SlideShare a Scribd company logo

Network Steganography Techniques Using Packet Delay and Modification

R
Robert Waziak Jr.

This document discusses different network steganography techniques, including tools developed to implement them. It describes using packet delay modification (Timeshifter) and packet content modification (Stegnet and BitStegNet) to covertly transmit messages. Timeshifter modifies ICMP packet delays. Stegnet modifies ICMP packet data fields. BitStegNet modifies the timestamps in μTP packet headers used by BitTorrent. The document outlines the goals, techniques tested, accomplishments and limitations of each tool, concluding future work could include testing in open networks and improving usability.

1 of 31
Download to read offline
Network Steganography Techniques Robert Waziak IIT School of Applied Technology
Steganography Steganography is a term generally described as the means of concealing secret information, so that an uninformed party is unaware of its existence, and extracting it at its destination.
Network Steganography Network Steganography is the process of utilizing active network protocols as carriers to transmit a covert message, undetectable by a third party, from a host to its destination.
Network Steganography Techniques Modification of packet delay: The packets are held for an appropriate amount of time on the sending system and the delay of which is decoded on the receiving system. Modification of packet content: Any of the possible fields that can be altered without affecting the arrival of the packet to its destination can be utilized to place covert information.
What Were Our Goals? Utilize and develop tools to perform different network steganography techniques: Packet Delay Steganography (Layer 3) Packet Content Modification Steganography (Layer 3) Packet Content Modification Steganography (Layers 4+) Understand associated challenges Record limitations from tested approaches Gain insight / Lessons learned
What Have We Accomplished? Successfully communicated between two PCs using three different network steganography techniques: Packet Delay Steganography (Timeshifter) ICMP Packet Content Modification Steganography (Stegnet) μTP Packet Content Modification Steganography (BitStegNet) Researched potential higher level protocols: TCP, UDP, μTP (Layer 4) BitTorrent (Layer 7) Researched higher level steganography techniques: TCP (Covert_tcp [1]) BitTorrent (StegTorrent [2])
Network Steganography Tool Classifications Tool Steganography Method Layer Protocol Carrier Timeshifter Insertion 3 ICMP Packet delay Stegnet Substitution 3 ICMP ICMP header (data field) BitStegNet Substitution 4+ μTP μTP header (timestamp)
Timeshifter is a tool developed by ‘Anfractuosity.’ Modifies time delays of ping packets in order to send information between two terminals within the same computer. [1] Timeshifter
Stegnet Stegnet is a custom tool, written in the C language, that is based on the structure and theory of Timeshifter. Instead of delay modification (Timeshifter), Stegnet modifies packet content. Stegnet modifies ICMP packets by: Capturing the packet from the NFQUEUE Modifying the Data field with the text from a file Recalculating the checksum with the new data Releasing the packet to its destination
Theory Of Operation Capture packets from a queue called NFQUEUE using iptables to route them: iptables -A OUTPUT -p icmp --icmp-type echo-request -j NFQUEUE --queue-num 0 Modify captured packets and release them to the network using the libnetfilter_queue library.
TransmitterReceiver 1 2 3 4 5 6 7 HELLO WORLD
Stegnet Limitations ICMP echo-request / echo-reply (ping) packets could be blocked by active network firewalls. The string is sent as plaintext within the Data field and therefore is a very weak and impractical method. Embedded string is limited to only 48 bytes.
BitTorrent Protocol BitTorrent is a peer-to-peer (P2P) protocol in which two or more computers that are uploading or downloading the same torrent transfer data amongst themselves without the need of a central server. [4] Why BitTorrent protocol? Very common traffic over the internet Peer-to-peer connections Highly customizable clients μTP has appealing header fields for hiding information
Alternate BitTorrent Network Stacks BitTorrent BitTorrent TCP μTP UDP IP IP MAC MAC PHY PHY
μTorrent Transport Protocol (μTP) Header From [5]:
qBitTorrent Free, open and multiplatform torrent client built on top of libtorrent. Why qBitTorrent? μTP capabilities Tracker mode Customizable port number [6]
Lab Setup
BitStegNet BitStegNet is directed towards modifying BitTorrent μTP packet headers. It follows the same structure as Timeshifter and Stegnet with some differences: Appropriate iptables rule to only forward BitTorrent traffic to the NFQUEUE Modified code to edit and interpret the μTP timestamp’s LSB The tool has a capacity of 1 bit of stego information per 100 kb of clean information.
Timestamp’s LSB Substitution
Timestamp’s LSB Substitution
Timestamp’s LSB Substitution
Timestamp’s LSB Substitution
BitStegNet Steganalysis BitTorrent traffic: Around 3% of total internet traffic during peak hours. Not suspicious our unexpected traffic. Timestamp field of μTP header: Microsecond resolution. LSB can be considered almost random. Common steganalysis scenario: Sniffed traffic will only show up BitTorrent over μTP packets. Only Chosen Stego and Known Stego attacks will work. You will need to capture all packets to discover the transmission.
Analysis Challenges Moving packets instead of static files. CRC and checksums. Firewalls and IDSs.
Analysis Challenges Moving packets instead of static files. CRC and checksums. Firewalls and IDSs. Limitations Only tested on controlled environments. Possible issues regarding packet order. Capable of sending just text based messages. libnetfilter_queue library only on Linux.
Analysis Challenges Moving packets instead of static files. CRC and checksums. Firewalls and IDSs. Limitations Only tested on controlled environments. Possible issues regarding packet order. Capable of sending just text based messages. libnetfilter_queue library only on Linux. Future work possibilities Testing in open networks Standalone program with GUI Possibility to send any file
Summary Using Timeshifter, we sent a covert message between two PCs by modifying the delay ICMP packets. We developed and tested Stegnet to send a covert message between two PCs by modifying the data field of ICMP packets. We developed and tested BitStegNet to send a covert message by modifying the timestamp of μTP packets.
BitStegNet Demonstration
Questions?
References [1] https://www.anfractuosity.com/projects/timeshifter/ [2] http://www-scf.usc.edu/~csci530l/downloads/covert_tcp.c [3] http://www.ieee-security.org/TC/SPW2013/papers/data/ [4] http://www.howtogeek.com/141257/htg-explains-how-does-bittorrent- work/ [5] http://www.bittorrent.org/beps/bep_0029.html [6] http://www.qbittorrent.org/

Recommended

Chapter 3. sensors in the network domain
Chapter 3. sensors in the network domainChapter 3. sensors in the network domain
Chapter 3. sensors in the network domainPhu Nguyen
 
Ba25315321
Ba25315321Ba25315321
Ba25315321IJERA Editor
 
Analytical Research of TCP Variants in Terms of Maximum Throughput
Analytical Research of TCP Variants in Terms of Maximum ThroughputAnalytical Research of TCP Variants in Terms of Maximum Throughput
Analytical Research of TCP Variants in Terms of Maximum ThroughputIJLT EMAS
 
Tarefa video
Tarefa video Tarefa video
Tarefa video Nikoameer
 
FEC & File Multicast
FEC & File MulticastFEC & File Multicast
FEC & File MulticastYoss Cohen
 
Streaming Video over a Wireless Network.ppt
Streaming Video over a Wireless Network.pptStreaming Video over a Wireless Network.ppt
Streaming Video over a Wireless Network.pptVideoguy
 
Multipath TCP as Security Solution
Multipath TCP as Security SolutionMultipath TCP as Security Solution
Multipath TCP as Security SolutionNishant Pawar
 
A Study on MPTCP for Tolerating Packet Reordering and Path Heterogeneity in W...
A Study on MPTCP for Tolerating Packet Reordering and Path Heterogeneity in W...A Study on MPTCP for Tolerating Packet Reordering and Path Heterogeneity in W...
A Study on MPTCP for Tolerating Packet Reordering and Path Heterogeneity in W...Communication Systems & Networks
 

Recommended

Chapter 3. sensors in the network domain
Chapter 3. sensors in the network domainChapter 3. sensors in the network domain
Chapter 3. sensors in the network domainPhu Nguyen
 
Ba25315321
Ba25315321Ba25315321
Ba25315321IJERA Editor
 
Analytical Research of TCP Variants in Terms of Maximum Throughput
Analytical Research of TCP Variants in Terms of Maximum ThroughputAnalytical Research of TCP Variants in Terms of Maximum Throughput
Analytical Research of TCP Variants in Terms of Maximum ThroughputIJLT EMAS
 
Tarefa video
Tarefa video Tarefa video
Tarefa video Nikoameer
 
FEC & File Multicast
FEC & File MulticastFEC & File Multicast
FEC & File MulticastYoss Cohen
 
Streaming Video over a Wireless Network.ppt
Streaming Video over a Wireless Network.pptStreaming Video over a Wireless Network.ppt
Streaming Video over a Wireless Network.pptVideoguy
 
Multipath TCP as Security Solution
Multipath TCP as Security SolutionMultipath TCP as Security Solution
Multipath TCP as Security SolutionNishant Pawar
 
A Study on MPTCP for Tolerating Packet Reordering and Path Heterogeneity in W...
A Study on MPTCP for Tolerating Packet Reordering and Path Heterogeneity in W...A Study on MPTCP for Tolerating Packet Reordering and Path Heterogeneity in W...
A Study on MPTCP for Tolerating Packet Reordering and Path Heterogeneity in W...Communication Systems & Networks
 
MultiPath TCP - The path to multipath
MultiPath TCP - The path to multipathMultiPath TCP - The path to multipath
MultiPath TCP - The path to multipathDiogo Mónica
 
TecDoc
TecDocTecDoc
TecDocRobert Waziak Jr.
 
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...IEEEGLOBALSOFTSTUDENTPROJECTS
 
A packet drop guesser module for congestion Control protocols for high speed ...
A packet drop guesser module for congestion Control protocols for high speed ...A packet drop guesser module for congestion Control protocols for high speed ...
A packet drop guesser module for congestion Control protocols for high speed ...ijcseit
 
Multipath TCP & practical usage
Multipath TCP & practical usageMultipath TCP & practical usage
Multipath TCP & practical usageKittipun Khantitrirat
 
Link Capacity Estimation in SDN-based End-hosts
Link Capacity Estimation in SDN-based End-hostsLink Capacity Estimation in SDN-based End-hosts
Link Capacity Estimation in SDN-based End-hostsFarzaneh Pakzad
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211IJNSA Journal
 
Multipath TCP
Multipath TCPMultipath TCP
Multipath TCPOlivier Bonaventure
 
ewsn09
ewsn09ewsn09
ewsn09Dang Thanh
 
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...IJTET Journal
 
Bg4101335337
Bg4101335337Bg4101335337
Bg4101335337IJERA Editor
 
NTP Final Report
NTP Final ReportNTP Final Report
NTP Final ReportAndrew McGarry
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsOlivier Bonaventure
 
Assignment on data network
Assignment on data networkAssignment on data network
Assignment on data networkAbhishek Kesharwani
 
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...Analysis of Link State Resource Reservation Protocol for Congestion Managemen...
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...ijgca
 
Design, implementation and evaluation of icmp based available network bandwid...
Design, implementation and evaluation of icmp based available network bandwid...Design, implementation and evaluation of icmp based available network bandwid...
Design, implementation and evaluation of icmp based available network bandwid...IJCNCJournal
 
Evaluation of mininet WiFi integration via ns-3
Evaluation of mininet WiFi integration via ns-3Evaluation of mininet WiFi integration via ns-3
Evaluation of mininet WiFi integration via ns-3Farzaneh Pakzad
 
Mtech syllabus computer science uptu
Mtech syllabus computer science uptu Mtech syllabus computer science uptu
Mtech syllabus computer science uptu Abhishek Kesharwani
 
Digital systems computer_electronics
Digital systems computer_electronicsDigital systems computer_electronics
Digital systems computer_electronicsNeeharika Kasarla
 
Implementation of Image Steganography in Image by using FMM nested with LSB S...
Implementation of Image Steganography in Image by using FMM nested with LSB S...Implementation of Image Steganography in Image by using FMM nested with LSB S...
Implementation of Image Steganography in Image by using FMM nested with LSB S...Praneeta Dehare
 
30808010 report(1)
30808010 report(1)30808010 report(1)
30808010 report(1)Diksha Srivastava
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentationBSheghembe
 

More Related Content

What's hot

MultiPath TCP - The path to multipath
MultiPath TCP - The path to multipathMultiPath TCP - The path to multipath
MultiPath TCP - The path to multipathDiogo Mónica
 
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...IEEEGLOBALSOFTSTUDENTPROJECTS
 
A packet drop guesser module for congestion Control protocols for high speed ...
A packet drop guesser module for congestion Control protocols for high speed ...A packet drop guesser module for congestion Control protocols for high speed ...
A packet drop guesser module for congestion Control protocols for high speed ...ijcseit
 
Link Capacity Estimation in SDN-based End-hosts
Link Capacity Estimation in SDN-based End-hostsLink Capacity Estimation in SDN-based End-hosts
Link Capacity Estimation in SDN-based End-hostsFarzaneh Pakzad
 
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...IJTET Journal
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsOlivier Bonaventure
 
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...Analysis of Link State Resource Reservation Protocol for Congestion Managemen...
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...ijgca
 
Design, implementation and evaluation of icmp based available network bandwid...
Design, implementation and evaluation of icmp based available network bandwid...Design, implementation and evaluation of icmp based available network bandwid...
Design, implementation and evaluation of icmp based available network bandwid...IJCNCJournal
 
Evaluation of mininet WiFi integration via ns-3
Evaluation of mininet WiFi integration via ns-3Evaluation of mininet WiFi integration via ns-3
Evaluation of mininet WiFi integration via ns-3Farzaneh Pakzad
 

What's hot (17)

MultiPath TCP - The path to multipath
MultiPath TCP - The path to multipathMultiPath TCP - The path to multipath
MultiPath TCP - The path to multipath
 
TecDoc
TecDocTecDoc
TecDoc
 
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
 
A packet drop guesser module for congestion Control protocols for high speed ...
A packet drop guesser module for congestion Control protocols for high speed ...A packet drop guesser module for congestion Control protocols for high speed ...
A packet drop guesser module for congestion Control protocols for high speed ...
 
Multipath TCP & practical usage
Multipath TCP & practical usageMultipath TCP & practical usage
Multipath TCP & practical usage
 
Link Capacity Estimation in SDN-based End-hosts
Link Capacity Estimation in SDN-based End-hostsLink Capacity Estimation in SDN-based End-hosts
Link Capacity Estimation in SDN-based End-hosts
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211
 
Multipath TCP
Multipath TCPMultipath TCP
Multipath TCP
 
ewsn09
ewsn09ewsn09
ewsn09
 
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...
 
Bg4101335337
Bg4101335337Bg4101335337
Bg4101335337
 
NTP Final Report
NTP Final ReportNTP Final Report
NTP Final Report
 
Beyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocolsBeyond TCP: The evolution of Internet transport protocols
Beyond TCP: The evolution of Internet transport protocols
 
Assignment on data network
Assignment on data networkAssignment on data network
Assignment on data network
 
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...Analysis of Link State Resource Reservation Protocol for Congestion Managemen...
Analysis of Link State Resource Reservation Protocol for Congestion Managemen...
 
Design, implementation and evaluation of icmp based available network bandwid...
Design, implementation and evaluation of icmp based available network bandwid...Design, implementation and evaluation of icmp based available network bandwid...
Design, implementation and evaluation of icmp based available network bandwid...
 
Evaluation of mininet WiFi integration via ns-3
Evaluation of mininet WiFi integration via ns-3Evaluation of mininet WiFi integration via ns-3
Evaluation of mininet WiFi integration via ns-3
 

Viewers also liked

Mtech syllabus computer science uptu
Mtech syllabus computer science uptu Mtech syllabus computer science uptu
Mtech syllabus computer science uptu Abhishek Kesharwani
 
Digital systems computer_electronics
Digital systems computer_electronicsDigital systems computer_electronics
Digital systems computer_electronicsNeeharika Kasarla
 
Implementation of Image Steganography in Image by using FMM nested with LSB S...
Implementation of Image Steganography in Image by using FMM nested with LSB S...Implementation of Image Steganography in Image by using FMM nested with LSB S...
Implementation of Image Steganography in Image by using FMM nested with LSB S...Praneeta Dehare
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentationBSheghembe
 
Steganography document
Steganography documentSteganography document
Steganography documentBSheghembe
 
Steganography
SteganographySteganography
SteganographySonam M
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question CollectionManish Luintel
 
Steganography Project
Steganography Project Steganography Project
Steganography Project Uttam Jain
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentationAshwin Prasad
 
Steganography Project
Steganography Project Steganography Project
Steganography Project Jitu Choudhary
 
Steganography
Steganography Steganography
Steganography Uttam Jain
 

Viewers also liked (15)

Mtech syllabus computer science uptu
Mtech syllabus computer science uptu Mtech syllabus computer science uptu
Mtech syllabus computer science uptu
 
Digital systems computer_electronics
Digital systems computer_electronicsDigital systems computer_electronics
Digital systems computer_electronics
 
Implementation of Image Steganography in Image by using FMM nested with LSB S...
Implementation of Image Steganography in Image by using FMM nested with LSB S...Implementation of Image Steganography in Image by using FMM nested with LSB S...
Implementation of Image Steganography in Image by using FMM nested with LSB S...
 
30808010 report(1)
30808010 report(1)30808010 report(1)
30808010 report(1)
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentation
 
Steganography
SteganographySteganography
Steganography
 
Steganography document
Steganography documentSteganography document
Steganography document
 
Steganography
SteganographySteganography
Steganography
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question Collection
 
Steganography Project
Steganography Project Steganography Project
Steganography Project
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentation
 
Steganography Project
Steganography Project Steganography Project
Steganography Project
 
Steganography
Steganography Steganography
Steganography
 
Steganography PDF
Steganography PDFSteganography PDF
Steganography PDF
 
PPT steganography
PPT steganographyPPT steganography
PPT steganography
 

Similar to Network Steganography Techniques Using Packet Delay and Modification

IJSRED-V1I1P2
IJSRED-V1I1P2IJSRED-V1I1P2
IJSRED-V1I1P2IJSRED
 
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...IEEEFINALSEMSTUDENTSPROJECTS
 
Communication Performance Over A Gigabit Ethernet Network
Communication Performance Over A Gigabit Ethernet NetworkCommunication Performance Over A Gigabit Ethernet Network
Communication Performance Over A Gigabit Ethernet NetworkIJERA Editor
 
Analyzing network packets Using Wireshark
Analyzing network packets Using WiresharkAnalyzing network packets Using Wireshark
Analyzing network packets Using WiresharkSmrutiRanjanBiswal9
 
LREProxy module for Kamailio Presenation
LREProxy module for Kamailio PresenationLREProxy module for Kamailio Presenation
LREProxy module for Kamailio PresenationMojtaba Esfandiari
 
Packet hiding methods for preventing selective jamming attacks
Packet hiding methods for preventing selective jamming attacksPacket hiding methods for preventing selective jamming attacks
Packet hiding methods for preventing selective jamming attackseSAT Publishing House
 
Implementation of Steganographic Method Based on IPv4 Identification Field ov...
Implementation of Steganographic Method Based on IPv4 Identification Field ov...Implementation of Steganographic Method Based on IPv4 Identification Field ov...
Implementation of Steganographic Method Based on IPv4 Identification Field ov...IJERA Editor
 
IRJET- Performance Improvement of Wireless Network using Modern Simulation Tools
IRJET- Performance Improvement of Wireless Network using Modern Simulation ToolsIRJET- Performance Improvement of Wireless Network using Modern Simulation Tools
IRJET- Performance Improvement of Wireless Network using Modern Simulation ToolsIRJET Journal
 
MC0087 Internal Assignment (SMU)
MC0087 Internal Assignment (SMU)MC0087 Internal Assignment (SMU)
MC0087 Internal Assignment (SMU)Krishan Pareek
 
TCP Performance analysis Wireless Multihop Networks
TCP Performance analysis Wireless Multihop NetworksTCP Performance analysis Wireless Multihop Networks
TCP Performance analysis Wireless Multihop NetworksAbhishek Kona
 
Mca3020 advanced database management system
Mca3020 advanced database management systemMca3020 advanced database management system
Mca3020 advanced database management systemsmumbahelp
 
Study on Performance of Simulation Analysis on Multimedia Network
Study on Performance of Simulation Analysis on Multimedia NetworkStudy on Performance of Simulation Analysis on Multimedia Network
Study on Performance of Simulation Analysis on Multimedia NetworkIRJET Journal
 
Abstract
AbstractAbstract
Abstractrajugnt
 
NETWORK CODING AS A PERFORMANCE BOOSTER FORCONCURRENT MULTI-PATH TRANSFER OF ...
NETWORK CODING AS A PERFORMANCE BOOSTER FORCONCURRENT MULTI-PATH TRANSFER OF ...NETWORK CODING AS A PERFORMANCE BOOSTER FORCONCURRENT MULTI-PATH TRANSFER OF ...
NETWORK CODING AS A PERFORMANCE BOOSTER FORCONCURRENT MULTI-PATH TRANSFER OF ...Nexgen Technology
 

Similar to Network Steganography Techniques Using Packet Delay and Modification (20)

3
33
3
 
IJSRED-V1I1P2
IJSRED-V1I1P2IJSRED-V1I1P2
IJSRED-V1I1P2
 
TCP/IP 3RD SEM.2012 AUG.ASSIGNMENT
TCP/IP 3RD SEM.2012 AUG.ASSIGNMENTTCP/IP 3RD SEM.2012 AUG.ASSIGNMENT
TCP/IP 3RD SEM.2012 AUG.ASSIGNMENT
 
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
 
Communication Performance Over A Gigabit Ethernet Network
Communication Performance Over A Gigabit Ethernet NetworkCommunication Performance Over A Gigabit Ethernet Network
Communication Performance Over A Gigabit Ethernet Network
 
Analyzing network packets Using Wireshark
Analyzing network packets Using WiresharkAnalyzing network packets Using Wireshark
Analyzing network packets Using Wireshark
 
hakin9_6-2006_str22-33_snort_EN
hakin9_6-2006_str22-33_snort_ENhakin9_6-2006_str22-33_snort_EN
hakin9_6-2006_str22-33_snort_EN
 
Question
QuestionQuestion
Question
 
LREProxy module for Kamailio Presenation
LREProxy module for Kamailio PresenationLREProxy module for Kamailio Presenation
LREProxy module for Kamailio Presenation
 
Packet hiding methods for preventing selective jamming attacks
Packet hiding methods for preventing selective jamming attacksPacket hiding methods for preventing selective jamming attacks
Packet hiding methods for preventing selective jamming attacks
 
Implementation of Steganographic Method Based on IPv4 Identification Field ov...
Implementation of Steganographic Method Based on IPv4 Identification Field ov...Implementation of Steganographic Method Based on IPv4 Identification Field ov...
Implementation of Steganographic Method Based on IPv4 Identification Field ov...
 
IRJET- Performance Improvement of Wireless Network using Modern Simulation Tools
IRJET- Performance Improvement of Wireless Network using Modern Simulation ToolsIRJET- Performance Improvement of Wireless Network using Modern Simulation Tools
IRJET- Performance Improvement of Wireless Network using Modern Simulation Tools
 
MC0087 Internal Assignment (SMU)
MC0087 Internal Assignment (SMU)MC0087 Internal Assignment (SMU)
MC0087 Internal Assignment (SMU)
 
TCP Performance analysis Wireless Multihop Networks
TCP Performance analysis Wireless Multihop NetworksTCP Performance analysis Wireless Multihop Networks
TCP Performance analysis Wireless Multihop Networks
 
Internetworking - IP
Internetworking - IPInternetworking - IP
Internetworking - IP
 
Mca3020 advanced database management system
Mca3020 advanced database management systemMca3020 advanced database management system
Mca3020 advanced database management system
 
Study on Performance of Simulation Analysis on Multimedia Network
Study on Performance of Simulation Analysis on Multimedia NetworkStudy on Performance of Simulation Analysis on Multimedia Network
Study on Performance of Simulation Analysis on Multimedia Network
 
Abstract
AbstractAbstract
Abstract
 
NETWORK CODING AS A PERFORMANCE BOOSTER FORCONCURRENT MULTI-PATH TRANSFER OF ...
NETWORK CODING AS A PERFORMANCE BOOSTER FORCONCURRENT MULTI-PATH TRANSFER OF ...NETWORK CODING AS A PERFORMANCE BOOSTER FORCONCURRENT MULTI-PATH TRANSFER OF ...
NETWORK CODING AS A PERFORMANCE BOOSTER FORCONCURRENT MULTI-PATH TRANSFER OF ...
 
CN UNIT III.pptx
CN UNIT III.pptxCN UNIT III.pptx
CN UNIT III.pptx
 

Network Steganography Techniques Using Packet Delay and Modification

  • 2. Steganography Steganography is a term generally described as the means of concealing secret information, so that an uninformed party is unaware of its existence, and extracting it at its destination.
  • 3. Network Steganography Network Steganography is the process of utilizing active network protocols as carriers to transmit a covert message, undetectable by a third party, from a host to its destination.
  • 4. Network Steganography Techniques Modification of packet delay: The packets are held for an appropriate amount of time on the sending system and the delay of which is decoded on the receiving system. Modification of packet content: Any of the possible fields that can be altered without affecting the arrival of the packet to its destination can be utilized to place covert information.
  • 5. What Were Our Goals? Utilize and develop tools to perform different network steganography techniques: Packet Delay Steganography (Layer 3) Packet Content Modification Steganography (Layer 3) Packet Content Modification Steganography (Layers 4+) Understand associated challenges Record limitations from tested approaches Gain insight / Lessons learned
  • 6. What Have We Accomplished? Successfully communicated between two PCs using three different network steganography techniques: Packet Delay Steganography (Timeshifter) ICMP Packet Content Modification Steganography (Stegnet) μTP Packet Content Modification Steganography (BitStegNet) Researched potential higher level protocols: TCP, UDP, μTP (Layer 4) BitTorrent (Layer 7) Researched higher level steganography techniques: TCP (Covert_tcp [1]) BitTorrent (StegTorrent [2])
  • 7. Network Steganography Tool Classifications Tool Steganography Method Layer Protocol Carrier Timeshifter Insertion 3 ICMP Packet delay Stegnet Substitution 3 ICMP ICMP header (data field) BitStegNet Substitution 4+ μTP μTP header (timestamp)
  • 8. Timeshifter is a tool developed by ‘Anfractuosity.’ Modifies time delays of ping packets in order to send information between two terminals within the same computer. [1] Timeshifter
  • 9. Stegnet Stegnet is a custom tool, written in the C language, that is based on the structure and theory of Timeshifter. Instead of delay modification (Timeshifter), Stegnet modifies packet content. Stegnet modifies ICMP packets by: Capturing the packet from the NFQUEUE Modifying the Data field with the text from a file Recalculating the checksum with the new data Releasing the packet to its destination
  • 10. Theory Of Operation Capture packets from a queue called NFQUEUE using iptables to route them: iptables -A OUTPUT -p icmp --icmp-type echo-request -j NFQUEUE --queue-num 0 Modify captured packets and release them to the network using the libnetfilter_queue library.
  • 12. Stegnet Limitations ICMP echo-request / echo-reply (ping) packets could be blocked by active network firewalls. The string is sent as plaintext within the Data field and therefore is a very weak and impractical method. Embedded string is limited to only 48 bytes.
  • 13. BitTorrent Protocol BitTorrent is a peer-to-peer (P2P) protocol in which two or more computers that are uploading or downloading the same torrent transfer data amongst themselves without the need of a central server. [4] Why BitTorrent protocol? Very common traffic over the internet Peer-to-peer connections Highly customizable clients μTP has appealing header fields for hiding information
  • 14. Alternate BitTorrent Network Stacks BitTorrent BitTorrent TCP μTP UDP IP IP MAC MAC PHY PHY
  • 15. μTorrent Transport Protocol (μTP) Header From [5]:
  • 16. qBitTorrent Free, open and multiplatform torrent client built on top of libtorrent. Why qBitTorrent? μTP capabilities Tracker mode Customizable port number [6]
  • 18. BitStegNet BitStegNet is directed towards modifying BitTorrent μTP packet headers. It follows the same structure as Timeshifter and Stegnet with some differences: Appropriate iptables rule to only forward BitTorrent traffic to the NFQUEUE Modified code to edit and interpret the μTP timestamp’s LSB The tool has a capacity of 1 bit of stego information per 100 kb of clean information.
  • 23.
  • 24. BitStegNet Steganalysis BitTorrent traffic: Around 3% of total internet traffic during peak hours. Not suspicious our unexpected traffic. Timestamp field of μTP header: Microsecond resolution. LSB can be considered almost random. Common steganalysis scenario: Sniffed traffic will only show up BitTorrent over μTP packets. Only Chosen Stego and Known Stego attacks will work. You will need to capture all packets to discover the transmission.
  • 25. Analysis Challenges Moving packets instead of static files. CRC and checksums. Firewalls and IDSs.
  • 26. Analysis Challenges Moving packets instead of static files. CRC and checksums. Firewalls and IDSs. Limitations Only tested on controlled environments. Possible issues regarding packet order. Capable of sending just text based messages. libnetfilter_queue library only on Linux.
  • 27. Analysis Challenges Moving packets instead of static files. CRC and checksums. Firewalls and IDSs. Limitations Only tested on controlled environments. Possible issues regarding packet order. Capable of sending just text based messages. libnetfilter_queue library only on Linux. Future work possibilities Testing in open networks Standalone program with GUI Possibility to send any file
  • 28. Summary Using Timeshifter, we sent a covert message between two PCs by modifying the delay ICMP packets. We developed and tested Stegnet to send a covert message between two PCs by modifying the data field of ICMP packets. We developed and tested BitStegNet to send a covert message by modifying the timestamp of μTP packets.
  • 31. References [1] https://www.anfractuosity.com/projects/timeshifter/ [2] http://www-scf.usc.edu/~csci530l/downloads/covert_tcp.c [3] http://www.ieee-security.org/TC/SPW2013/papers/data/ [4] http://www.howtogeek.com/141257/htg-explains-how-does-bittorrent- work/ [5] http://www.bittorrent.org/beps/bep_0029.html [6] http://www.qbittorrent.org/