Stefano Bistarelli
Michele Ceccarelli
ABSTRACT
Steganography has evolved into various forms and remains an effective way to hide sensitive information. Network Steganography, also known as "Covert Channels," is popular in fields such as terrorism and security. As a result, the scientific community created a specific taxonomy to categorize it, and developed several techniques and tools to conceal communication between the parties. In this paper, we have curated a list of available software tools that can be used to create a covert channel at layers 2 to 4 of the ISO/OSI model and related to the HTTP protocol.
- Osamah Ibrahiem Abdullaziz, Vik Tor Goh, Huo-Chong Ling, and KokSheik Wong. 2013. Network packet payload parity based steganography. In 2013 IEEE Conference on Sustainable Utilization and Development in Engineering and Technology (CSUDET). IEEE, 56–59.Google Scholar
Cross Ref
- Punam Bedi and Arti Dua. 2020. Network steganography using the overflow field of timestamp option in an IPv4 packet. Procedia Computer Science 171 (2020), 1810–1818.Google ScholarCross Ref
- Michele Ceccarelli. 2022. Un nuovo approccio alla steganografia di rete basato sugli header HTTP. Master’s thesis. University of Perugia.Google Scholar
- daemon9. 1996. Project Loki. Phrack Magazine 49 (1996).Google Scholar
- daemon9. 1997. Project Loki. Phrack Magazine 51 (1997).Google Scholar
- Nick Feamster, Magdalena Balazinska, Greg Harfst, Hari Balakrishnan, and David Karger. 2002. Infranet: Circumventing web censorship and surveillance. In 11th USENIX Security Symposium (USENIX Security 02).Google Scholar
- Ricardo André Santana Gonçalves. 2011. A MAC layer covert channel in 802.11 networks. Ph. D. Dissertation. Monterey, California: Naval Postgraduate School.Google Scholar
- Van Hauser. 1999. Placing backdoors through firewalls. WindowsSecuriy.com, May (1999).Google Scholar
- Amir Houmansadr, Giang TK Nguyen, Matthew Caesar, and Nikita Borisov. 2011. Cirripede: Circumvention infrastructure using router redirection with plausible deniability. In Proceedings of the 18th ACM conference on Computer and communications security. 187–200.Google ScholarDigital Library
- David Llamas, C Allison, and A Miller. 2005. Covert channels in internet protocols: A survey. In Proceedings of the 6th Annual Postgraduate Symposium about the Convergence of Telecommunications, Networking and Broadcasting, PGNET, Vol. 2005.Google Scholar
- Wojciech Mazurczyk and Steffen Wendzel. 2017. Information Hiding: Challenges for Forensic Experts. Commun. ACM 61, 1 (dec 2017), 86–94. https://doi.org/10.1145/3158416Google ScholarDigital Library
- Birgit Pfitzmann. 1996. Information hiding terminology. In Information Hiding: First International Workshop Proceedings, 1996. Springer.Google Scholar
- Jason Reaves. 2018. Covert channel by abusing x509 extensions. viXra.org (2018).Google Scholar
- Jun O Seo, Sathiamoorthy Manoharan, and Aniket Mahanti. 2016. A discussion and review of network steganography. In 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech). IEEE, 384–391.Google Scholar
- Jianjun Shen, Sihan Qing, Qingni Shen, and Liping Li. 2005. Optimization of Covert Channel Identification. In 3rd International IEEE Security in Storage Workshop (SISW 2005), December 13, 2005, San Francisco, California, USA. IEEE Computer Society, 95–108. https://doi.org/10.1109/SISW.2005.9Google ScholarDigital Library
- Harjit Singh. 2016. Analysis of different types of steganography. International journal of scientific research in science, engineering and technology 2 (2016), 578–582.Google Scholar
- Aron J Smith-Donovan. 2022. Passing Time and Syncing Secrets: Demonstrating Covert Channel Vulnerabilities in Precision Time Protocol (PTP). Mathematics, Statistics, and Computer Science Honors Projects (2022).Google Scholar
- Krzysztof Szczypiorski. 2003. Steganography in TCP/IP Networks. State of the Art and a Proposal of a New System-HICCUPS. Warsaw University of Technology, Poland Institute of Telecommunications, Warsaw, Poland (2003).Google Scholar
- vecna. 2000. B0CK. Butchered From Inside (2000).Google Scholar
- Arne Vidstrom. 2000. ACK Tunneling Trojans. (2000). Covert shell through TCP ACK.Google Scholar
- Steffen Wendzel. 2008. Protocol channels as a new design alternative of covert channels. Technical Report. CERN.Google Scholar
- Sebastian Zander, Grenville Armitage, and Philip Branch. 2007. A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys & Tutorials 9, 3 (2007), 44–57.Google ScholarDigital Library
- Sebastian Zander, Grenville J. Armitage, and Philip Branch. 2007. A survey of covert channels and countermeasures in computer network protocols. IEEE Commun. Surv. Tutorials 9, 1-4 (2007), 44–57. https://doi.org/10.1109/COMST.2007.4317620Google ScholarDigital Library
- Xiao-Guang Zhang, Guang-Hong Yang, and Xiu-Xiu Ren. 2022. Network steganography based security framework for cyber-physical systems. Information Sciences 609 (2022), 963–983.Google ScholarDigital Library
- Sebastian Zillien and Steffen Wendzel. 2021. Reconnection-Based Covert Channels in Wireless Networks. In IFIP International Conference on ICT Systems Security and Privacy Protection. Springer, 118–133.Google Scholar
Index Terms
- A Survey of Steganography Tools at Layers 2-4 and HTTP
Recommendations
Implementation of Least Significant Bit Steganography and statistical steganalysis
CCSEIT '12: Proceedings of the Second International Conference on Computational Science, Engineering and Information TechnologyLeast Significant Bit (LSB) Steganography is a method for hidden information in such a way that can only be detected by its intended recipient. Steganography in Digital media becomes a challenging discipline, since the Human Auditory System (HAS) is ...
LSB-Based Steganography Using Reflected Gray Code
Steganography aims to hide secret data into an innocuous cover-medium for transmission and to make the attacker cannot recognize the presence of secret data easily. Even the stego-medium is captured by the eavesdropper, the slight distortion is hard to ...
A JPEG-based statistically invisible steganography
ICIMCS '11: Proceedings of the Third International Conference on Internet Multimedia Computing and ServiceThe objective of steganography is to implement covert communication by hiding data in digital files such that there is no indication of the existence of hidden data; so an ideal steganographic system should be able to withstand all steganalysis methods--...
Comments