Abstract
Active wardens have been an area of postulation in the community for nearly two decades, but to date there have been no published implementations that can be used to stop steganography as it transits networks. In this paper we examine the techniques and challenges of a high-bandwidth, unattended, real-time, active warden in the context of a network firewall. In particular, we concentrate on structured carriers with objectively defined semantics, such as the TCP/IP protocol suite rather than on the subjective, or unstructured carriers such as images that dominate the information hiding literature. We introduce the concept of Minimal Requisite Fidelity (MRF) as a measure of the degree of signal fidelity that is both acceptable to end users and destructive to covert communications. For unstructured carriers, which lack objective semantics, wardens can use techniques such as adding noise to block subliminal information. However, these techniques can break the overt communications of structured carriers which have strict semantics. We therefore use a specification-based approach to determine MRF. We use MRF to reason about opportunities for embedding covert or subliminal information in network protocols and develop both software to exploit these channels, as well as an active warden implementation that stops them. For unstructured carriers, MRF is limited by human perception, but for structured carriers, well known semantics give us high assurance that a warden can completely eliminate certain subliminal or covert channels.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
R. J. Anderson. Stretching the limits of steganography. Springer Lecture Notes in Computer Science, pages 39–48, 1996. Special Issue on Information Hiding. 23
R. J. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley and Sons, New York, New York, USA, 2001. 20
R. J. Anderson and F.A.P. Petitcolas. On the limits of steganography. IEEE Journal of Selected Areas in Communications, 16(4):474–481, May 1998. Special Issue on copyright and privacy protection. 23, 24
S. Craver. On public-key steganography in the presence of an active warden. In Proceedings of the Second Information Hiding Workshop, April 1998. 23
K. Egevang and P. Francis. RFC 1631: The IP network address translator (NAT), May 1994. 30
M. Ettinger. Steganalysis and game equilibria. In Information Hiding, pages 319–328, 1998. 24
M. Fisk and G. Varghese. Agile and scalable analysis of network events. In Proceedings of the SIGCOMM Internet Measurement Workshop. ACM, November 2002. 32
J. Fridrich, R. Du, and M. Long. Steganalysis of LSB encoding in color images. In Proceedings of the IEEE International Conference on Multimedia and Expo, August 2000. 22
V.D. Gilgor. A guide to understanding covert channel analysis of trusted systems. Technical report, National Computer Security Center, U. S. Department of Defense, 1993. 23
M. Handley, C. Kreibich, and V. Paxson. Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In Proceedingsof USENIX Security Symposium, 2001. 20, 24, 29
A. Havill. The Spy Who Stayed Out In The Cold: The Secret Life of Double AgentRobert Hanssen. St. Martin’s Press, 2001. 20
N. F. Johnson. Steganalysis of images created using current steganographic software.In Proceedings of the Second Information Hiding Workshop, April 1998. 22,24
N.F. Johnson, Z. Duric, and S. Jajodia. Information Hiding: Steganography and Watermarking 3-Attacks and Countermeasures. Kluwer Academic Publishers,2000. 24, 26
N. F. Johnson and S. Jajodia. Exploring steganography: Seeing the unseen. IEEEComputer, pages 26–34, February 1998. 26
N. F. Johnson and S. Jajodia. Steganalysis: The investigation of hidden information.In Proceedings of the IEEE Information Technology Conference, September 1998. 22, 23
D. Kahn. The Codebreakers-The Story of Secret Writing. Scribner, New York, New York, USA, 1996. 26
E. Kawaguchi and R.O. Eason. Principle and applications of BPCS steganography. In Proceedings of SPIE’s International Symposium on Voice, Video, and Data Communications, November 1998. 21, 26
B. W. Lampson. A note on the confinement problem. Communications of the ACM, 16(10):613–615, 1973. 23
G. R. Malan, D. Watson, and F. Jahanian. Transport and application protocolscrubbing. In Proceedings of IEEE InfoCom, March 2000. 20, 24, 29
K. Nichols, S. Blake, F. Baker, and D. Black. RFC 2474: Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 headers, December 1998.29
V. Paxson. Bro: A system for detecting network intruders in real-time. Computer Networks, 31(23-24):2435–2463, December 1999. 20, 24
F.A.P. Petitcolas. Watermarking schemes evaluation. I. E. E. E. Signal Processing, 17:58–64, 2000. 24
F. A.P. Petitcolas, R. J. Anderson, and M.G. Kuhn. Attacks on copyright marking systems. In Proceedings of Information Hiding, Second International Workshop, IH’98, 1998. 24
S. Pluta. United States of America vs. Robert P. Hanssen. http://www.fas.org/irp/ops/ci/hanssen affidavit.html. 20
N. Provos and P. Honeyman. Detecting steganographic content on the internet. In Proceedings of the Network and Distributed Systems Security Symposium (NDSS), 2002. 23
T.H. Ptacek and T.N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report, Secure Networks Inc., January1998. 20, 24
C.H. Rowland. Covert channels in the TCP/IP protocol suite. First Monday, 1996. 27, 32
G. J. Simmons. The prisoners’ problem and the subliminal channel. In D. Chaum, editor, Advances in Cryptography: Proceedings of Crypto-83, pages 51–67. Plenum Press, New York and London, 1984, August 1983. 19, 23
M. Smart, G.R. Malan, and F. Jahanian. Defeating TCP/IP stack fingerprinting. In Proceedings of the 9th USENIX Security Symposium, August 2000. 24
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fisk, G., Fisk, M., Papadopoulos, C., Neil, J. (2003). Eliminating Steganography in Internet Traffic with Active Wardens. In: Petitcolas, F.A.P. (eds) Information Hiding. IH 2002. Lecture Notes in Computer Science, vol 2578. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36415-3_2
Download citation
DOI: https://doi.org/10.1007/3-540-36415-3_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00421-9
Online ISBN: 978-3-540-36415-3
eBook Packages: Springer Book Archive