Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phony TCP Retransmissions Can Hide Secret Messages

Posted by Soulskill on from the tricky-packets dept.

Hugh Pickens writes "New Scientist reports that a team of steganographers at the Institute of Telecommunications in Warsaw, Poland have figured out how to send hidden messages using the internet's transmission control protocol (TCP) using a method that might help people in totalitarian regimes avoid censorship. Web, file transfer, email and peer-to-peer networks all use TCP, which ensures that data packets are received securely by making the sender wait until the receiver returns a 'got it' message. If no such acknowledgment arrives (on average 1 in 1000 packets gets lost or corrupted), the sender's computer sends the packet again in a system known as TCP's retransmission mechanism. The new steganographic system, dubbed retransmission steganography (RSTEG), relies on the sender and receiver using software that deliberately asks for retransmission even when email data packets are received successfully (PDF). 'The receiver intentionally signals that a loss has occurred,' says Wojciech Mazurczyk. 'The sender then retransmits the packet but with some secret data inserted in it.' Could a careful eavesdropper spot that RSTEG is being used because the first sent packet is different from the one containing the secret message? As long as the system is not over-used, apparently not, because if a packet is corrupted, the original packet and the retransmitted one will differ from each other anyway, masking the use of RSTEG."

2 of 188 comments (clear)

  1. Re:Does it matter which data you send first? by DontBlameCanada · · Score: 5, Informative

    I believe the procedure will be something like this:

    Msg1: "The next character is part of a secret msg: /" --> Reciever NACK
    Msg2: "The next character is part of a secret msg: ." --> Reciever NACK
    Msg3: "The next character is part of a secret msg: R" --> Reciever NACK
    Msg4: "The next character is part of a secret msg: o" --> Reciever NACK
    Msg5: "The next character is part of a secret msg: x" --> Reciever NACK
    Msg6: "The next character is part of a secret msg: {ascii null}>"

    Secret msg: /.Rox

    It works because each tcp retransmission updates several fields in the tcp header as part of correct operation (check sum etc). So brute force comparison of the previous datagram to the new datagram will always fail. In order to detect this, the eavesdropper would need to strip the headers. That in itself isn't too hard, however since 1:1000 normal packets get a retransmit, the device doing the snooping will be hugely overwhelmed with noise.

    It be like trying to overhear whispered conversations in a huge auditorium with loudspeakers blaring a static hiss (white noise) at high volume.

  2. Even 1 bit per 1 megabyte might be a problem by Etylowy · · Score: 5, Informative

    With the packet size of ~1500 bytes a 1MB send means ~700 packets. With an average of 0.1% packets lost even sending a single bit of information (a single 0 or 1) per 1MB transfered gives you a 150% increase in lost packets
    With dialup and it's default packet size of ~500 bytes combined with much higher packet loss you might be able to sneak in 1-2 bytes per MB without making it possible at all to detect. Considering 56kbps modem upload speed and need for some error/fault correction in the protocol sending an equivalent of SMS (160 characters) would take more than 2 days.

    All that is assuming that someone is looking for that type of transmissions. If not it looks like a very nice method to send very short messages.