Skip to main content
Springer Nature Link
Log in

Syntax and Semantics-Preserving Application-Layer Protocol Steganography

  • Conference paper
Information Hiding (IH 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3200))

Included in the following conference series:

Abstract

Protocol steganography allows users who wish to communicate secretly to embed information within other messages and network control protocols used by common applications. This form of unobservable communication can be used as means to enhance privacy and anonymity as well as for many other purposes, ranging from entertainment to protected business communication or national defense. In this paper, we describe our approach to application-layer protocol steganography, describing how we can embed messages into a commonly used TCP/IP protocol. We also introduce the notions of syntax and semantics preservation, which ensure that messages after embedding still conform to the host protocol. Based on those concepts, we attempt to produce reasonably secure and robust stegosystems. To demonstrate the efficacy of our approach, we have implemented protocol steganography within the Secure Shell (SSH) protocol. Findings indicate that protocol steganographic system is reasonably secure if the statistical profile of the covermessages and the statistical profile of its traffic match their counterparts after embedding.

This work was supported in part by the State of New York, the CASE Center’s SUPRIA program at Syracuse University, and the Air Force Research Laboratory (AFRL).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Katzenbeisser, S., Petitcolas, F.A.: Information Hiding: Techniques for Steganography and Digital Watermarking. Artech House, Norwood (2000)

    Google Scholar 

  2. Johnson, N.F., Jajodia, S.: Steganalysis: The investigation of hidden information. In: Proceedings of the IEEE Information Technology Conference, Syracuse, New York, USA, pp. 113–116 (1998)

    Google Scholar 

  3. Anderson, R. (ed.): IH 1996. LNCS, vol. 1174. Springer, Heidelberg (1996)

    Google Scholar 

  4. Aucsmith, D. (ed.): IH 1998. LNCS, vol. 1525, p. 1. Springer, Heidelberg (1998)

    Book  Google Scholar 

  5. Moskowitz, I.S. (ed.): IH 2001. LNCS, vol. 2137. Springer, Heidelberg (2001)

    MATH  Google Scholar 

  6. Oostveen, J. (ed.): Information Hiding. Preproceedings of the Fifth International Workshop, Noordwijkerhout, The Netherlands (2002)

    Google Scholar 

  7. Pfitzmann, A. (ed.): Information Hiding. Proceedings of the Third International Workshop, Dresden, Germany. LNCS, vol. 1768. Springer, Heidelberg (1999)

    Google Scholar 

  8. Chapin, S.J., Ostermann, S.: Information hiding through semantics-preserving application-layer protocol steganography. Technical report, Center for Systems Assurance, Syracuse University (2002)

    Google Scholar 

  9. Kemmerer, R.: A practical approach to identify storage and timing channels: Twenty years later. In: Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC 2002), San Diego, California, pp. 109–118 (2002)

    Google Scholar 

  10. Dunigan, T.: Internet steganography. Technical report, Oak Ridge National Laboratory (Contract No. DE-AC05-96OR22464), Oak Ridge, Tennessee (1998) [ORNL/TM-limited distribution]

    Google Scholar 

  11. Handel, T., Sandford, M.: Hiding data in the OSI network model. In: Anderson, R. (ed.) Information Hiding: Proceedings of the First International Workshop, Cambridge, U.K, pp. 23–38. Springer, Heidelberg (1996)

    Google Scholar 

  12. route@infonexus.com, alhambra@infornexus.com: Article 6. Phrack Magazine, 49 (1996), Retrieved on (August 27, 2002) from the World Wide Web: http://www.phrack.com/phrack/49/P49-06

  13. Rowland, C.H.: Covert channels in the TCP/IP protocol suite. Psionics Technologies (1996), Retrieved on August 23 (2002) from the World Wide Web: http://www.psionic.com/papers/whitep03.html

  14. CAIDA.org: Characterization of internet traffic loads, segregated by application - OC48 analysis (2002), Retrieved on October 15 (2003) from the World Wide Web: http://www.caida.org/analysis/workload/byapplication/oc48/20020305/appsperc20020305/index.xml

  15. Katzenbeisser, S., Petitcolas, F.A.: Defining security in steganographic systems. In: Electronic Imaging, Photonics West (SPIE). Security and Watermarking of Multimedia Contents IV, vol. 4675, pp. 50–56 (2002)

    Google Scholar 

  16. Moskowitz, I.S., Longdon, G.E., WuChang, L.: A new paradigm hidden in steganography. In: Proceedings of the New Security Paradigm Workshop, Cork, Ireland, pp. 41–50 (2000)

    Google Scholar 

  17. Cachin, C.: An information-theoreic model for steganography. Technical Report Report 2000/028 (2002), http://www.zurich.ibm.com/cca/papers/stego.pdf

  18. Anderson, R.J., Petitcolas, F.A.: On the limits of steganography. IEEE Journal of Selected Areas in Communications 16, 474–481 (1998)

    Article  Google Scholar 

  19. Mittelholzer, T.: An information-theoretic approach to steganography and watermarking. In: Pfitzmann, A. (ed.) IH 1999. LNCS, vol. 1768, pp. 1–16. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  20. Zöllner, J., Federrath, H., Klimant, H., Pfitzmann, A., Piotraschke, R., Westfeld, A., Wicke, G., Wolf, G.: Modeling the security of steganographic systems. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 344–354. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  21. Ettinger, J.M.: Steganalysis and game equilibria. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 319–328. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  22. Hopper, N., Langford, J., von Ahn, L.: Provably secure steganography. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 77–92. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  23. Reyzin, L., Russell, S.: More efficient provably secure steganography. Cryptology ePrint Archive: Report 2003/093 (2003), http://eprint.iacr.org/2003/093/

  24. Fridrich, J., Goljan, M.: Practical steganalysis of digital images - state of the art. In: Proceedings of the SPIE Photonics West (Security and Watermarking of Multimedia Contents IV), San Jose, California, USA, vol. 4675, pp. 1–13 (2002)

    Google Scholar 

  25. Provos, N., Honeyman, P.: Hide and seek: An introduction to steganography. IEEE Security & Privacy Magazine 1, 32–44 (2003)

    Article  Google Scholar 

  26. Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Proceedings of CRYPTO 1983, pp. 51–67. Plenum Press, New York (1983)

    Google Scholar 

  27. Schneier, B.: Applied Cryptography. John Wiley & Sons, Inc., Chichester (1996)

    Google Scholar 

  28. Pfitzmann, B.: Information hiding terminology. In: Anderson, R. (ed.) Information Hiding. Proceedings of the First International Workshop, pp. 347–349. Springer, Cambridge (1996)

    Google Scholar 

  29. Korn, F., Muthukrishnan, S., Zhu, Y.: Ipsofacto: A visual correlation tool for aggregate network traffic data. In: Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data, San Diego, California. Demonstration Session, pp. 677–677. ACM Press, New York (2003)

    Chapter  Google Scholar 

  30. Ka0ticSH: Diggin em walls (part 3) - advanced/other techniques for bypassing firewalls. New Order (2002), Retrieved on August 28 (2002) from the World Wide Web: http://neworder.box.sk/newsread.php?newsid=3957

  31. Fisk, G., Fisk, M., Papadopoulos, C., Neil, J.: Eliminating steganography in Internet traffic with active wardens. In: Oostveen, J. (ed.) Information Hiding. Preproceedings of the Fifth International Workshop, Noordwijkerhout, The Netherlands, pp. 29–46. Springer, Heidelberg (2002)

    Google Scholar 

  32. Bowyer, L.: Firewall bypass via protocol steganography. Network Penetration (2002), Retrieved on January 05 (2003) from the World Wide Web: http://www.networkpenetration.com/protocolsteg.html

  33. Bauer, M.: New covert channels in HTTP - adding unwitting web browsers to anonymity sets. In: Samarati, P., Syverson, P. (eds.) Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society, Washington, DC, USA, pp. 72–78. ACM Press, New York (2003) ISBN 1-58113-776-1

    Chapter  Google Scholar 

  34. Secure Shell Working Group, I.E.T.F.I.: The secure shell (2003), Retrieved on October 26 (2003) from the World Wide Web: http://www.ietf.org/html.charters/secshcharter.html

  35. Barrett, D.J., Silverman, R.: SSH. In: The Secure Shell: The Definitive Guide, O’Reilly, Sebastopol (2001)

    Google Scholar 

  36. Watterson, B.: Something Under the Bed is Drooling. Andrews and McMeel, Kansas City, MO, pp. 101–104 (1988)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Systems Assurance Institute, Syracuse University, 111 College Place 3-114, Syracuse, NY, 13244, USA

    Norka B. Lucena, James Pease, Payman Yadollahpour & Steve J. Chapin

Authors
  1. Norka B. Lucena
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. James Pease
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Payman Yadollahpour
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Steve J. Chapin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electrical and Computer Engineering, Binghamton University, 13902-6000, BINGHAMTON, (NY)

    Jessica Fridrich

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lucena, N.B., Pease, J., Yadollahpour, P., Chapin, S.J. (2004). Syntax and Semantics-Preserving Application-Layer Protocol Steganography. In: Fridrich, J. (eds) Information Hiding. IH 2004. Lecture Notes in Computer Science, vol 3200. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30114-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30114-1_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24207-9

  • Online ISBN: 978-3-540-30114-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics