Friday, May 29, 2009

Fake web traffic can hide secret chat

by Paul Marks

THE internet's underlying technology can be harnessed to let people exchange secret messages, perhaps allowing free speech an outlet in oppressive regimes.

So says a team of steganographers at the Institute of Telecommunications in Warsaw, Poland. Steganography is the art of hiding a message in an openly available medium. For example, you can subtly change the pixels in an image in a way that is undetectable to the eye but carries meaning to anyone who knows the pre-arranged coding scheme.

Wojciech Mazurczyk, along with Krzysztof Szczypiorski and Milosz Smolarczyk, have already worked out how to sneak messages into internet phone calls, and now the Warsaw team have turned their attention to the internet's transmission control protocol (TCP).

Web, file transfer, email and peer-to-peer networks all use TCP, which ensures that data packets are received securely by making the sender wait until the receiver returns a "got it" message. If no such acknowledgement arrives (on average 1 in 1000 packets gets lost or corrupted), the sender's computer sends the packet again. This scheme is known as TCP's retransmission mechanism - and it can be bent to the steganographer's whim, says Mazurczyk.

Their system, dubbed retransmission steganography (RSTEG), relies on sender and receiver using software that deliberately asks for retransmission even when email data packets are received successfully. "The receiver intentionally signals that a loss has occurred. The sender then retransmits the packet but with some secret data inserted in it," he says in a preliminary research paper ( So the message is hidden among the teeming network traffic.

Could a careful eavesdropper spot that RSTEG is being used because the first sent packet is different from the one containing the secret message? As long as the system is not over-used, apparently not, because if a packet is corrupted the original packet and the retransmitted one will differ from each other anyway, masking the use of RSTEG.

No comments: