[Infowarrior] - Steganography via TCP

Richard Forno rforno at infowarrior.org
Wed May 27 17:05:25 UTC 2009 

  Fake web traffic can hide secret chat

     * 26 May 2009 by Paul Marks

http://www.newscientist.com/article/mg20227096.200-fake-web-traffic-can-hide-secret-chat.html?full=true&print=true

THE internet's underlying technology can be harnessed to let people  
exchange secret messages, perhaps allowing free speech an outlet in  
oppressive regimes.

So says a team of steganographers at the Institute of  
Telecommunications in Warsaw, Poland. Steganography is the art of  
hiding a message in an openly available medium. For example, you can  
subtly change the pixels in an image in a way that is undetectable to  
the eye but carries meaning to anyone who knows the pre-arranged  
coding scheme.

Wojciech Mazurczyk, along with Krzysztof Szczypiorski and Milosz  
Smolarczyk, have already worked out how to sneak messages into  
internet phone calls, and now the Warsaw team have turned their  
attention to the internet's transmission control protocol (TCP).

Web, file transfer, email and peer-to-peer networks all use TCP, which  
ensures that data packets are received securely by making the sender  
wait until the receiver returns a "got it" message. If no such  
acknowledgement arrives (on average 1 in 1000 packets gets lost or  
corrupted), the sender's computer sends the packet again. This scheme  
is known as TCP's retransmission mechanism - and it can be bent to the  
steganographer's whim, says Mazurczyk.

Their system, dubbed retransmission steganography (RSTEG), relies on  
sender and receiver using software that deliberately asks for  
retransmission even when email data packets are received successfully.  
"The receiver intentionally signals that a loss has occurred. The  
sender then retransmits the packet but with some secret data inserted  
in it," he says in a preliminary research paper (www.arxiv.org/abs/0905.0363) 
. So the message is hidden among the teeming network traffic.

Could a careful eavesdropper spot that RSTEG is being used because the  
first sent packet is different from the one containing the secret  
message? As long as the system is not over-used, apparently not,  
because if a packet is corrupted the original packet and the  
retransmitted one will differ from each other anyway, masking the use  
of RSTEG.

One application of the RSTEG technique might be to help people in  
totalitarian regimes avoid censorship. The Warsaw team plans to  
demonstrate it at a workshop on network steganography in Wuhan, China,  
this November. "We are aware that organising this event in China may  
be not only a scientific challenge but also a political one," says  
Mazurczyk.

More information about the Infowarrior mailing list