Steganographic techniques have been used for ages and they date back to the ancient Greece. The aim of steganographic communication back then and now, in modern applications, is the same: to hide secret data (a steganogram) in an innocently looking cover and send it to the proper recipient who is aware of the information hiding procedure. In an ideal situation the existence of hidden communication cannot be detected by third parties. What distinguishes historical steganographic methods from the modern ones is, in fact, only the form of the cover (carrier) for secret data. Historical methods employed such media as: human skin, wax tables, letters, etc., nowadays, the most popular carriers are digital media like: pictures, audio, video which are transmitted with the aid of telecommunication networks. Therefore, the way people communicate evolved in time and so did steganographic methods. But the principles now and then are still the same.
See our view on evolution of Steganography:
For detailed review of historical steganographic methods see the Links section.
Network Steganography
The relations between individuals, social groups and institutions which constitute societies have to be protected from all sorts of abuse because, as George Orwell once amusingly wrote, “On the whole human beings want to be good, but not too good, and not quite all the time”. Exchange of information is involved in many kinds of societal relations which require protection, hence it is not surprising that cryptography and steganography techniques have emerged a long time ago, when societal relations were much less complex, diversified, technology-mediated and information-intensive.
While cryptography protects messages from being captured by unauthorized parties, steganography techniques enable concealment of the fact that a message is being sent, and, if not detected, make the sender and the receiver “invisible”. Thus steganography potentially provides not only security, but also anonymity and privacy, which become understandable desires in modern societies which force us to take part in an increasingly intensive and complex social relations (a somewhat special case of societies in states which incriminate for the usage of encryption).
Obviously, the anonymity potential of steganography, while can be considered as beneficial in the context of protecting privacy, adds new type of threats to individuals, societies and states. The tradeoff between the benefits and threats involves many complex ethical, legal and technological issues. Here we consider the latter in the context of communication networks.
Generally speaking, when considering any communication network three basic functionalities may be distinguished: services/applications, transport of information and control of flow of information. In the traditional PSTN/ISDN, i.e. circuit-switched networks, the services/applications are provided by the network, transport takes place through transparent channels and the control and transport functions are virtually separated: once the end-to-end connection and transport channel are established, the information (voice or data) from the sender to the receiver is transported through the network without interference. The user of the network has practically no influence on the service delivered by the network and on the flow of information. The Internet, i.e. a packet switched network, has substantially changed the traditional circuit-switched network paradigm: services/applications are created by the network users rather than the network itself, the transport and control functions are not separated and can be influenced by the user. This change of paradigm was one of the main sources of the tremendous success of the Internet, but in the same time introduced the well known problems with quality of service and with protecting the network and its users from harmful/undesired interference. It is thus not surprising that the Internet opened many new possibilities for covert communication.
The new possibilities are a consequence of the fact that network users can influence and/or use the control of data flow – the communication protocols – together with the service/application functionality of terminals to establish covert communication. Secret messages can be hidden not only (1) within ordinary non-covert (overt) messages, like in traditional steganography and circuit-switched networks, but also (2) in communication protocol’s control elements and (3) in effect of manipulating the protocol’s logic. The recently proposed network steganographic methods use options (2) and (3), and their combinations.
All of the information hiding methods that may be used to exchange steganograms in telecommunication networks is described by the term network steganography which was originally introduced by Krzysztof Szczypiorski in 2003. Network steganography is currently seen as a rising threat to network security. Contrary to typical steganographic methods which utilize digital media (pictures, audio and video files) as a cover for hidden data (steganogram) - sometimes called steganography 1.0 - network steganography utilizes communication protocols’ control elements and their basic intrinsic functionality. As a result, such methods are harder to detect and eliminate. Network steganography is also sometimes called steganography 2.0.
Typical network steganography method uses modification of a single network protocol. The protocol modification may be applied to the PDU (Protocol Data Unit), time relations between exchanged PDUs, or both (hybrid methods). Moreover, usage of relation between two or more different network protocols to enable secret communication is possible. It is so called inter-protocol steganography. Classification of network steganography may be find below:
Steganography as a network threat was marginalized for few years but now not only security staff but even business and consulting firms are becoming continuously aware of the potential danger and possibilities it creates
In order to minimize the potential threat to public security, identification of such methods is important as is the development of effective detection (steganalysis) methods. This requires both an in-depth understanding of the functionality of network protocols and the ways in which it can be used for steganography.
HICCUPS (Hidden Communication System for Corrupted Networsk)
HICCUPS is an intra-protocol steganographic system which modifies frames protocol specific fields and their content. It is especially suitable for WLANs (Wireless Local Area Networks). The main innovation of the system is usage of frames with intentionally wrong checksums to establish covert communication. The HICCUPS was recognized as the first steganographic system for WLANs.
HICCUPS was originally proposed in:
Krzysztof Szczypiorski, HICCUPS: Hidden Communication System for Corrupted Networks,In Proc. of: The Tenth International Multi-Conference on Advanced Computer Systems ACS'2003, pp. 31-40, October 22-24, 2003 - Międzyzdroje, Poland
LACK (Lost Audio Packets Steganography)
LACK is a hybrid intra-protocol steganographic method which modifies voice packets' time relations and their content.
At the transmitter, some selected audio packets are intentionally delayed before transmitting. If the delay of such packets at the receiver is considered excessive, the packets are discarded by a receiver which is not aware of the steganographic procedure. The payload of the intentionally delayed packets is used to transmit secret information to receivers aware of the procedure, so no extra packets are generated. For unaware receivers the hidden data is “invisible”.
LACK was originally proposed in:
W. Mazurczyk and K. Szczypiorski, Steganography of VoIP Streams,In: Robert Meersman and Zahir Tari (Eds.): OTM 2008, Part II - Lecture Notes in Computer Science (LNCS) 5332, Springer-Verlag Berlin Heidelberg, Proc. of OnTheMove Federated Conferences and Workshops: The 3rd International Symposium on Information Security (IS'08), Monterrey, Mexico, November 9-14, 2008, pp. 1001-1018 [.pdf]
PadSteg (Padding Steganography)
PadSteg is an inter-protocol steganographic system which utilizes relations between two or more protocols from the TCP/IP stack to enable hidden communication, namely Ethernet with ARP, TCP, UDP and/or ICMP protocols. It is designed for LANs and takes advantage from Etherleak vulnerability, which causes padding in Ethernet frames to be not always set to zeros. To limit the chance of detection PadSteg has so called carrier-protocol hopping mechanism i.e. it switches between different protocols that cause the frame to be padded.
Padsteg was originally proposed in:
B. Jankowski, W. Mazurczyk, K. Szczypiorski,Information Hiding Using Improper Frame Padding, Submitted to 14th International Telecommunications Network Strategy and Planning Symposium (Networks 2010), 27-30.09.2010, Warsaw, Poland
RSTEG (Retransmission Steganography)
RSTEG is an intra-protocol hybrid network steganography method. It is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field.
RSTEG was originally proposed in:
W. Mazurczyk, M. Smolarczyk, K. Szczypiorski, RSTEG: Retransmission Steganography and Its Detection, In: Soft Computing in 2010, ISSN: 1432-7643 (print version) ISSN: 1433-7479 (electronic version), Journal no. 500 Springer
SCTP Steganography: Multistreaming-based method
SCTP Multistreaming-based method is an intra-protocol network steganography method. The main idea of this method is that subsequent chunks are transmitted within streams determined by bits of steganogram.
Multistreaming-based steganographic method was originally proposed in:
W. Fraczek, W. Mazurczyk, K. Szczypiorski, Stream Control Transmission Protocol Steganography, Second International Workshop on Network Steganography (IWNS 2010) co-located with The 2010 International Conference on Multimedia Information Networking and Security (MINES 2010), Nanjing, China, November 4-6, 2010
