ICMP chat - Data hiding

Data Hiding in [ICMP Echo] messages

Mikel SolabarrietaThamer Alsuhbani

steganography

ICMP (INTERNET CONTROL MESSAGE PROTOCOL)

● RFC 792 - September 1981

● It is a supporting protocol in the Internet protocol (IP) suite. ● It is used by network devices, to send error messages and operational

information indicating, for example, that a requested service is not available or that a host or router could not be reached, among others.

ICMP (INTERNET CONTROL MESSAGE PROTOCOL)

● ICMP has many messages that are identified by a type field.

● The most popular are: type-0 and type-8 used by ping application.

ICMP (INTERNET CONTROL MESSAGE PROTOCOL)

● Details of a ICMP Echo message

The cover channel - data

We are going to use the data field as cover channel.

This field fit perfect for sending a hidden message.

Note:Changing another ICMP header field is a risk. The protocol might not work properly.

The cover channel - size

How big can be the message to send?

It can be an arbitrary length. However, the packet including IP and ICMP headers must be less than

the maximum transmission (MTU) unit of the network or risk being fragmented.

Our implementation - stegonet

● Python

● Scapy

● Wireshark - tcpdump

● Ping

Used tools:

Our implementation - stegonet

Our implementation - stegonet

Our implementation - stegonet

● As the message is travelling in plain text it represent a disadvantage.

● We implemented a simple, easy to understand cipher method: The Vigenere Coder.

Our implementation - stegonet

● The Vigenere encoder

Our implementation - stegonet

● The Vigenere encoder

Our implementation - stegonet

● Alice will send a message to Bob using ICMP in a public network.

Our implementation - stegonet

● Now, the message is not travelling in plain text anymore.

Thanks