Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Information Hiding

IH 2002: Information Hiding pp 18–35Cite as

Eliminating Steganography in Internet Traffic with Active Wardens

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2578))

Abstract

Active wardens have been an area of postulation in the community for nearly two decades, but to date there have been no published implementations that can be used to stop steganography as it transits networks. In this paper we examine the techniques and challenges of a high-bandwidth, unattended, real-time, active warden in the context of a network firewall. In particular, we concentrate on structured carriers with objectively defined semantics, such as the TCP/IP protocol suite rather than on the subjective, or unstructured carriers such as images that dominate the information hiding literature. We introduce the concept of Minimal Requisite Fidelity (MRF) as a measure of the degree of signal fidelity that is both acceptable to end users and destructive to covert communications. For unstructured carriers, which lack objective semantics, wardens can use techniques such as adding noise to block subliminal information. However, these techniques can break the overt communications of structured carriers which have strict semantics. We therefore use a specification-based approach to determine MRF. We use MRF to reason about opportunities for embedding covert or subliminal information in network protocols and develop both software to exploit these channels, as well as an active warden implementation that stops them. For unstructured carriers, MRF is limited by human perception, but for structured carriers, well known semantics give us high assurance that a warden can completely eliminate certain subliminal or covert channels.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. R. J. Anderson. Stretching the limits of steganography. Springer Lecture Notes in Computer Science, pages 39–48, 1996. Special Issue on Information Hiding. 23

    Google Scholar 

  2. R. J. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley and Sons, New York, New York, USA, 2001. 20

    Google Scholar 

  3. R. J. Anderson and F.A.P. Petitcolas. On the limits of steganography. IEEE Journal of Selected Areas in Communications, 16(4):474–481, May 1998. Special Issue on copyright and privacy protection. 23, 24

    Article  Google Scholar 

  4. S. Craver. On public-key steganography in the presence of an active warden. In Proceedings of the Second Information Hiding Workshop, April 1998. 23

    Google Scholar 

  5. K. Egevang and P. Francis. RFC 1631: The IP network address translator (NAT), May 1994. 30

    Google Scholar 

  6. M. Ettinger. Steganalysis and game equilibria. In Information Hiding, pages 319–328, 1998. 24

    Google Scholar 

  7. M. Fisk and G. Varghese. Agile and scalable analysis of network events. In Proceedings of the SIGCOMM Internet Measurement Workshop. ACM, November 2002. 32

    Google Scholar 

  8. J. Fridrich, R. Du, and M. Long. Steganalysis of LSB encoding in color images. In Proceedings of the IEEE International Conference on Multimedia and Expo, August 2000. 22

    Google Scholar 

  9. V.D. Gilgor. A guide to understanding covert channel analysis of trusted systems. Technical report, National Computer Security Center, U. S. Department of Defense, 1993. 23

    Google Scholar 

  10. M. Handley, C. Kreibich, and V. Paxson. Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In Proceedingsof USENIX Security Symposium, 2001. 20, 24, 29

    Google Scholar 

  11. A. Havill. The Spy Who Stayed Out In The Cold: The Secret Life of Double AgentRobert Hanssen. St. Martin’s Press, 2001. 20

    Google Scholar 

  12. N. F. Johnson. Steganalysis of images created using current steganographic software.In Proceedings of the Second Information Hiding Workshop, April 1998. 22,24

    Google Scholar 

  13. N.F. Johnson, Z. Duric, and S. Jajodia. Information Hiding: Steganography and Watermarking 3-Attacks and Countermeasures. Kluwer Academic Publishers,2000. 24, 26

    Google Scholar 

  14. N. F. Johnson and S. Jajodia. Exploring steganography: Seeing the unseen. IEEEComputer, pages 26–34, February 1998. 26

    Google Scholar 

  15. N. F. Johnson and S. Jajodia. Steganalysis: The investigation of hidden information.In Proceedings of the IEEE Information Technology Conference, September 1998. 22, 23

    Google Scholar 

  16. D. Kahn. The Codebreakers-The Story of Secret Writing. Scribner, New York, New York, USA, 1996. 26

    Google Scholar 

  17. E. Kawaguchi and R.O. Eason. Principle and applications of BPCS steganography. In Proceedings of SPIE’s International Symposium on Voice, Video, and Data Communications, November 1998. 21, 26

    Google Scholar 

  18. B. W. Lampson. A note on the confinement problem. Communications of the ACM, 16(10):613–615, 1973. 23

    Article  Google Scholar 

  19. G. R. Malan, D. Watson, and F. Jahanian. Transport and application protocolscrubbing. In Proceedings of IEEE InfoCom, March 2000. 20, 24, 29

    Google Scholar 

  20. K. Nichols, S. Blake, F. Baker, and D. Black. RFC 2474: Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 headers, December 1998.29

    Google Scholar 

  21. V. Paxson. Bro: A system for detecting network intruders in real-time. Computer Networks, 31(23-24):2435–2463, December 1999. 20, 24

    Article  Google Scholar 

  22. F.A.P. Petitcolas. Watermarking schemes evaluation. I. E. E. E. Signal Processing, 17:58–64, 2000. 24

    Article  Google Scholar 

  23. F. A.P. Petitcolas, R. J. Anderson, and M.G. Kuhn. Attacks on copyright marking systems. In Proceedings of Information Hiding, Second International Workshop, IH’98, 1998. 24

    Google Scholar 

  24. S. Pluta. United States of America vs. Robert P. Hanssen. http://www.fas.org/irp/ops/ci/hanssen affidavit.html. 20

  25. N. Provos and P. Honeyman. Detecting steganographic content on the internet. In Proceedings of the Network and Distributed Systems Security Symposium (NDSS), 2002. 23

    Google Scholar 

  26. T.H. Ptacek and T.N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, Secure Networks Inc., January1998. 20, 24

    Google Scholar 

  27. C.H. Rowland. Covert channels in the TCP/IP protocol suite. First Monday, 1996. 27, 32

    Google Scholar 

  28. G. J. Simmons. The prisoners’ problem and the subliminal channel. In D. Chaum, editor, Advances in Cryptography: Proceedings of Crypto-83, pages 51–67. Plenum Press, New York and London, 1984, August 1983. 19, 23

    Google Scholar 

  29. M. Smart, G.R. Malan, and F. Jahanian. Defeating TCP/IP stack fingerprinting. In Proceedings of the 9th USENIX Security Symposium, August 2000. 24

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Los Alamos National Laboratory, USA

    Gina Fisk, Mike Fisk & Joshua Neil

  2. University of Southern California, USA

    Gina Fisk, Christos Papadopoulos & Joshua Neil

Authors
  1. Gina Fisk
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mike Fisk
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christos Papadopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Joshua Neil
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microsoft Research Ltd., 7 J. J. Thomson Avenue, CB3 0FB, Cambridge, UK

    Fabien A. P. Petitcolas

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fisk, G., Fisk, M., Papadopoulos, C., Neil, J. (2003). Eliminating Steganography in Internet Traffic with Active Wardens. In: Petitcolas, F.A.P. (eds) Information Hiding. IH 2002. Lecture Notes in Computer Science, vol 2578. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36415-3_2

Download citation

  • DOI: https://doi.org/10.1007/3-540-36415-3_2

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00421-9

  • Online ISBN: 978-3-540-36415-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation