Information Hiding Using Improper Frame Padding
Bartosz Jankowski, Wojciech Mazurczyk, Krzysztof Szczypiorski
TL;DR
This paper introduces PadSteg, a novel interprotocol steganography method that exploits Ethernet frame padding vulnerabilities to enable covert communication within LANs, demonstrating its feasibility and potential countermeasures.
Contribution
It presents the first interprotocol steganography system using multiple protocols and Ethernet padding vulnerabilities for covert LAN communication.
Findings
PadSteg is feasible in real networks.
It achieves measurable steganographic bandwidth.
Countermeasures can be implemented to detect PadSteg.
Abstract
Hiding information in network traffic may lead to leakage of confidential information. In this paper we introduce a new steganographic system: the PadSteg (Padding Steganography). To authors' best knowledge it is the first information hiding solution which represents interprotocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communication. PadSteg utilizes ARP and TCP protocols together with an Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret communication for hidden groups in LANs (Local Area Networks). Basing on real network traces we confirm that PadSteg is feasible in today's networks and we estimate what steganographic bandwidth is achievable while limiting the chance of disclosure. We also point at possible countermeasures against PadSteg.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Steganography and Watermarking Techniques · Internet Traffic Analysis and Secure E-voting · Chaos-based Image/Signal Encryption