A team of Polish steganographers at the Institute of Telecommunications in Warsaw are doing some neat work that should be of interest to digital activists. Steganography is is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.
Wojciech Mazurczyk, along with Krzysztof Szczypiorski and Milosz Smolarczyk are using the Internet’s transmission control protocol (TCP) to create fake web traffic that can mask the transmission of secret messages.
As the NewScientist explains,
“Web, file transfer, email and peer-to-peer networks all use TCP, which ensures that data packets are received securely by making the sender wait until the receiver returns a “got it” message. If no such acknowledgement arrives (on average 1 in 1000 packets gets lost or corrupted), the sender’s computer sends the packet again. This scheme is known as TCP’s retransmission mechanism – and it can be bent to the steganographer’s whim, says Mazurczyk.”
The team’s project is called Retransmission Steganography, or RSTEG, proposes to use software that deliberately asks the receiver of information to prompt a retransmission from the sender even when the data was successfully received in the first place. As Mazurczyk explains, “the sender then retransmits the packet but with some secret data inserted in it,” which means, “the message is hidden among the teeming network traffic.”
The use of RSTEG as a tactic for digital resistance could be quite effective. While eavesdroppers could monitor the fact that a first sent package is different from a second retransmitted one containing the secret message, this would be somewhat useless since all retransmitted packages differ from original ones anyway. In other words, “Retransmissions in IP networks are a ‘natural phenomenon’, and so intentional retransmissions introduced by RSTEG are not easy to detect if they are kept at a reasonable level.”
Mazurczyk and Szczypiorski are also working on a parallel project that draws on steganographic techniques to creating covert channels for Voice over Internet Protocol (VOIP) streams. This approach, called Lost Audio Packets Steganography, or LACK, “provides hybrid storage-timing covert channel by utilizing delayed audio packets.”
For more information on the technical specifications of the RSTEG and LACK techniques, please see the authors’ papers here and here respectively.
The team plans to demonstrate their approach at a workshop on network steganography in China later this year. Yes, China.