PadSteg: introducing inter-protocol steganography
Bartosz Jankowski , Wojciech Mazurczyk , Krzysztof Szczypiorski
AbstractHiding information in network traffic may lead to leakage of confidential information. In this paper we introduce a new steganographic system: the PadSteg (Padding Steganography). To authors’ best knowledge it is the first information hiding solution which represents inter-protocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communication. PadSteg utilizes ARP and TCP protocols together with an Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret communication for hidden groups in LANs (Local Area Networks). Basing on real network traces we confirm that PadSteg is feasible in today’s networks and we estimate what steganographic bandwidth is achievable while limiting the chance of disclosure. We also point at possible countermeasures against PadSteg.
|Journal series||Telecommunication Systems, ISSN 1018-4864, [1572-9451 (electronic version)]|
|Keywords in English||Steganography, ARP, Frame padding, Etherleak|
|Project||The Develpment of Digital Communicatios. Project leader: Lubacz Józef,
, Phone: 22 234 65 31, start date 04-05-2012, planned end date 31-03-2013, end date 31-12-2013, IT/2012/statut, Completed
|Score|| = 20.0, 18-09-2020, ArticleFromJournal|
= 25.0, 18-09-2020, ArticleFromJournal
|Publication indicators||= 15; = 19; = 43.0; : 2014 = 1.174; : 2013 = 1.163 (2) - 2013=1.201 (5)|
|Citation count*||43 (2020-09-21)|
* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.