Practical Protocol Steganography: Hiding Data in IP Header

Xu, Bo; Wang, Jiazhen; Peng, Deyun

doi:10.1109/ams.2007.80

Cited by 21 publications

(12 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In , the least two significant bits of the type of service – normally unused – mark different covert symbols.In some cases, only one field value maps a covert symbol (Figure , right). For instance, in , where the Don't Fragment bit of the IP header is used to clandestinely send ‘0’ or ‘1’. Similarly, in , the existence or lack of the checksum – optional for UDP packets – encodes the secret binary data. Value ranges as symbols refers to a special case of correspondence where covert symbols are ________ 0 * Depending on the locations of the warden, the covert channel sender and the covert channel receiver, the class assigned to source and destination addresses can be equally tied , regular or free .…”

Section: Covert Channelsmentioning

confidence: 99%

“…In some cases, only one field value maps a covert symbol (Figure , right). For instance, in , where the Don't Fragment bit of the IP header is used to clandestinely send ‘0’ or ‘1’. Similarly, in , the existence or lack of the checksum – optional for UDP packets – encodes the secret binary data.…”

Section: Covert Channelsmentioning

confidence: 99%

“…In Case 2, a binary covert channel has been added with ‘0’ corresponding to ACK and PSH/ACK packets and ‘1’ for URG/ACK and URG/PSH/ACK, similar to the scenario proposed in but for TCP flags. The intra‐field analysis detects two clear modes and a very low autocorrelation coefficient ( ρ A =0.01) and, therefore, a medium/high suspicious level is stated.…”

Section: Intra‐field Analysis Examplesmentioning

confidence: 99%

“…We do not expect any covert channel to be detected – the less (false) positives the better. A dataset with covert channels , combining binary, 4‐bit and 8‐bit symbol channels (also two cases of container fields). We implemented 26 flows (319,660 packets) with covert channels based on the techniques proposed in with both encrypted and non‐encrypted data configurations. All this traffic is labeled as “covert”.…”

Section: Proof Of Conceptmentioning

confidence: 99%

See 3 more Smart Citations

DAT detectors: uncovering TCP/IP covert channels by descriptive analytics

Iglesias

Annessi

Zseby

2016

Security Comm Networks

View full text Add to dashboard Cite

Covert channels provide means to conceal information transfer between hosts and bypass security barriers in communication networks. Hidden communication is of paramount concern for governments and companies, because it can conceal data leakage and malware communication, which are crucial building blocks used in cyber crime. We propose detectors based on descriptive analytics of traffic (DAT) to facilitate revealing network and transport layer covert channels originated from a wide spectrum of published data‐hiding techniques. DAT detectors transform communication data into flexible feature vectors that represent traffic by a set of extracted calculations and estimations. For the case of covert channels, the core of the detection is performed by the combined application of autocorrelation calculations and multimodality measures built upon kernel density estimations and Pareto charts. DAT detectors are devised to be embedded as extensions of network intrusion detection systems, being able to perform fast, lightweight analysis of numerous flows. The present paper focuses specifically on TCP/IP traffic and provides suitable classifications of TCP/IP fields and related covert channel techniques from the perspective of the statistical detection. The proposed methodology is evaluated with public traffic datasets as well as covert channels generated according to main techniques described in the related literature. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Section: Covert Channelsmentioning

confidence: 99%

Section: Covert Channelsmentioning

confidence: 99%

Section: Intra‐field Analysis Examplesmentioning

confidence: 99%

Section: Proof Of Conceptmentioning

confidence: 99%

See 2 more Smart Citations

DAT detectors: uncovering TCP/IP covert channels by descriptive analytics

Iglesias

Annessi

Zseby

2016

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…This research specifically deals with data hiding possibilities in the IPv4 header (Xu et al, 2007). Scenarios are discussed that make use of flags and identification fields of the header (Xu et al, 2007). The layered architecture requires the IP datagram to encapsulate data received from the transport layer.…”

Section: Ipv4 Header Considerationmentioning

confidence: 99%

Image Morphing Concept for Secure Transmission of Image Data Contents over Internet

Bagade¹,

Talbar²

2010

Journal of Computer Science

View full text Add to dashboard Cite

Problem statement: Morphing of images has evolved and become a challenging field in information hiding and data security. The objective of this study is to secure the image data over internet while transmitting using the concept of image morphing Approach: To address this issue, the study proposed the new approach for image data security using the concept of image morphing. The morphing algorithm produces the stego keys. These stego keys are securely transmitted over Internet using TCP/IP. The stego keys are transmitted through TCP/IPs identification field. The proposed method suggests how to transmit stego keys through identification field of IP. Results: Exterior sample points were manually identified and its inner values were interpolated using a triangular mesh. The complexity of Beier and Neely algorithm is O (n, p, w). Where n is the number of feature lines p is no of pixels in the image w is the amount of computation required for one pair feature line. By our approach the complexity is O (n,k),where n is the number of pixels and k is the number of triangles. Computations required are less, thus effect in increasing the performance of algorithm. The stego keys are identified during morphing process. As complexity reduces the speed of stego keys identification increases. Conclusion: The result showed that the proposed approach is efficient in terms of complexity and speed to generate the morph. The solution proposed for image data security over Internet is highly secure because the keys were transferred through IP identification field. The randomness in the identification field value makes this scheme no detectable

show abstract

An overview of anonymous communications in mobile ad hoc networks

Nácher¹,

Calafate²,

Cano³

et al. 2012

Wireless Communications

View full text Add to dashboard Cite

Security is an important topic in the context of mobile ad hoc networks (MANETs). The particular features of these networks, such as the use of open air as the transmission medium or computational constraints, make them vulnerable. One of the mechanisms to protect the communication is to provide anonymity, that aims at hiding the participants' identities, as well as the message contents and any kind of information about the transaction. For this purpose, some additional security mechanisms are required, usually based on cryptographic techniques. In this paper, we review the most relevant anonymity studies in the literature, starting with an analysis of proposals for wired networks, and then moving on to MANET environments. We also present a taxonomy to differentiate proposals according to the degree of anonymity offered. Copyright © 2010 John Wiley & Sons, Ltd.

show abstract

Practical Protocol Steganography: Hiding Data in IP Header

Cited by 21 publications

References 3 publications

DAT detectors: uncovering TCP/IP covert channels by descriptive analytics

DAT detectors: uncovering TCP/IP covert channels by descriptive analytics

Image Morphing Concept for Secure Transmission of Image Data Contents over Internet

An overview of anonymous communications in mobile ad hoc networks

Contact Info

Product

Resources

About