Information Hiding Using Improper Frame Padding
Source: Warsaw University of Technology
Hiding information in network traffic may lead to leakage of confidential information. In this paper the authors introduce a new steganographic system: the PadSteg (Padding Steganography). To their best knowledge it is the first information hiding solution which represents interprotocol steganography i.e. usage of relation between two or more protocols from the TCP/IP stack to enable secret communication. PadSteg utilizes ARP and TCP protocols together with an Etherleak vulnerability (improper Ethernet frame padding) to facilitate secret communication for hidden groups in LANs (Local Area Networks). Basing on real network traces they confirm that PadSteg is feasible in today's networks and the authors estimate what steganographic bandwidth is achievable while limiting the chance of disclosure.