Current Internet e-mail facilities are built on the foundation of standard rules and protocols, which usually allow a considerable amount of "freedom" to their designers. Each of these standards has been defined based on a number of vendor specific implementations, in order to provide common inter-working procedures for cross-vendor communication. Thus, a lot of optional and redundant information is being exchanged during e-mail sessions, which is available to implement versatile covert channel mechanisms. The work exploits this possibility by presenting a simple but effective steganographic schema that can be used to deploy robust secret communication through e-mail. This schema can offer unidirectional asynchronous one-to-one or one-to-many covert channel facilities that are able to bypass the most sophisticated firewalls and traffic analyzers. Its implementation neither affects the involved transport protocols nor causes any perceivable performance degradation or data loss to the end-users. © 2011 IEEE.
E-mail-based covert channels for asynchronous message steganography
Castiglione, Aniello;Fiore, Ugo;
2011-01-01
Abstract
Current Internet e-mail facilities are built on the foundation of standard rules and protocols, which usually allow a considerable amount of "freedom" to their designers. Each of these standards has been defined based on a number of vendor specific implementations, in order to provide common inter-working procedures for cross-vendor communication. Thus, a lot of optional and redundant information is being exchanged during e-mail sessions, which is available to implement versatile covert channel mechanisms. The work exploits this possibility by presenting a simple but effective steganographic schema that can be used to deploy robust secret communication through e-mail. This schema can offer unidirectional asynchronous one-to-one or one-to-many covert channel facilities that are able to bypass the most sophisticated firewalls and traffic analyzers. Its implementation neither affects the involved transport protocols nor causes any perceivable performance degradation or data loss to the end-users. © 2011 IEEE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.