Hiding Information in a Stream Control Transmission Protocol

TL;DR

This paper explores various methods of hiding information within the SCTP protocol, analyzing potential steganographic techniques and their countermeasures to enhance security awareness and detection capabilities.

Contribution

It provides a comprehensive analysis of steganographic methods in SCTP, including new techniques utilizing multi-homing and multi-streaming features, along with countermeasures.

Findings

Identified all possible information hiding points in SCTP

Proposed new steganographic methods using SCTP features

Provided countermeasures for each steganographic technique

Abstract

The STCP (Stream Control Transmission Protocol) is a candidate for a new transport layer protocol that may replace the TCP (Transmission Control Protocol) and the UDP (User Datagram Protocol) protocols in future IP networks. Currently, the SCTP is implemented in, or can be added to, many popular operating systems (Windows, BSD, Linux, HPUX or Sun Solaris). This paper identifies and presents all possible "places" where hidden information can be exchanged using an SCTP. The paper focuses mostly on proposing new steganographic methods that can be applied to an SCTP and that can utilise new, characteristic SCTP features, such as multi-homing and multi-streaming. Moreover, for each method, the countermeasure is covered. When used with malicious intent, a method may pose a threat to network security. Knowledge about potential SCTP steganographic methods may be used as a supplement to RFC5062, which describes security attacks in an SCTP protocol. Presented in this paper is a complete analysis of information hiding in an SCTP, and this analysis can be treated as a "guide" when developing steganalysis (detection) tools.