Close Menu

Network Steganography Techniques

Center for Cyber Security and Forensics Education, Cyber Forensics and Security Laboratory, Information Technology and Management Project
Students
Manuel Martinez Arizmendi
Osama Al Ramahi
Robert Waziak Jr
Date
Spring 2016

This project began with a proof of concept tool called Timeshifter, which modified the timing of Internet Control Message Protocol (ICMP) packets, and concluded with a custom developed tool called BitStegNet that modified the content of BitTorrent packets to communicate covertly through the Micro Torrent Transport Protocol (μTP). Between Timeshifter and BitStegNet, another custom developed tool, called Stegnet, was demonstrated as the transition between modifying the timing of ICMP packets at the Network Layer via Timeshifter and modifying the content of μTP packets at the Transport Layer via BitStegNet. Stegnet, similar to Timeshifter, modified how ICMP packets were transmitted and received and operated only at the Network Layer. Ultimately, BitStegNet verified the capability to route the transmission of concealed information across active data networks at a higher communication layer protocol.


INTRODUCTION

Steganography is a term generally described as the means of concealing secret information, so that an uninformed party is unaware of its existence, and extracting that information at its destination. Network Steganography is the process of utilizing active network protocols as carriers to transmit a covert message, undetectable by an uninformed party, from a host to its destination. Carriers can include digital images, audio or video files, or in regard to this project, an ICMP message from a ping command or a μTP message by way of BitTorrent packet traffic. Network steganography can be a very effective means of embedding and concealing information. Typically, network steganography can be attained by embedding information through methods of modifying the timing of the communication’s data packets or, more thoroughly, modifying the data packets themselves. Currently, Timeshifter does not include the capabilities to operate outside of a virtual test environment.

Furthermore, while Timeshifter is intended to modify the timing of the packet delay, it has not been constructed to modify the packets themselves, nor does it include the ability to perform at a higher OSI layer protocol.

One of the goals of this project was to successfully modify both the timing and content of network packets to send a covert message between two parties. To attain this goal, the project was divided into three phases. Phase 1 included implementing and utilizing Timeshifter on a single virtual test network with two virtual machines to send a covert message through means of packet delay modification. Phase 2 included implementing Timeshifter on a physical test network with two physical computers connected as point-to-point and modifying it to send a covert message from one computer to the other through means of packet delay modification. Phase 3 included the implementation of Stegnet on a physical test network with two computers connected point-to-point and sending a covert message from one computer to the other through means of data packet modification.

Phase 3 demonstrated the ability to transmit a covert message at the Network Layer through means of packet modification utilizing Stegnet.

Upon successful results from Phases 1 through 3, the project evolved into Phase 4. Phase 4 included the implementation of BitStegNet to successfully send a covert message from one computer to another at the Transport Layer through the Application Layer, which verified the capability to successfully transmit a covert message across an active data network.

CONCLUSION

This project began with a proof of concept tool called Timeshifter, which modified the timing of ICMP packets, and concluded with a custom developed tool called BitStegNet that modified the content of BitTorrent packets to communicate covertly through μTP. Between Timeshifter and BitStegNet, another custom developed tool, called Stegnet, was demonstrated as the transition between modifying the timing of ICMP packets at the Network Layer via Timeshifter and modifying the content of μTP packets at the Transport Layer via BitStegNet. Stegnet, similar to Timeshifter, modified how ICMP packets were transmitted and received and operated only at the Network Layer. Ultimately, BitStegNet verified the capability to route the transmission of concealed information across active data networks at a higher communication layer protocol, all while maintaining a minimal possibility of detection.

SmartLab Student Projects

EcoTower takes Hydroponic farming to the next level by using technology to self-regulate plant growth. Hydroponics is the science of giving a plant the necessities for growth and longevity.

Technology has brought the benefits of incorporated multi-sensor equipment to the masses. Although, the application of sensors and their associated systems has increased and transformed the world forever, the fundamentals of the main sensor types and their functionality has not.

This project is the outcome of multiple semesters work with ComEd to develop a reliable sensor platform.

As an Information Technology student and a person very much interested in Art, it was easy for me to be hooked by Digital Art. Project Aura was an idea that stemmed from my passion for Technology and Art.

The purpose of this project is to improve the current state of security devices. Today, most security companies use several guards for different tasks, but at least one guard has to monitor the cameras or other systems.

Pages