Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Hiding Data in the OSI Network Model
Proceedings of the First International Workshop on Information Hiding
Eliminating Steganography in Internet Traffic with Active Wardens
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Cryptography in OpenBSD: an overview
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
Covert messaging through TCP timestamps
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies
WLAN steganography: a first practical review
MM&Sec '06 Proceedings of the 8th workshop on Multimedia and security
Hot or not: revealing hidden services by their clock skew
Proceedings of the 13th ACM conference on Computer and communications security
Proceedings of the 9th workshop on Multimedia & security
Towards digital video steganalysis using asymptotic memoryless detection
Proceedings of the 9th workshop on Multimedia & security
A novel covert channel based on the IP header record route option
International Journal of Advanced Media and Communication
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
ACM Transactions on Information and System Security (TISSEC)
Digital logic based encoding strategies for steganography on voice-over-IP
MM '09 Proceedings of the 17th ACM international conference on Multimedia
GIIS'09 Proceedings of the Second international conference on Global Information Infrastructure Symposium
SecMon: end-to-end quality and security monitoring system
Annales UMCS, Informatica
Embedding a covert channel in active network connections
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Hide and seek in time: robust covert timing channels
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
An M-sequence based steganography model for voice over IP
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
CLACK: a network covert channel based on partial acknowledgment encoding
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
IPv6 stateless address autoconfiguration considered harmful
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Summary-invisible networking: techniques and defenses
ISC'10 Proceedings of the 13th international conference on Information security
CoCo: coding-based covert timing channels for network flows
IH'11 Proceedings of the 13th international conference on Information hiding
Low-attention forwarding for mobile network covert channels
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
BridgeSPA: improving Tor bridges with single packet authorization
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
Cirripede: circumvention infrastructure using router redirection with plausible deniability
Proceedings of the 18th ACM conference on Computer and communications security
Adaptive partial-matching steganography for voice over IP using triple M sequences
Computer Communications
Hiding information in a Stream Control Transmission Protocol
Computer Communications
Traceroute based IP channel for sending hidden short messages
IWSEC'06 Proceedings of the 1st international conference on Security
PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies
Leaving timing-channel fingerprints in hidden service log files
Digital Investigation: The International Journal of Digital Forensics & Incident Response
SILENTKNOCK: practical, provably undetectable authentication
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Lost audio packets steganography: the first practical evaluation
Security and Communication Networks
Moving steganography and steganalysis from the laboratory into the real world
Proceedings of the first ACM workshop on Information hiding and multimedia security
Performance analysis of current data hiding algorithms for VoIP
Proceedings of the 16th Communications & Networking Symposium
Protocol misidentification made easy with format-transforming encryption
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
From an IP address to a street address: using wireless signals to locate a target
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
VoIP steganography and its Detection—A survey
ACM Computing Surveys (CSUR)
PHY covert channels: can you see the idles?
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
It is commonly believed that steganography within TCP/IP is easily achieved by embedding data in header fields seemingly filled with “random” data, such as the IP identifier, TCP initial sequence number (ISN) or the least significant bit of the TCP timestamp. We show that this is not the case; these fields naturally exhibit sufficient structure and non-uniformity to be efficiently and reliably differentiated from unmodified ciphertext. Previous work on TCP/IP steganography does not take this into account and, by examining TCP/IP specifications and open source implementations, we have developed tests to detect the use of naïve embedding. Finally, we describe reversible transforms that map block cipher output onto TCP ISNs, indistinguishable from those generated by Linux and OpenBSD. The techniques used can be extended to other operating systems. A message can thus be hidden so that an attacker cannot demonstrate its existence without knowing a secret key.