PadSteg: introducing inter-protocol steganography

Bartosz Jankowski , Wojciech Mazurczyk , Krzysztof Szczypiorski

Abstract

Hiding information in network traffic may lead to leakage of confidential information. In this paper we introduce a new steganographic system: the PadSteg (Padding Steganography). To authors’ best knowledge it is the first information hiding solution which represents inter-protocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communication. PadSteg utilizes ARP and TCP protocols together with an Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret communication for hidden groups in LANs (Local Area Networks). Basing on real network traces we confirm that PadSteg is feasible in today’s networks and we estimate what steganographic bandwidth is achievable while limiting the chance of disclosure. We also point at possible countermeasures against PadSteg.
Author Bartosz Jankowski (FEIT / IT)
Bartosz Jankowski,,
- The Institute of Telecommunications
, Wojciech Mazurczyk (FEIT / IT)
Wojciech Mazurczyk,,
- The Institute of Telecommunications
, Krzysztof Szczypiorski (FEIT / IT)
Krzysztof Szczypiorski,,
- The Institute of Telecommunications
Journal seriesTelecommunication Systems, ISSN 1018-4864, [1572-9451 (electronic version)]
Issue year2013
Vol52
No2
Pages1101–1111
Keywords in EnglishSteganography, ARP, Frame padding, Etherleak
ASJC Classification2208 Electrical and Electronic Engineering
DOIDOI:10.1007/s11235-011-9616-z
URL http://www.springerlink.com/content/p75162x77g74266p/
ProjectThe Develpment of Digital Communicatios. Project leader: Lubacz Józef, , Phone: 22 234 65 31, start date 04-05-2012, planned end date 31-03-2013, end date 31-12-2013, IT/2012/statut, Completed
WEiTI Działalność statutowa
Languageen angielski
File
fulltext PadSteg.pdf 1.58 MB
art%3A10.1007%2Fs11235-011-9616-z.pdf 1.57 MB
Score (nominal)25
Score sourcejournalList
ScoreMinisterial score = 20.0, 18-09-2020, ArticleFromJournal
Ministerial score (2013-2016) = 25.0, 18-09-2020, ArticleFromJournal
Publication indicators WoS Citations = 15; Scopus Citations = 19; GS Citations = 43.0; Scopus SNIP (Source Normalised Impact per Paper): 2014 = 1.174; WoS Impact Factor: 2013 = 1.163 (2) - 2013=1.201 (5)
Citation count*43 (2020-09-21)
Cite
Share Share

Get link to the record


* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Back
Confirmation
Are you sure?