Evaluation of steganographic methods for oversized IP packets

This paper describes new network steganography methods that utilize mechanisms for handling oversized IP packets: IP fragmentation, PMTUD (Path MTU Discovery) and PLPMTUD (Packetization Layer Path MTU Discovery). In particular, for these mechanisms we propose two new steganographic methods and three extensions of existing ones. We present how mentioned mechanisms can be used to enable hidden communication for both versions of IP protocol: 4 and 6 and how they can be detected. Results for experimental evaluation of IP fragmentation steganographic methods are also enclosed in this paper.

[1]  Kevin Lahey,et al.  TCP Problems with Path MTU Discovery , 2000, RFC.

[2]  Sebastian Zander,et al.  A survey of covert channels and countermeasures in computer network protocols , 2007, IEEE Communications Surveys & Tutorials.

[3]  Wojciech Mazurczyk,et al.  Steganography in Handling Oversized IP Packets , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[4]  Stephen E. Deering,et al.  Path MTU Discovery for IP version 6 , 1996, RFC.

[5]  Markus G. Kuhn,et al.  Information hiding-A survey : Identification and protection of multimedia information , 1999 .

[6]  Martin Vetterli,et al.  Communication using phantoms: covert channels in the Internet , 2001, Proceedings. 2001 IEEE International Symposium on Information Theory (IEEE Cat. No.01CH37252).

[7]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[8]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[9]  Deepa Kundur,et al.  Practical Data Hiding in TCP/IP , 2002 .

[10]  Mike Fisk,et al.  Eliminating Steganography in Internet Traffic with Active Wardens , 2002, Information Hiding.

[11]  Deepa Kundur,et al.  Practical Internet Steganography : Data Hiding in IP , 2003 .

[12]  Craig H. Rowland,et al.  Covert Channels in the TCP/IP Protocol Suite , 1997, First Monday.

[13]  Ryosuke Watanabe,et al.  Data Hiding in Identification and Offset IP Fields , 2005, ISSADS.

[14]  Steven J. Murdoch,et al.  Embedding Covert Channels into TCP/IP , 2005, Information Hiding.

[15]  Markus G. Kuhn,et al.  Information hiding-a survey , 1999, Proc. IEEE.

[16]  Stephen E. Deering,et al.  Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) , 1995, RFC.

[17]  Stephen E. Deering,et al.  Path MTU discovery , 1990, RFC.

[18]  Matt Mathis,et al.  Packetization Layer Path MTU Discovery , 2007, RFC.

[19]  C. Pandu Rangan,et al.  Steganographic Communication in Ordered Channels , 2006, Information Hiding.

[20]  C. Gray Girling,et al.  Covert Channels in LAN's , 1987, IEEE Transactions on Software Engineering.

[21]  Grzegorz Lewandowski,et al.  Covert Channels in IPv6 , 2005, Privacy Enhancing Technologies.

[22]  Wojciech Mazurczyk,et al.  Hiding Information in Retransmissions , 2009, ArXiv.