Abstract
Network steganography consists of different steganographic technics that utilize network protocols for hiding data. We present nine new covert channels which utilize the new standard, HTTP/2, and which can be used regardless its transport carrier (TLS or clear TCP). These covert channels use a protocol feature that has dual nature (for example, no padding can be represented in two ways); or a feature that is not mandatory (as streams prioritization and dependencies); or random value field (as PING frame payload field); or there is no strict rule how to obtain new values for some fields (as stream identifiers). As far as we know, this is the first research about hiding data in HTTP/2. Also, we give a small survey of existing covert channels that can be created using HTTP/1.x, with the analysis do they work or not work with the HTTP/2.
Highlights
Network steganography is the art of hiding secret data in legitimate transmissions in communication networks without destroying the used hidden data carrier [1]
Network steganography consists of different steganographic technics that utilize network protocols for hiding data
We present nine new covert channels which utilize the new standard, HTTP/2, and which can be used regardless its transport carrier (TLS or clear TCP)
Summary
Network steganography is the art of hiding secret data in legitimate transmissions in communication networks without destroying the used hidden data carrier [1]. Van Horenbeeck [12] implemented a tool Wondjina that creates a bidirectional covert channel using the HTTP ETag and If-None-Match header fields, which allows a client to verify whether its local cached copy is still current. The author suggests a Content-MD5 header field to be used for sending 128 bits of secret data per HTTP message in one way This header field has been removed from the protocol specification from 2014 (RFC 7231). Infranet’s web servers receive covert requests for censured web pages encoded as a sequence of HTTP requests to harmless web pages and return their content hidden inside harmless images using steganography Another covert channel for HTTP 1.1 and up, given by Graniszewski, et al [15], uses Trailer field in the HTTP header for hiding data. Usually we use a protocol feature that has dual nature, i.e., the same feature can be obtained in more than one way, the feature is not mandatory, there exist a random value field, or there is no strict rule how to obtain new values for some fields
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
