icmp chat - data hiding
TRANSCRIPT
![Page 1: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/1.jpg)
Data Hiding in [ICMP Echo] messages
Mikel SolabarrietaThamer Alsuhbani
steganography
![Page 2: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/2.jpg)
ICMP (INTERNET CONTROL MESSAGE PROTOCOL)
● RFC 792 - September 1981
● It is a supporting protocol in the Internet protocol (IP) suite. ● It is used by network devices, to send error messages and operational
information indicating, for example, that a requested service is not available or that a host or router could not be reached, among others.
![Page 3: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/3.jpg)
ICMP (INTERNET CONTROL MESSAGE PROTOCOL)
● ICMP has many messages that are identified by a type field.
● The most popular are: type-0 and type-8 used by ping application.
![Page 4: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/4.jpg)
ICMP (INTERNET CONTROL MESSAGE PROTOCOL)
● Details of a ICMP Echo message
![Page 5: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/5.jpg)
The cover channel - data
We are going to use the data field as cover channel.
This field fit perfect for sending a hidden message.
Note:Changing another ICMP header field is a risk. The protocol might not work properly.
![Page 6: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/6.jpg)
The cover channel - size
How big can be the message to send?
It can be an arbitrary length. However, the packet including IP and ICMP headers must be less than
the maximum transmission (MTU) unit of the network or risk being fragmented.
![Page 7: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/7.jpg)
Our implementation - stegonet
● Python
● Scapy
● Wireshark - tcpdump
● Ping
Used tools:
![Page 8: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/8.jpg)
Our implementation - stegonet
![Page 9: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/9.jpg)
Our implementation - stegonet
![Page 10: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/10.jpg)
Our implementation - stegonet
● As the message is travelling in plain text it represent a disadvantage.
● We implemented a simple, easy to understand cipher method: The Vigenere Coder.
![Page 11: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/11.jpg)
Our implementation - stegonet
● The Vigenere encoder
![Page 12: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/12.jpg)
Our implementation - stegonet
● The Vigenere encoder
![Page 13: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/13.jpg)
Our implementation - stegonet
● Alice will send a message to Bob using ICMP in a public network.
![Page 14: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/14.jpg)
Our implementation - stegonet
● Now, the message is not travelling in plain text anymore.
![Page 15: ICMP chat - Data hiding](https://reader031.vdocument.in/reader031/viewer/2022012311/5a65e37e7f8b9aaf638b57b1/html5/thumbnails/15.jpg)
Thanks