Cover Page

IEEE Press
445 Hoes Lane
Piscataway, NJ 08854

IEEE Press Editorial Board
Tariq Samad, Editor in Chief

George W. Arnold Xiaoou Li Ray Perez
Giancarlo Fortino Vladimir Lumelsky Linda Shafer
Dmitry Goldgof Pui-In Mak Zidong Wang
Ekram Hossain Jeffrey Nanzer MengChu Zhou

Kenneth Moore, Director of IEEE Book and Information Services (BIS)

Information Hiding in Communication Networks

Fundamentals, Mechanisms, Applications, and Countermeasures

Wojciech Mazurczyk

Steffen Wendzel

Sebastian Zander

Amir Houmansadr

Krzysztof Szczypiorski

Wiley Logo

Published by John Wiley & Sons, Inc., Hoboken, New Jersey. All rights reserved

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data is available.

ISBN: 978-1-118-86169-1

Dedication

Wojciech Mazurczyk would like to dedicate this book to his wife Magdalena and sons Bartek and Tomek.

Steffen Wendzel would like to dedicate this book to Mali.

Sebastian Zander would like to dedicate this book to Wunna, Lara, and Lukas.

Amir Houmansadr would like to dedicate this book to the memory of his grandmother Fatemeh.

Krzysztof Szczypiorski would like to dedicate this book to the memory of his father Jan Szczypiorski.

List of Figures

  1. 1.1 Basic mimicry system. S1 and S2 denote signal transmitters and R is the signal receiver. “+” denotes that the response of the receiver R is advantageous to S2; thus, S2 benefits from the S1/R couple. (Reproduced from [3] with permission of Wiley.)
  2. 1.2 Ancient and modern information hiding.
  3. 1.3 Evolution of hidden data carrier throughout the history. (Reproduced from [6] with permission of ACM.)
  4. 1.4 Protocol functions used for network steganography, associated with OSI RM layers. (Reproduced from [29] with permission of IEEE.)
  5. 2.1 Classification of information concealment possibilities in communication networks.
  6. 2.2 A historic classification of information hiding techniques. (Reproduced from [2] with permission of IEEE.)
  7. 2.3 Classification of modern steganography techniques and scope of network steganography.
  8. 2.4 An example of carrier and subcarriers based on VoIP connection example. (Reproduced from [13] with permission of Wiley.)
  9. 2.5 Multiple flows steganography example—sending secret data that is distributed over a number of traffic flows. (Reproduced from [13] with permission of Wiley.)
  10. 2.6 Network steganography methods classification.
  11. 2.7 Relationship between the three features of network steganography. (Reproduced from [15] with permission of ACM.)
  12. 2.8 Relationship between the features of network steganography with steganographic cost included. (Reproduced from [13] with permission of Wiley.)
  13. 2.9 Relationship between steganographic cost and undetectability. (Reproduced from [13] with permission of Wiley.)
  14. 2.10 Traffic type obfuscation techniques classification.
  15. 2.11 Model for hidden communication. (Reproduced from [15] with permission of ACM.)
  16. 2.12 Hidden communication scenarios and potential localizations of the warden. (Reproduced from [15] with permission of ACM.)
  17. 3.1 Taxonomy for storage methods as patterns shaded. (Reproduced from [1] with permission of ACM.)
  18. 3.2 Illustration of the size modulation pattern: PDUs of different size are transmitted between sender and receiver to encode symbols s1 and s2.
  19. 3.3 The sequence method illustrated using a simple HTTP request. Two different symbols s1 and s2 are encoded by the order of two selected header elements.
  20. 3.4 Illustration of the case pattern. By only using one header line, multiple symbols per request can be transferred by modulating the case of letters.
  21. 3.5 Taxonomy for network steganography timing methods.
  22. 3.6 Example of using packet rate (throughput) to encode hidden communication. The covert sender encodes a zero bit as sending with rate r0 and a one bit as sending with rate r1. The covert receiver decodes the hidden messages based on the observed rates.
  23. 3.7 Example of using time gaps between packets to encode hidden communication. The covert sender encodes a zero bit as small gap g0 and a one bit as large gap g1. The covert receiver decodes the bits based on the gaps observed.
  24. 3.8 An FTP NOOP covert channel, an example of using message sequence timing for hidden communication. The integer value of the covert bits is encoded as the number of FTP NOOP commands sent during the idle periods when no data are transferred via FTP.
  25. 3.9 An example of using artificial packet loss to encode hidden communication. The covert sender encodes a zero bit as arrived packet and a one bit as artificially lost packet. The covert receiver decodes the information using the packet's sequence numbers.
  26. 3.10 An example of (re)ordering packets to encode hidden communication. A packet in a correct position encodes a zero bit, while a packet in an incorrect position encodes a one bit.
  27. 3.11 An example of using frame jamming for hidden communication. To send a zero or one bit, the covert sender retransmits with delay d0 or delay d1, respectively, after a previous frame collision.
  28. 3.12 A temperature-based covert channel. The covert sender encodes information by changing the CPU load on the intermediate host through changing the service request rate. The CPU load changes affect the temperature, which in turn affects the clock skew on the intermediate host. The covert receiver measures the clock-skew change over time to reconstruct the original load pattern and thereby decode the covert bits. (Reproduced from [63] with permission of IEEE.)
  29. 3.13 The idea of LACK. (Reproduced from [34] with permission of Wiley.)
  30. 3.14 LACK as an example of a hybrid method.
  31. 3.15 Components of the LACK delay. (Reproduced from [34] with permission of Wiley.)
  32. 3.16 The impact of LACK on the total packet loss probability. (Reproduced from [57] with permission of Wiley.)
  33. 3.17 Generic retransmission mechanism based on timeouts. (Reproduced from [63] with permission of Springer.)
  34. 3.18 The concept of retransmission steganography. (Reproduced from [63] with permission of Springer.)
  35. 3.19 An example of the RTO-based RSTEG segment recovery. (Reproduced from [38] with permission of Springer.)
  36. 4.1 Control protocol terminology showing the embedding of all control protocol components into subcarriers, which are combined to form the cover area.
  37. 4.2 Optimization problem for control protocols: header size and feature spectrum are conflicting requirements.
  38. 4.3 Ping Tunnel's control protocol header. (Reproduced from [4] with permission of Springer.)
  39. 4.4 The header of the protocol presented by Ray and Mishra. (Reproduced from [4] with permission of Springer.)
  40. 4.5 Two types of PSCCs. (a) Protocol hopping covert channel using two protocols (hidden data are embedded into storage attributes). (b) Protocol channel using four protocols (hidden data are represented by the protocol itself). (Reproduced from [21] with permission of Iaria.)
  41. 4.6 The concept of status updates.
  42. 4.7 (a) A ToU occurs multiple times within one packet to reduce the overall number of packets and header bits required for a transaction. (b) The same data are transmitted using two packets, that is, the feature of allowing multiple occurrences for a ToU per packet is not used.
  43. 4.8 Control protocol engineering approach. (Reproduced from [2] with permission of Springer.)
  44. 4.9 Produced words by the exemplary grammars GCP and GCC.
  45. 4.10 The sender S transfers information to the receiver R via the covert channel proxies Q1 ⋯ Qn. (Reproduced from [3] with permission of Springer.)
  46. 5.1 Classes of traffic type obfuscation based on the objective.
  47. 5.2 Padding network packets to de-identify packet sizes.
  48. 5.3 The main architecture of SkypeMorph [21].
  49. 5.4 The main components of FreeWave [22].
  50. 5.5 The main components of FreeWave [22] client.
  51. 5.6 The main components of FreeWave [22] server.
  52. 5.7 Classes of traffic type obfuscation based on the implementation domain.
  53. 5.8 The main architecture of Obfsproxy.
  54. 5.9 The main architecture of CensorSpoofer [36].
  55. 5.10 Countermeasures to traffic type obfuscation.
  56. 5.11 Skype TCP activity with and without changes in bandwidth. (Reproduced from [37] with permission of IEEE.)
  57. 6.1 Linking network flows for the detection of stepping stone attacks. Flows numbered 2 and 5 are part of a stepping stone attack, while the other flows are benign.
  58. 6.2 General model of network flow watermarking.
  59. 6.3 Using flow watermarks to detect stepping stone attacks.
  60. 6.4 A system for anonymous communications.
  61. 6.5 A botnet traceback system [29] using flow watermarks.
  62. 6.6 Random selection and assignment of time intervals of a packet flow for watermark insertion.
  63. 6.7 Distribution of packets arrival time in an interval of size T before and after being delayed.
  64. 6.8 Model of RAINBOW network flow watermarking system.
  65. 6.9 Slot numbering in the SWIRL scheme. (Reproduced from [14] with permission of Springer.)
  66. 6.10 Delaying packets to insert a watermark by SWIRL. (Reproduced from [34] with permission of Springer.)
  67. 6.11 Targeted (a) and nontargeted (b) attacks on an anonymous network.
  68. 7.1 The VoIP stack and protocols. (Reproduced from [4] with permission of IEEE.)
  69. 7.2 A frame carrying a speech payload encoded with an overt codec (1), transcoded (2), and encoded with a covert codec (3). (Reproduced from [19] with permission of IEEE.)
  70. 7.3 The TranSteg scenario S4 (SS–Secret Sender; SR–Secret Receiver). (Reproduced from [19] with permission of IEEE.)
  71. 7.4 The distribution of packets' size during conversation and periods of silence.
  72. 7.5 StegTorrent hidden data exchange scenario (TsX denotes a timestamp from the corresponding μTP header's field. (Reproduced from [25] with permission of IEEE.)
  73. 7.6 iStegSiri's crafted voice stream (a); results in corresponding classes of traffic (blue—voice, red—silence), which successfully detects secret data bits at the receiving side (b). (Reproduced from [48] with permission of IEEE.)
  74. 7.7 The structure of the MAC frame. (Reproduced from [67] with permission of IEEE.)
  75. 7.8 Frame Control field. (Reproduced from [67] with permission of ACM.)
  76. 7.9 Client server message exchange in First Person Shooter games. (Reproduced from [70] with permission of Springer.)
  77. 7.10 Player character movement in FPS games. (Reproduced from [70] with permission of Springer.)
  78. 7.11 An example of user input values and server snapshot values [70].
  79. 7.12 Example of covert channel encoding. (Reproduced from [70] with permission of IEEE.)
  80. 7.13 Reliable data transport state machine. (Reproduced from [70] with permission of IEEE.)
  81. 7.14 Throughput depending on Round-Trip Time (RTT), covert bits per angle change (bpa), and number of players. (Reproduced from [70] with permission of IEEE.)
  82. 7.15 Throughput depending on packet loss rate, covert bits per angle change (bpa), and number of players. (Reproduced from [70] with permission of IEEE.)
  83. 7.16 Possible locations for eavesdropper attacks and network steganographic transmissions in building automation networks.
  84. 7.17 Data leakage over a building automation network to an external receiver.
  85. 8.1 Countermeasures that can be used to eliminate, limit, and audit the use of network steganography.
  86. 8.2 Traffic normalizers remove semantic ambiguities by modifying the content and the timing of protocol messages in order to eliminate covert channels.
  87. 8.3 The PUMP significantly reduces covert channel capacity, because it “decouples” the high-security system's ACKs from the ACKs sent to the low-security system. (Reproduced from [58] with permission of IEEE.)
  88. 8.4 Network steganography detection with supervised ML techniques.
  89. 8.5 Network steganography detection with unsupervised ML techniques.
  90. 8.6 Backpropagation neural network.

List of Tables

  1. 1.1 Analogies between the information hiding field and the kingdoms of living things.
  2. 1.2 Analogies between exemplary ancient and modern information hiding techniques.
  3. 5.1 Passive protocol-based countermeasures to detect imitators of the Skype protocol.
  4. 8.1 Possible scenarios to attack control protocols based on [3]
  5. 8.2 Well-known techniques to normalize IP, UDP, and TCP header fields and their possible side effects.

Foreword

Steganography—the art and science of concealed communication—can be tracedback to antiquity. Secret messages written in invisible ink, printed in microdots, or hidden in innocuous hand-crafted images form the history of this exciting field. Systematic research in steganography only began in the late 1990s and early 2000s. Much of this early research focused on hiding data in multimedia content such as digital images, video streams, or audio data and was driven by the quest to protect copyright. At the same time, steganography was seen as a versatile tool to mitigate governmental bans on the use of cryptography. The research performed in these decades gave us a fair understanding of the possibilities and limits of data hiding.

The new hotspot of the field is network steganography. In contrast to many previous approaches that predominantly targeted multimedia data, network steganography attempts to conceal secret messages directly in network streams. It turns out that the ever-increasing volume of Internet traffic provides a perfect cover for steganographic communication. For example, one can utilize unused bits in network protocols to send covert information or change order and timing of network packets to encode supplementary data.

Network steganography has the potential to circumvent oppressive government surveillance by providing means to communicate “under the radar” of current network monitoring tools. Steganographic techniques can also avoid censorship by concealing the ultimate goal of a communication channel. Furthermore, techniques similar to those employed in network steganography allow to obfuscate the type of traffic or allow to watermark network flows should be. The goal of the former is to conceal the true purpose of a communication channel, while the latter attempts to trace traffic even if it flows through several networked devices. On the downside, network steganography may be used by attackers to efficiently exfiltrate secrets from highly protected computers or by botnets to set up covert control channels; flow watermarking has the potential to break anonymization tools.

Research in network steganography and related disciplines will give us a good insight into the opportunities and risks of this novel technology, which we just started to explore in detail. We learned that simple steganographic schemes that substitute parts of an ongoing communication with secrets are usually detectable, as they introduce unnatural patterns in data streams. This created opportunities to develop specially crafted steganalytic algorithms that discriminate innocuous from steganographic communication, which in turn led to the development of better steganographic tools. This “cat-and-mouse” game between the steganographer and the steganalyst is likely to continue in the near future. The same holds for traffic obfuscation: schemes optimized to mimic a certain distribution of packets will likely be broken with higher order statistics.

I am therefore delighted to see the first comprehensive book on network steganography and related technologies, which I expect will be the standard reference on the subject. I hope that this book will inspire many researchers to explore this exciting discipline of network security—and that it boosts the “cat-and-mouse” game between steganographers and steganalysts, which is vital to move our field forward.

Stefan Katzenbeisser

Preface

Information hiding techniques have their roots in nature, and they have been utilized by humankind for ages. The methods have evolved throughout the ages, but the aims remained the same: hiding secret information to protect them from untrusted parties or to enable covert communication. The latter purpose has grown in importance with the introduction of communication networks where many new possibilities of data hiding emerged.

Information hiding can be utilized for both benign and malicious purposes. Currently, the rising trend among Black Hats is to equip malware with covert communication capabilities for increased stealthiness. On the other hand, covert channels are also becoming increasingly useful for circumventing censorship in oppressive regimes. The complexity and richness of continuously appearing new services and protocols guarantee that there will be a lot of new opportunities to hide secret data. A problematic aspect in this regard is the lack of effective and universal countermeasures that can be applied in practice against increasingly sophisticated information hiding techniques (especially when used for malicious purposes).

Security, censorship, and blocking are on the rise in the Internet. Hence, where covert communication techniques seemed like overkill some time ago, they may become very attractive in the future. Therefore, we expect that in the future, information hiding methods for communication networks will see more widespread use than today, and they will continue to become more sophisticated and harder to detect. It must be emphasized that the threat posed by information hiding techniques can potentially affect every Internet user, since even innocent users' network traffic can be utilized for covert communication purposes (without their explicit knowledge). This will raise similar legal and ethical issues like we are currently experiencing with botnets.

Approach and Scope

We decided to write this book, because there was no reference book available that covers all aspects of information hiding for communication networks from the history, over the hiding techniques, to the countermeasures. We formed a team of authors, each with significant expertise in certain areas of the overall topic, who contributed equally to the book. As a group, we were able to put together a comprehensive description of the current state-of-the-art of information hiding in communication networks, including the important issues, challenges, emerging trends, and applications.

This book is intended to be utilized mainly as a reference book to teach courses like information hiding, or as a part of network security or other security-related courses. The target audience of the book are graduate students, academics, professionals, and researchers working in the fields of security, networking, and communications. However, the first few chapters of this book are written so that non-expert readers will be able to easily grasp some of the fundamental concepts in this area.

The book is divided into eight chapters that cover the most important aspects of information hiding techniques for communication networks. The last chapter concludes this book.

Chapter Overview

Chapter 1 is written mostly in a tutorial style so that even a general reader will be able to easily grasp the basic concepts of information hiding, their evolution throughout the history, and their importance especially when utilized in networking environments. It also contains many examples of applications of modern information hiding for criminal and legitimate purposes, and it highlights current development trends and potential future directions.

Chapter 2 discusses the existing terminology and its evolution in the information hiding field. It introduces a new classification of data hiding techniques; however, our new classification builds on existing concepts. The chapter then introduces the two main subfields: network steganography and traffic type obfuscation methods. The chapter concludes with a description of the model for hidden communication and related communication scenarios. It also highlights potential countermeasures.

Chapter 3 describes in detail different flavors of network steganography. Three main types of techniques are distinguished and then characterized: hiding information in protocol modifications, in the timing of network protocols, and hybrid methods.

Chapter 4 introduces techniques that improve the resiliency and undetectability of network steganography methods. These techniques are usually implemented by so-called control protocols. The chapter discusses their features, highlights the design of known control protocols, and discusses control protocol-specific engineering methods.

Chapter 5 concentrates on traffic type obfuscation techniques that allow to hide the type of the network traffic exchanged between two (or multiple) network entities, that is, the underlying network protocol. Typical applications of these methods are twofold: blocking resistance or privacy protection. The chapter presents a classification of traffic type obfuscation techniques and covers the most important of these techniques in detail.

Chapter 6 focuses on network flow watermarking. Network flow watermarking manipulates the traffic patterns of a network flow, for example, the packet timings, or packet sizes, in order to inject an artificial signal into that network flow—a watermark. This watermark is primarily used for linking network flows in application scenarios where packet contents are striped of all linking information.

Chapter 7 presents most recent examples and applications of information hiding in communication networks with a focus on current covert communication methods for popular Internet services. This includes hiding information in virtual worlds (e.g., multiplayer online games), IP telephony, wireless networks and modern mobile devices, and P2P networks and their global services like BitTorrent and Skype. Additionally, we discuss potential steganographic methods for social networks and the Internet of Things (e.g., building automation systems).

Chapter 8 discusses potential countermeasures against network steganography. The chapter describes different types of techniques that lead to the detection, prevention, and limitation of hidden communication.

Chapter 9 concludes the book.

Wojciech Mazurczyk

Steffen Wendzel

Sebastian Zander

Amir Houmansadr

Krzysztof Szczypiorski

Acknowledgments

Wojciech Mazurczyk would like to thank his family for their love, encouragement, and continuous support. He is also grateful to all colleagues and co-workers with whom it was an honor to collaborate and who have contributed to the research presented in this book.

Steffen Wendzel would like to thank all his co-authors of the last years and Jaspreet Kaur for her contribution of aspects on countermeasures against steganographic control protocols.

Sebastian Zander would like to thank Grenville Armitage, Philip Branch, and Steven Murdoch for the fruitful collaborations and their contributions to some of the research presented in this book. Sebastian would also like to thank his family for their constant encouragement and support.

Amir Houmansadr would like to thank his wife, Saloumeh, for her immense support, his son, Ilya, for bringing joy to their lives, and the rest of his family for their love. He would also like to thank all of his collaborators who have contributed to the research presented in this book, including Nikita Borisov, Negar Kiyavash, and Vitaly Shmatikov.

Krzysztof Szczypiorski would like to thank Wojciech Mazurczyk, Józef Lubacz, Piotr Białczak, Krzysztof Cabaj, Roman Dygnarowicz, Wojciech Frimgczek, Iwona Grabska, Szymon Grabski, Marcin Gregorczyk, Bartosz Jankowski, Artur Janicki, Maciej Karaś, Bartosz Lipiński, Piotr Kopiczko, Paweł Radziszewski, Elimgbieta Rzeszutko, Miłosz Smolarczyk, Paweł Szaga, and Piotr Szafran for fruitful cooperation in the area of network steganography in the last 12 years.

Acronyms

AAL Ambient Assisted Living
AH Authentication Header
AODV Ad Hoc On-Demand Distance Vector
API Application Programming Interface
APT Advanced Persistent Threat
ARQ Automatic Repeat Request
BACnet Building Automation and Control Networking Protocol
BYOD Bring Your Own Device
C&C Command and Control
CCE Corrected Conditional Entropy
CCN Content-Centric Networks
CE Conditional Entropy
CFG Context-Free Grammar
CFT Covert Flow Tree
CFTP Covert File Transfer Protocol
CRC Cyclic Redundancy Check
CSLIP Compressed Serial Line Interface Protocol
CSMA/CD Carrier Sense Multiple Access/Collision Detection
CT Covert Transmission
CTS Clear to Send
DCT Discrete Cosine Transform
DDC Direct Digital Control
DF Don't Fragment
DHCP Dynamic Host Configuration Protocol
DHT Deep Hiding Techniques
DHT Distributed Hash Table
DLP Data Leakage Protection
DNS Domain Name System
DoD Department of Defense
DPI Deep-Packet Inspection
DRM Digital Rights Management
DSP Digital Signal Processor
DSSS Direct Sequence Spread Spectrum
DTS Direct Target Sampling
DWT Discrete Wavelet Transform
ECG Electrocardiogram
ESP Encapsulated Security Payload
FCFS First Come First Serve
FCS Frame Check Sequence
FPE Format-Preserving Encryption
FPGA Field-Programmable Gate Array
FPSCC FPS Covert Channel
FPS First Person Shooter
FR/R Fast Retransmit and Recovery
FTE Format Transforming Encryption
FTP File Transfer Protocol
GMM Gaussian Mixture Models
GPS Global Positioning System
GUI Graphical User Interfaces
HTML HyperText Markup Language
ICMP Internet Control Message Protocol
ICS Industrial Control System
IH Information Hiding
IoT Internet of Things
IP Internet Protocol, version 4 (also IPv4)
IPD Interpacket Delay
IPS Inter Protocol Steganography or Intrusion Prevention System
IPSec IP Security
IPv6 Internet Protocol, version 6
IRC Internet Relay Chat
ISN Initial Sequence Number
ISO International Organization for Standardization
ISP Internet Service Provider
JPEG Joint Photographic Experts Group
LACK Lost Audio Steganography
LAN Local Area Network
LSB Least Significant Bit
LTE Long-Term Evolution
MAC Medium Access Control
MFCC Mel-Frequency Cepstral Coefficients
MITM Man-in-the-Middle
ML Machine Learning
MLS Multilevel Security
MOS Mean Opinion Score
MPEG Motion Picture Experts Group
MSE Mean Squared Error
MS/TP Master–Slave/Token Passing
MTU Maximum Transmission Unit
NAAW Network-Aware Active Warden
NAT Network Address Translation
NEL Network Environment Learning
NOOP No Operation
NTP Network Time Protocol
OFDM Orthogonal Frequency-Division Multiplexing
OLSR Optimized Link-State Routing
ON Ordinary Nodes
OS Operating System
OSI Open Systems Interconnection
OSN Online Social Network
OT Overt Transmission
P2P Peer to Peer
PC Protocol Channel
PCAW Protocol Channel-Aware Active Warden
PDF Portable Document Format
PDU Protocol Data Unit
PEX Peer Exchange
PHCC Protocol Hopping Covert Channel
PLC Packet Loss Concealment
PLL Phase Lock Loop
PLPMTUD Packetization Layer Path MTU Discovery
PMTUD Path MTU Discovery
PSCC Protocol Switching Covert Channel
PSDU Physical Layer Service Data Unit
PSNR Peak Signal-to-Noise Ratio
PT Payload Type
QoC Quality of Covertness
QoS Quality of Service
RFC Request for Comments
RSTEG Retransmission Steganography
RTCP Real-Time Transport Control Protocol
RTO Retransmission Timeouts
RTP Real-Time Transport Protocol
RTS Request to Send
RTT Round-Trip Time
SACK Selective Acknowledgment
SAFP Store and Forward Protocol
SBC Session Border Controller
SCCT Smart Covert Channel Tool
SCTP Stream Control Transmission Protocol
SDP Session Description Protocol
SGH Steganogram Hopping
SIP Session Initiation Protocol
SkyDe Skype Hide
SN Super Nodes
SOHO Small Office Home Office
SoM Start of Message
SR Secret Receiver
SRM Shared Resource Matrix
SS Secret Sender
SSH Secure Shell
SVM Support Vector Machine
TCP Transmission Control Protocol
TLS Transport Layer Protocol
ToS Type of Service
ToU Type of Update
TranSteg Transcoding Steganography
TrustMAS Trusted Multiagent System
TTL Time to Live
TTO Traffic Type Obfuscation
UDP User Datagram Protocol
UGS Unsolicited Grant Service
UMTS Universal Mobile Telecommunications System
USB Universal Serial Bus
VoIP Voice over IP
VPN Virtual Private Network
VSC Virtual Sound Card
WEP Wired Equivalent Privacy
WiMAX Worldwide Interoperability for Microwave Access
WiPad Wireless Padding
WLAN Wireless Local Area Network