Network steganography – an investigation of covert channels in network protocols

Abstract

Network Steganography describes all the methods used for transmitting data over a network without it being detected. This Final Year Project gives an overview of Network Steganography, introducing the concept of covert channels and network protocols that can be exploited to transmit hidden information. Many network protocols can be manipulated to provide a covert communication channel, such as TCP/IP, UDP, ICMP and HTTP.

This report further investigates the existence of covert channels within the TCP/IP protocol suite. The main method approach to achieve this is through packet header manipulation. 3 methods were identified; Modifying the IP Identification field, the TCP Initial Sequence field, and making use of the TCP Sequence field after “bouncing” a packet off a remote server. The last method could allow covert communication even in networks heavily protected by firewalls or packet filters.

The report also demonstrates how covert communication can be achieved through a proof-of-concept program coded in Java. In particular, the program makes use of Jpcap, a Java library for capturing and sending network packets to create the customized TCP/IP packets used to transmit hidden information.

The last part of the report explores the applications, detection and ethical concerns of Steganography. In particular, it covers ways in which Steganography can be exploited for nefarious purposes, the concept of passive and active wardens in Network Steganography detection (or Steganalysis) and the conflict of interest between governments, organizations and individuals where Steganography is concerned.