Exploiting error control in network traffic for robust, high rate covert channels
by William K. Geissler, John C. McEachen
International Journal of Electronic Security and Digital Forensics (IJESDF), Vol. 1, No. 2, 2007

Abstract: Current means of steganography within network traffic are limited in terms of throughput and robustness. We present a novel concept for establishing reliable two-way covert channels that exchange information at a significantly higher rate compared to previous methods. This concept exploits the difficulty in differentiating between erroneous data and unauthorised data. As a proof-of-concept, we examine how the manipulation of Transmission Control Protocol (TCP) error handling may be used for global covert information transfer. Specifically, a new TCP routing application was developed to embed hidden information into cover media and to retrieve the information at the receiving end. A flexible testing architecture was designed and implemented that may also be used to test other steganographic techniques. Error handling techniques for the hidden information were identified for the steganographic protocol, to increase the robustness of the hidden information. Finally, steganalytic techniques and tools have been identified to counter the use of this technique by unfriendly forces.

Online publication date: Sat, 26-Jan-2008

The full text of this article is only available to individual subscribers or to users at subscribing institutions.

Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.

Pay per view:
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.

Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Electronic Security and Digital Forensics (IJESDF):
Login with your Inderscience username and password:

    Username:        Password:         

Forgotten your password?

Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.

If you still need assistance, please email subs@inderscience.com