Yet Another Network Steganography Technique Basedon TCP Retransmissions

Abstract

This paper introduces a new technique of network steganography using the TCP protocol retransmission mechanism. The method can use any user-generated network traffic as hidden transmission channel. It utilizes overwriting TCP segments payload without recalculating checksums. Therefore, a segment after reaching its target is considered incorrect and it can be taken over to extract hidden data. Despite that, the segment is normally retransmitted according to the protocol specification; thanks to this, normal user communication is not affected. Following this idea, the basic mechanisms of this technique were designed and implemented. The testbed environment was prepared to conduct the initial proof-of-concept experiments and to measure basic operational metrics. The average steganographic bandwidth at the level of 2 kB/s was achieved for the conditions ensuring the proper level of undetectability. Discussion of the method detection possibilities was carried out and the directions of research development in this area were presented.