HICCUPS: Hidden Communication System

for Corrupted Networks

KRZYSZTOF SZCZYPIORSKI
Warsaw University of Technology, Institute of Telecommunications
ul. Nowowiejska 15/19, 00-665 Warsaw, Poland
e-mail: K.Szczypiorski@tele.pw.edu.pl
Abstract: This article presents HICCUPS (HIdden Communication system for
CorrUPted networkS), a steganographic system dedicated to shared medium
networks including wireless local area networks. The novelty of HICCUPS is:
usage of secure telecommunications network armed with cryptographic
mechanisms to provide steganographic system and proposal of new protocol
with bandwidth allocation based on corrupted frames. All functional parts of
the system and possibility of its implementation in existing public networks
are discussed. An example of implementation framework for wireless local
area networks IEEE 802.11 is also presented.
Key words: steganography, information hiding, shared medium networks, wireless local
area networks, wireless security
1. INTRODUCTION
Steganography based on the creation of subliminal communication channels
known only to a sender and a recipient is a well known technique and has been used
for centuries especially for military and government purposes. Most of
contemporary, widely available implementations of steganographic systems are
dedicated to the multimedia applications hidden data is distributed in sound files,
images and movies. Our approach to steganography is from a telecommunications
perspective. Until now, in the current state of the art, we can observe (i.e. [2], [3],
[21], [17], [20]) a focus on content exchanged in application layer of network model
(Fig. 1) including watermarking as an intellectual property rights protection tool.
Steganographic solutions located in network protocols are not relatively widespread,
but they exist most of them rely on usage of communication protocols optional
fields or untypical values from correction codes space.



2
2
Our motivation to work on network protocol steganography is to develop new
techniques located in data link layer of TCP/IP protocol suite (Fig. 1). We have
chosen shared medium networks as a typical example of Local and Metropolitan
Area Networks (LANs and MANs).

0ala L|r|
Layer
NelWor|
|ayer
App||cal|or
|ayer
Trarsporl
|ayer
PlY
VAC
LLC
TCP/lP proloco| su|le
lEEE LAN
Relererce Vode|
Legend:
LLC - Link Layer Control
MAC - Medium Access Control
PHY - Physical Signalling

Fig. 1: TCP/IP protocol suite vs. IEEE LAN Reference Model

The new system presented in this article, HICCUPS (HIdden Communication
system for CorrUPted networkS), takes advantage of imperfections of transmission
medium environment interferences and noise in communication medium natural
susceptibility to data distortion. HICCUPS is a steganographic system with
bandwidth allocation for shared medium networks.

We are aware that wired shared medium networks based on broadcast
communication are rare nowadays as practically all new home and office networks
use switches rather than hubs [23] (note: that is why new LANs based on switches
are called switched networks). On the other hand all wireless local area networks do
use and will use broadcast technique to communicate. Usage of wireless technology
has rapidly grown in the last few years [6], making presented system applicable in
practice. Wireless networks are much more susceptible to data distortion [24] than
wired ones, therefore utilization of interferences and noise in communication
medium in our systems performance seems to be much attractive.

This paper is organized as follows. Section 2 presents a summary of related work
relevant to our proposal areas of steganography. Section 3 analyzes network
environment for proposed system and specifies its main properties. Section 4
explores HICCUPS operation in general. Section 5 describes functional parts of the


3
3
system. Section 6 presents an example of implementation framework for wireless
local area networks IEEE 802.11. Finally, Section 7 contains conclusions.
2. RELATED WORK
Theodore G. Handel and Maxwell T. Sandford [10] reported the existence of
hidden channels within standard design of network protocols. They described typical
hidden channel design for each layer of the ISO OSI RM (ISO Open System
Interconnection Reference Model). Their approach was oriented toward network
protocol steganography independent from application content (images, movies etc.).
The sections 5 and 6 (Data Hiding in the Physical Layer and Hiding Data in the
Data Link Layer) are important from our perspective of interest (note: to simplify
TCP/IP stacks data link layer consists of two ISO OSI RM layers: physical and data
link). The authors described an example of steganographic system for shared
medium networks based on modification of collision detection system in Ethernet
[23] physical layer. A control over the retransmission time after packet collision
(back off) allows to send bit-per-packet information. To send bit-per-packet
information station uses zero or maximum time instead of random amount of time.
Method described by Handel and Sandford is the only one generally known example
of steganographic system dedicated to shared medium networks. The limitation of
this method is low bandwidth: several bits per second for 10 Mbit/s Ethernet.
Andrzej Chmielewski [5] proposed utilization of AMI (Alternate Mark Inversion)
transmission code redundancy for creation of additional data stream. In proposed
scheme untypical values from correction codes space are used.

Most works on network protocol steganography focus on upper layers of TCP/IP
protocol suite. Craig Rowland [22] proposed three methods of encoding information
in the TCP/IP header (network and transport layer): in IP (Internet Protocol)
identification field, in initial sequence number field and the TCP (Transmission
Control Protocol) acknowledge sequence number field "bounce". Gina Fisk, Mike
Fisk, Christos Papadopoulos and Joshua Neil reported [8] method that allows to
control TCP/IP traffic by strong semantics-preserving alternations to packet headers.
Kamran Ahsan and Deepa Kundur presented [1] two data hiding techniques based
on fragmentation strategies and the identification field in the IP protocol. Lee Boyer
[4] described method of hidden communications between two parties by bypassing
probably all firewalls based on HTTP (HyperText Transfer Protocol) exchange.
3. NETWORK ENVIRONMENT FOR HICCUPS
Shared medium networks, especially local area networks with bus topology, use
various medium access mechanisms i.e. CSMA (Carrier Sense Multiple Access),
CSMA/CD (CSMA with Collision Detection), CSMA/CA (CSMA with Collision
Avoidance), Token Bus. A common feature of aforementioned mechanisms is the
possibility of hearing all frames with data transmitted in medium. Essential


4
4
condition for frame interception is physical medium access in wired network made
by cable connections. In wireless network physical proximity is realized by working
with appropriate distance and frequency.

The hearing of all frames with data transmitted in medium and the possibility of
sending corrupted frames with improper correction codes values are two important
network features for HICCUPS. In particular, wireless area networks use air
connection with variable bit error rate (BER) that creates opportunity to inject
synthetic corrupted frames. In general the novelty of HICCUPS includes:
1. usage of secure telecommunications network armed with cryptographic
mechanisms to provide steganographic system and
2. proposal of new protocol with bandwidth allocation for steganographic
purposes based on corrupted frames.

Crucial information from a hidden communication systems perspective is
exchanged in hidden channels. The remaining communications channels at Medium
Access Control (MAC Fig. 1) layer of IEEE LAN Reference Model are open for
cryptoanalytical attack and left for penetration as bait or honeypot; they also serve
normal data exchange.

Proposed system is destined to be implemented in a network environment with the
following three properties:
P1: shared medium network with possibility of frames interception,
P2: publicly known method of cipher initiation for instance by initialization vectors,
P3: integrity mechanisms for encrypted frames for instance one-way hash function,
Cyclic Redundancy Code CRC (note: CRC is rarely strong enough for
protecting integrity, but it is used in IEEE 802.11 for such purpose [11]).

The essential condition for HICCUPS is only P1 property others are optional.
There is no difference between the integrity mechanism for encrypted frames and
integrity for other ones in some networks with P3 property (for example IEEE
802.11 [11]).
4. HICCUPS OPERATION

Frare reader
(|rc|ud|rg desl|ral|or ard source addresses)
0ala pay|oad
Frare crec|sur

Fig. 2: Generic MAC frame



5
5
It is possible to create three hidden data channels in MAC frame (Fig. 2) in
networks that meets P1-P3 properties:
HDC1: channel based on ciphers initialization vectors,
HDC2: channel based on MAC network addresses (for example destination and
source),
HDC3: channel based on integrity mechanism values (for example frame
checksums).

For network with property limited to P1 network with no security applied or
enabled only HDC2 and HDC3 are used. Most of wired networks have no support
for security at MAC layer as opposed to wireless.



Fig. 3: General HICCUPS operation scheme


General HICCUPS operation scheme (Fig. 3) is based on three modes: system
initialization, basic mode, corrupted frame mode and is organized as follows:

In system initialization all stations included in hidden group (Fig. 4) establish
secret key for ciphers embedded in steganographic system. The proposed system is
universal framework not limited to unicast (1:1 one sender to one receiver),
multicast (1:N one to many, M:N many to many) or broadcast communication.
Solution is open for any group recruitment procedures, key agreement or key
distribution protocols. It is possible to use Diffie-Hellman [1] algorithm for key
agreement with optional Digital Signature System [18] (note: key exchange is very
difficult to hide from the observers so if there is no any other additional covert
channel to perform that operation system should be initialized manually). Also
specification of ciphers used for protecting data exchanged in hidden group is out of
this proposals scope for example symmetric block cipher AES (Advanced

YE3
YE3
N0
N0
8ystem |n|t|a||zat|on
as|c mode
6orrupted frame mode
Erd ol corrupled lrare rode?
A||ocal|or ol add|l|ora| oardW|dlr?
0ala excrarge v|a corrupled lrares -
lrares W|lr oad crec|surs (l0C3)
0ala excrarge v|a r|dder dala
crarre|s (l0C1 ard l0C2)
l|dder group eslao||srrerl
Key agreererl/|ey excrarge


6
6
Encryption Standard [19]) is acceptable. In some cases HICCUPS is able to work
without support from cryptography with no cipher embedded in steganographic
system. But we recommend to use network protocol steganography in conjunction
with strong cryptography.

Fig. 4: Example: hidden group consists of four stations
Basic mode of HICCUPS operation is data exchange based on ciphers initialization
vectors (HDC1) and MAC network addresses (HDC2). These hidden
communication channels are characterized by low bandwidth below 1% of
available room in frame. These channels are able to be used for exchange of control
messages among hidden group stations and for low bandwidth communications. For
set sequence exchanged via HDC1 or HDC2 hidden group stations move in
corrupted frame mode mode with additional bandwidth. Set sequence is common
knowledge of hidden group and is out of scope of this proposal. To ensure
prevention from replay attack one time password solutions can be applied.

In corrupted frame mode information is exchanged in data payload of frames with
intentionally created bad checksums (HDC3). This mode offers almost 100% of
bandwidth for a certain period. Normally, stations, which do not belong to the
hidden group, discard corrupted frames with bad frame checksums (note: some
stations can capture all traffic from network, but unknown for them, proper adjusted
proportion between normal and synthetic distortion in conjunction with strong
cryptography for steganographic system are sufficient to fool them). The method of
creation of bad frame checksums is common knowledge for hidden group stations
and is out of this proposals scope. A set sequence exchanged via HDC1-HDC3
causes a return to basic mode. That set sequence is also out of this proposals scope.
Network cards in corrupted frame mode should work in monitor mode, special
promiscuous mode with copying all frames (also these with bad frame checksums)
from transmission medium.
5. FUNCTIONAL PARTS OF HICCUPS
Basic functional parts of proposed system are:
P1: network cards dedicated, for example, to IEEE 802.11b [12], IEEE 802.11g
[13]; network cards should have possibility to control HDC1-HDC3 and data
payload in MAC frame,
P2: management system to control HDC1-HDC3 and data payload in MAC frame.



7
7
The management system (P2) may be produced in software or hardware and should
perform functions mentioned below:
joining hidden group,
leaving hidden group,
providing interface to upper network layer to control HDC1-HDC3 and data
payload in MAC frame,
with cryptographic extension:
key agreement/key exchange,
key refresh,
encryption/decryption.

After investigations in network card market (including IEEE 802.11 and IEEE 802.3
[14]) we found no interface that allows to produce frame with given CRC. So our
work is focused on developing self-made network card or reprogramming existing
software in available network cards. Some of available IEEE 802.11 network cards
(especially Prism II chip based) have monitor mode built-in, therefore interception
of all traffic, including corrupted frame, is possible.
6. EXAMPLE OF IMPLEMENTATION
FRAMEWORK FOR WIRELESS LOCAL AREA
NETWORKS IEEE 802.11
IEEE 802.11 [11] wireless local area networks (WLAN) meet all three
properties P1-P3. Especially IEEE 802.11 based ad hoc networks are very
attractive target for usage of the system. Additional advantage of wireless network
environment is that mean bit error rate is variable for specific network location.
Growing usage of wireless network and limited number of radio channels causes
these networks to interfere with each other in some areas. Mean bit error rate can
range from 10
-3
to 10
-7
. Typical frame error rate (FER) for IEEE 802.11 and TCP/IP
protocol suite is 2-3% but mobility of station increases FER by about 30% [24].
These values illustrate that a part of bandwidth can be grabbed for steganographic
purposes. IEEE 802.11 networks mostly use CSMA/CA and optional (at MAC
layer) Wired Equivalent Privacy protocol (WEP) to ensure data integrity and
confidentiality. WEP capable stations share a secret 40-bit key and use
pseudorandom symmetric algorithm RC4 for secure data exchange. For every
unique frame (Fig. 5) a 24-bit initialization vectors combined with shared key
creates a 64-bit session key. Most attacks on WEP exploit lack of key management
in specific IEEE 802.11 implementations. When a shared secret key is very rarely
refreshed it can lead to uncovering of RC4 weak keys ([9], [16]). For RC4 mode of
operation used in WEP proven correlation between key bytes and first byte of key
stream exists. In IEEE 802.11 integrity mechanisms for frames are made via CRC-
32.



8
8
Therefore IEEE 802.11 network environment has all three properties P1-P3:
P1.WLAN: wireless local area network with bus topology and medium access
mechanism CSMA/CA,
P2.WLAN: publicly known method of RC4 cipher initiation by initialization
vectors,
P3.WLAN: integrity mechanisms for encrypted frames CRC-32.

In IEEE 802.11 hidden information channels are the following:
HDC1.WLAN: channel based on RC4 initialization vectors: 24-bit,
HDC2.WLAN: channel based on MAC network addresses:
Destination Address: 48-bit,
Source Address: 48-bit,
Receiver Address: 48-bit,
Transmitter Address: 48-bit,
HDC3.WLAN: channel based on integrity mechanism values armed with WEP:
32-bit.

Frare reader
0ala pay|oad
lv[0|
CRC-32
lv[1| Key ruroer lv[2|
8 o|ls 8 o|ls 8 o|ls 8 o|ls
Legerd:
parl ol lrare prolecled oy wEP

Fig. 5: IEEE 802.11 MAC frame armed with WEP

There is no contraindication to use HICCUPS after final publication of specification
for enhanced security for IEEE 802.11 networks (IEEE 802.11i standard [15]) all
aforementioned hidden information channels will be available. In some cases, often
bandwidth allocation will cause high mean bit error rate and frame error rate, so
HICCUPS should be equipped with right to talk system dependent on current
bit/frame error rate. In wireless network we can imagine that all stations involved in
hidden communications will be keeping bit/frame error rate worse than it really
exists. In reality there is no way to predict bit/frame error rate at specific point of
network environment only physical existence of station or sensor gives
opportunity to measure bit/frame error rate. Keeping bit/error rate bad enough
consists of generating corrupted packets with data useless for steganographic
system.



9
9
In order to approximate maximal bandwidth for HICCUPS we will take typical case
under consideration: assuming that real FER is 1.5%, stations may pretend that FER
is 2.5%. For 11 Mbit/s IEEE 802.11b network [12] with 40% usage of bandwidth we
have: 11 Mbit/s40%(2.5%-1.5%) = 44 kbit/s for steganographic system. For 54
Mbit/s IEEE 802.11g network [13] we have: 216 kbit/s. Unlike in the method
described by Handel and Sandford [10] in our system we can forget term bit-per-
packet HICCUPS offers much more wide bandwidth (not several bits but kilobits
per second).
7. CONCLUSIONS
The system presented in this article is a new steganographic system dedicated
to shared medium networks especially wireless local area networks. Main novelty of
the system is usage of frames with bad checksums as a method of creating additional
on-demand bandwidth for steganographic purposes.

Perhaps steganographic systems located in upper network layers are much more
attractive and exciting than ones in data link layer. Upper layers (i.e. network,
transport and application) are suitable to carry data over WANs (World Area
Networks) including Internet. Although, lower layers have local tasks in networks
we hope that our approach, different from others known by state of the art, creates
new possibilities and can be applied to many existing wireless public networks. We
imagine sensor networks which need bandwidth allocation, for example wireless
cameras with differential image processing. We also hope that HICCUPS can be
applied to wireless cryptosystems working in environments susceptible to
interception, for example local area networks of a large range (i.e. several square
kilometers). Also we perceive possibility of designing independent authentication
system for network stations working parallel to other system implemented in
network protocol.
8. REFERENCES
[1] Ahsan K., Kundur D.: Practical Data Hiding in TCP/IP. In: Proceedings of Workshop
on Multimedia Security at ACM Multimedia '02, Juan-les-Pins (on the French Riviera),
December 2002
[2] Anderson, R. (Ed.): Proceedings of: Information Hiding First International Workshop,
Cambridge, U.K., May 30 June 1, 1996, vol. 1174 of Lecture Notes in Computer
Science, Springer-Verlag Inc.
[3] Aucsmith, D. (Ed.): Proceedings of: Information Hiding Second International
Workshop, IH'98, Portland, Oregon, USA, April 14-17, 1998, vol. 1525 of Lecture
Notes in Computer Science, Springer-Verlag Inc.
[4] Boyer L.: Firewall Bypass via Protocol Steganography
http://www.networkpenetration.com/protocol_steg.html
[5] Chmielewski A.: Utilization of Transmission Code Redundancy for Additional Data
Stream. Ph.D. dissertation (in Polish), Warsaw University of Technology, 1988


10
10
[6] Desourdis R., Smith D., Dewey R., DiSalvo R., Speights W.: Emerging Public Safety
Wireless Communication Systems. Artech House, 2001
[7] Diffie W., Hellman M. E.: New Directions in Cryptography. IEEE Transactions on
Information Theory, V. IT-22, n. 6, June 1977
[8] Fisk G., Fisk M., Papadopoulos C., Neil J.: Eliminating Steganography in Internet
Traffic with Active Wardens. In: [20], pp. 29-46.
[9] Fluhrer S., Mantin I., Shamir A.: Weaknesses in the Key Scheduling Algorithm of RC4.
In Proceedings of SAC 2001, Eighth Annual Workshop on Selected Areas in
Cryptography (Toronto, Ontario, Canada, August 2001), pp. 1-24
[10] Handel T. and Sandford M.: Hiding Data in the OSI Network Model. In: [2], pp. 2338
[11] IEEE 802.11, 1999 Edition (ISO/IEC 8802-11: 1999) IEEE Standards for Information
Technology Telecommunications and Information Exchange between Systems
Local and Metropolitan Area Network Specific Requirements Part 11: Wireless
LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications
[12] IEEE 802.11b-1999 Supplement to 802.11-1999, Wireless LAN MAC and PHY
specifications: Higher speed Physical Layer (PHY) extension in the 2.4 GHz band
[13] IEEE 802.11g-2003, IEEE Standard for Information technology Telecommunications
and Information Exchange between Systems Local and Metropolitan Area Network
Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and
Physical Layer (PHY) specificationsAmendment 4: Further Higher-Speed Physical
Layer Extension in the 2.4 GHz Band
[14] IEEE 802.3, 2002 Edition, IEEE Standard for Information Technology
Telecommunications and information exchange between systems Local and
metropolitan area networks Specific requirements Part 3: Carrier Sense Multiple
Access with Collision Detection (CSMA/CD) Access Method and Physical Layer
Specifications
[15] IEEE P802.11i/D3.0 Unapproved Draft Supplement to Standard for
Telecommunications and Information Exchange Between Systems LAN/MAN
Specific Requirements Part 11: Wireless LAN Medium Access Control (MAC) and
Physical Layer (PHY) Specifications: Specification for Enhanced Security, 2003
[16] Mironov I.: (Not So) Random Shuffles of RC4. In: Proceedings of: CRYPTO 2002,
22nd Annual International Cryptology Conference Santa Barbara, California, USA,
August 18-22, 2002, pp. 304-319, vol. 2442 of Lecture Notes in Computer Science,
Springer-Verlag Inc.
[17] Moskowitz, I. S. (Ed.): Proceedings of: Information Hiding 4th International
Workshop, IH 2001, Pittsburgh, PA, USA, April 25-27, 2001, vol. 2137 of Lecture
Notes in Computer Science, Springer-Verlag Inc.
[18] NIST FIPS PUB 186 Digital Signature Standard. National Institute of Standards and
Technology, U.S. Department of Commerce, May 18, 1994
[19] NIST FIPS PUB 191 Advanced Encryption Standard (AES). National Institute of
Standards and Technology, U.S. Department of Commerce, November 26, 2001
[20] Petitcolas, F. A. P. (Ed.): Proceedings of: Information Hiding 5th International
Workshop, IH 2002, Noordwijkerhout, The Netherlands, October 7-9, 2002, vol. 2578
of Lecture Notes in Computer Science, Springer-Verlag Inc.
[21] Pfitzmann, A. (Ed.): Proceedings of: Information Hiding Third International
Workshop, IH'99, Dresden, Germany, September 29 October 1, 1999, vol. 1768 of
Lecture Notes in Computer Science, Springer-Verlag Inc.
[22] Rowland C. H.: Covert Channels in the TCP/IP Protocol Suite. Psionics Technologies,
November 14, 1996
[23] Seifert R.: The Switch Book: The Complete Guide to LAN Switching Technology. John
Wiley & Sons, 2000
[24] Xylomenos G., Polyzos G.C., Mahonen P. and Saaranen M.: TCP Performance Issues
over Wireless Links. IEEE Communications Magazine, April 2001