Steganography with TCP retransmissionsMay 29, 2009 – 6:09 AM
Polish researchers have described a way of hiding information in retransmissions of IP-based data traffic. Transmission errors are simulated in a TCP connection to provoke retransmissions and, before packets are retransmitted, their content is replaced with data intended to be concealed.
With the steganographic protocol known to both sender and receiver, a more or less hidden channel can be established. The researchers Wojciech Mazurczyk, Miłosz Smolarczyk and Krzysztof Szczypiorski call their method “Retransmission Steganography” (RSTEG). In principle, the approach will also work with other network protocols.
No further measures are taken to conceal the message, but since retransmissions are not a rarity when data are sent over the internet, the approach assumes they will not be conspicuous among the other traffic. According to the authors, anyone watching the traffic between sender and receiver will have difficulty spotting the hidden channel. Normal retransmissions are one of the problems though; the recipient must be prepared to separate the steganographic packets from the naturally occurring retransmission packets which are generated by the recipients connections.