Network Steganography Principles
The relations between individuals, social groups and institutions which constitute societies have to be protected from all sorts of abuse because, as George Orwell once amusingly wrote, “On the whole human beings want to be good, but not too good, and not quite all the time”. Exchange of information is involved in many kinds of societal relations which require protection, hence it is not surprising that cryptography and steganography techniques have emerged a long time ago, when societal relations were much less complex, diversified, technology-mediated and information-intensive.
While cryptography protects messages from being captured by unauthorized parties, steganography techniques enable concealment of the fact that a message is being sent, and, if not detected, make the sender and the receiver “invisible”. Thus steganography potentially provides not only security, but also anonymity and privacy, which become understandable desires in modern societies which force us to take part in an increasingly intensive and complex social relations (a somewhat special case of societies in states which incriminate for the usage of encryption).
Obviously, the anonymity potential of steganography, while can be considered as beneficial in the context of protecting privacy, adds new type of threats to individuals, societies and states. The tradeoff between the benefits and threats involves many complex ethical, legal and technological issues. Here we consider the latter in the context of communication networks.
Generally speaking, when considering any communication network three basic functionalities may be distinguished: services/applications, transport of information and control of flow of information. In the traditional PSTN/ISDN, i.e. circuit-switched networks, the services/applications are provided by the network, transport takes place through transparent channels and the control and transport functions are virtually separated: once the end-to-end connection and transport channel are established, the information (voice or data) from the sender to the receiver is transported through the network without interference. The user of the network has practically no influence on the service delivered by the network and on the flow of information. The Internet, i.e. a packet switched network, has substantially changed the traditional circuit-switched network paradigm: services/applications are created by the network users rather than the network itself, the transport and control functions are not separated and can be influenced by the user. This change of paradigm was one of the main sources of the tremendous success of the Internet, but in the same time introduced the well known problems with quality of service and with protecting the network and its users from harmful/undesired interference. It is thus not surprising that the Internet opened many new possibilities for covert communication.
The new possibilities are a consequence of the fact that network users can influence and/or use the control of data flow – the communication protocols – together with the service/application functionality of terminals to establish covert communication. Secret messages can be hidden not only (1) within ordinary non-covert (overt) messages, like in traditional steganography and circuit-switched networks, but also (2) in communication protocol’s control elements and (3) in effect of manipulating the protocol’s logic. The recently proposed network steganographic methods use options (2) and (3), and their combinations.
All of the information hiding methods that may be used to exchange steganograms in telecommunication networks is described by the term network steganography which was originally introduced by Krzysztof Szczypiorski in 2003. Network steganography is currently seen as a rising threat to network security. Contrary to typical steganographic methods which utilize digital media (pictures, audio and video files) as a cover for hidden data (steganogram) - sometimes called steganography 1.0 - network steganography utilizes communication protocols’ control elements and their basic intrinsic functionality. As a result, such methods are harder to detect and eliminate. Network steganography is also sometimes called steganography 2.0.
Typical network steganography method uses modification of a single network protocol. The protocol modification may be applied to the PDU (Protocol Data Unit), time relations between exchanged PDUs, or both (hybrid methods). Moreover, usage of relation between two or more different network protocols to enable secret communication is possible. It is so called inter-protocol steganography. Classification of network steganography may be found below:
Steganography as a network threat was marginalized for few years but now not only security staff but even business and consulting firms are becoming continuously aware of the potential danger and possibilities it creates
In order to minimize the potential threat to public security, identification of such methods is important as is the development of effective detection (steganalysis) methods. This requires both an in-depth understanding of the functionality of network protocols and the ways in which it can be used for steganography.