networks; steganography; transport protocols; ARP protocols; LAN; PadSteg; TCP protocols; TCP/IP stack; improper frame padding; information hiding; interprotocol steganography; local area networks; network traffic; padding steganography; steganographic bandwidth; steganographic system; Bandwidth; Ethernet networks; Hardware; IP networks; Local area networks; Protocols; Security; ARP; Etherleak; frame padding; steganography;

fLanguage

English

Publisher

ieee

Conference_Titel

Telecommunications Network Strategy and Planning Symposium (NETWORKS), 2010 14th International

Conference_Location

Warsaw

Print_ISBN

978-1-4244-6704-4

Electronic_ISBN

978-1-4244-6705-1

Type

conf

DOI

10.1109/NETWKS.2010.5624901

Filename

5624901