13:08 Tcp steganography or how to hide data on the Internet | |
Polish researchers have proposed a new way to network steganography based on features of widespread transport protocol TCP. The authors believe that their scheme, for example, can be used to send hidden messages in totalitarian countries introducing strict internet censorship. Try to understand what exactly is innovation and how it's really helpful. The first thing to determine what is steganography. So, steganography - the science of hidden messaging. That is, using her methods of trying to hide mere fact. This is the difference between the science of cryptography, which tries to make inaccessible for reading the message contents. It is worth noting that professional Community cryptographers quite contemptuously refers to steganography in the proximity of its ideology to the principle of «Security through obscurity» (do not know how it sounds correctly in Russian, something like "Security through ignorance"). This principle, for example, enjoyed the company Skype Inc. - Source code for popular dialer is closed and no one knows exactly how data encryption. Recently, incidentally complained about this in the NSA, as a renowned expert Bruce Schneier wrote in his blog. Returning to steganography, we answer the question why did she even care if there is strong cryptography. Indeed, because you can encrypt a message using any modern algorithms and by using sufficiently long keys no one read this message can not unless you do not want. Nevertheless, it is sometimes useful to hide the fact that a secret transmission. For example, if the authorities had intercepted zashivrovannoe your message can not decipher, but really want it, then eventually there are non-computer methods of impact and production information. Sounds antiutopichno, but agree that this is possible in principle. Therefore, it would be better to make sure that those who are non-positive did not know that the transfer took place. Polish researchers both time and suggested that such a method. And do they suggest using a protocol that every Internet user uses a thousand times a day. Here we come close to the Transmission Control Protocol (TCP). Explain all the details, razumeetetsya does not make sense - long, boring, those who should already know. In short we can say that TCP - a transport layer protocol (ie, working "on» IP and "below" the application layer protocol, for example HTTP, FTP or SMTP), which provides reliable delivery of data from sender to receiver. Reliable delivery means that if a packet is lost or came up with the changes, then TCP will make sure to send the packet. Note that a change in the package here means no deliberate distortion of data, and errors in the transmission occurring at the physical level. For example, until the package was on the copper wire pair of bits have changed their meaning is reversed or even lost in the noise (by the way the value for Ethernet Bit Error Rate is usually taken as equal to the order of 10-8). Packet loss in transit is also relatively frequent occurrence on the Internet. It can happen, for example, because of the congestion on routers, which leads to a buffer overflow and as a consequence of deflection of all newly arriving packets. Typically, the proportion of lost packets is about 0.1%, and a value in a couple of percent TCP ceases to function normally - a user will be awfully slow. Thus we see that the shipment (retransmission) packet for TCP frequent phenomenon in general, right. So why not use it for purposes of steganography given that TCP, as noted above, is used everywhere (variously estimated at present, the number of TCP in the Internet reaches 80-95%). The essence of the proposed method is that the forwarded message to send is not what it was in the original package, and the data that we are trying to hide. At the same time to detect such a substitution is not so simple. After all, you need to know where to look - the number of simultaneous TCP connections passing through the ISP's just huge. If you know the approximate level of retransmission in the network, you can adjust the mechanism steganography forward so that your connection will be no different from others. Of course this method is not free from shortcomings. For example, from a practical point of view to implement it would not be so easy - it will require changes in network stack in the operating systems, although prohibitively complicated in that there is nothing. In addition, if enough resources, you can still find "hidden" packages, it needs to review and analyze each packet in the network. But usually it is almost impossible, therefore, are usually looking for something stand out packets and connections, and the proposed method just makes your connection is unremarkable. Yes, and no one bothers you to encrypt secret data just in case. In this very connection may remain unencrypted in order to cause less suspicion. Authors of work (by the way, anyone interested, here it is) at the level simulations have shown that the proposed method works as intended. Perhaps in the future someone will realizations of their ideas into practice. And then, hopefully, the Internet will become a little less censorship. | |
|
Total comments: 0 | |