Title: Exploiting error control in network traffic for robust, high rate covert channels

Authors: William K. Geissler, John C. McEachen

Addresses: Department of Electrical and Computer Engineering, Naval Postgraduate School, Monterey, CA, USA. ' Department of Electrical and Computer Engineering, Naval Postgraduate School, Monterey, CA, USA

Abstract: Current means of steganography within network traffic are limited in terms of throughput and robustness. We present a novel concept for establishing reliable two-way covert channels that exchange information at a significantly higher rate compared to previous methods. This concept exploits the difficulty in differentiating between erroneous data and unauthorised data. As a proof-of-concept, we examine how the manipulation of Transmission Control Protocol (TCP) error handling may be used for global covert information transfer. Specifically, a new TCP routing application was developed to embed hidden information into cover media and to retrieve the information at the receiving end. A flexible testing architecture was designed and implemented that may also be used to test other steganographic techniques. Error handling techniques for the hidden information were identified for the steganographic protocol, to increase the robustness of the hidden information. Finally, steganalytic techniques and tools have been identified to counter the use of this technique by unfriendly forces.

Keywords: covert channels; steganography; transmission control protocol; TCP; electronic security; information assurance; error control; network traffic; information exchange; erroneous data; unauthorised data; digital forensics; covert data transmission..

DOI: 10.1504/IJESDF.2007.016867

International Journal of Electronic Security and Digital Forensics, 2007 Vol.1 No.2, pp.180 - 193

Published online: 26 Jan 2008 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article