PadSteg: Introducing Inter-Protocol Steganography
Bartosz Jankowski, Wojciech Mazurczyk, Krzysztof Szczypiorski
TL;DR
PadSteg is a novel inter-protocol steganography method that leverages TCP/IP protocol relations and Ethernet padding vulnerabilities to enable covert communication in LANs, with confirmed feasibility and estimated bandwidth.
Contribution
It introduces the first inter-protocol steganography system using multiple protocols and Ethernet vulnerabilities, expanding the scope of covert communication techniques.
Findings
Feasible in real network traces
Achievable steganographic bandwidth estimated
Countermeasures against PadSteg discussed
Abstract
Hiding information in network traffic may lead to leakage of confidential information. In this paper we introduce a new steganographic system: the PadSteg (Padding Steganography). To authors' best knowledge it is the first information hiding solution which represents inter-protocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communication. PadSteg utilizes ARP and TCP protocols together with an Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret communication for hidden groups in LANs (Local Area Networks). Basing on real network traces we confirm that PadSteg is feasible in today's networks and we estimate what steganographic bandwidth is achievable while limiting the chance of disclosure. We also point at possible countermeasures against PadSteg.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Steganography and Watermarking Techniques · Internet Traffic Analysis and Secure E-voting · Network Security and Intrusion Detection