5/18/2019 Network

Steganography
Project Report

Group Members

Nabeeha Khattak 160634

1

Steganography is data hidden within data. The word steganography combines the Greek
words steganos, meaning "covered, concealed, or protected", and graphein meaning
"writing". Steganography techniques can be applied to images, a video file or an audio file.
Typically, however, steganography is written in characters including hash marking, but its
usage within images is also common. Nowadays, plotters are not only using the carriers but
also the protocols for communication that regulate the path of the carrier through the
Internet. This technique is named Network Steganography.

Steganography is an encryption technique that can be used along with cryptography as an

extra-secure method to protect data. Steganography is the practice of concealing a file,
message, image, or video within another file, message, image, or video. Steganography
terms include:

Embedded or Pay Load: Original message.

Carrier or Cover File: File in which the message is embedded.

Stego-Medium: The medium in which the information is hidden.

Steganalysis: The process of detecting hidden information inside a file.

Figure 1 Basic Steganography Model

2

Watermarking Cryptography Steganography

Watermarking Cryptography Steganography

Watermarking Steganography
Watermarking is the process of hiding digital information in a carrier signal.
Steganography hides the traces of communication while cryptography uses encryption to
make the message incomprehensible.

Our Work
In this Exercise, we created a covert channel using steganography techniques between two
nodes in a network. We sent a secret message from one computer to another computer
within TCP packets that was completely unable to detect by monitoring tools.

This program manipulates the TCP/IP header to transfer a file one byte at a time to a
destination host. This program can act as a server and a client and can be used to conceal
transmission of data inside the IP header. This is useful for bypassing firewalls from the
inside, and for exporting data with innocuous looking packets that contain no data for
sniffers to analyze. In other words, this technique can be used for spying purposes where a
user can embed malicious code secretly in another computer that would monitor the
environment there without its knowledge.

Figure 2 Working Procedure

3

Let’s start discussing the steps involved in the whole procedure.

 First, we took two systems with Linux Operating Systems on both systems. We used
Ubuntu as sender machine and Kali Linux as receiver machine.
 We then connect both the systems through a network and assigned static IP
addresses to both the systems for simplicity.
 We verified their communication using ping command from the terminal.
 Then we run the code on Ubuntu to embed our message in TCP/IP header and
started sending the packets.
 We gave time delay in sending the packets so those can be monitored perfectly.
 Then we switched to Kali Operating System (receiving end) and compile the code for
receiving the data from the source.
 While receiving, we constantly monitored TCP packets using WireShark which gave us
the details analysis of the packets.

Figure 3 Screenshot taken of Wireshark sniffing Packets

We examined that the message was embedded inside the header of the packet, not the main
body as normal. We have captured the first TCP packet that was received and we saw that
the first letter ‘H’ of our message was present there in the header. Similarly, further analysis
showed that in every packet, there was one letter present in a sequence as we divided the
message in smaller chunks to make it harder to detect by firewalls.