Covert communication in TCP/IP network

Abstract

This thesis explores the area of Covert Communication in TCP/IP network (Internet). We investigate various protocols of TCP/IP suite, which have potential to be used for covert communication on the network. In this thesis we propose methods for covert communication using Internet protocols that are otherwise intended for transmission of control information. The methods use IP spoofing concept with ICMP or DNS query messages. The existence of these covert channels is known but exploitation of these in concrete methods for covert communication is the contribution of this work. The proposed methods are more efficient in the amount of data that are hidden per IP packet as compared to several existing methods on packet manipulation. The important thing is that whatever method is used for covert communication it should not hinder the normal communication on the network then only undetectability of these covert channels would be ensured. So no changes in protocol structure, router configuration etc would be required for the working of these methods for covert communication. For the same reason in our proposed methods we keep this thing in mind. That's why except at sender and receiver no new software is needed to implement the methods.