Steganography Using TCP Retransmission
Hiding Information in Retransmissions
Wojciech Mazurczyk, Milosz Smolarczyk, Krzysztof Szczypiorski
The paper presents a new steganographic method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG is presented in the broad context of network steganography, and the utilisation of RSTEG for TCP (Transport Control Protocol) retransmission mechanisms is described in detail. Simulation results are also presented with the main aim to measure and compare the steganographic bandwidth of the proposed method for different TCP retransmission mechanisms as well as to determine the influence of RSTEG on the network retransmissions level.
I don’t think these sorts of things have any large-scale applications, but they are clever.
Bahggy • May 28, 2009 7:37 AM
Since steganography is intended to provide a covert channel for communications, I can see that this has a couple of flaws. Primarily, it would be relatively easy to detect if it is looked for. Second, the integrity of the communications, both primary and steganography could be affected.
An interesting intellectual exercise nonetheless.