Introducing Dead Drops to Network Steganography using ARP-Caches and SNMP-Walks

Schmidbauer, Tobias and Wendzel, Steffen and Mileva, Aleksandra and Mazurczyk, Wojciech (2019) Introducing Dead Drops to Network Steganography using ARP-Caches and SNMP-Walks. In: The Third International Workshop on Criminal Use of Information Hiding (CUING 2019) at ARES 2019, August 26 – August 29, 2019, Canterbury, UK.

Full text not available from this repository.


Network covert channels enable various secret data exchange scenarios among two or more secret parties via a communication network. The diversity of the existing network covert channel techniques has rapidly increased due to research during the last couple of years and most of them share the same characteristics, i.e., they require a direct communication between the participating partners. However, it is sometimes simply not possible or it can raise suspicions to communicate directly. That is why, in this paper we introduce a new concept we call “dead drop”, i.e., a covert network storage which does not depend on the direct network traffic exchange between covert communication sides. Instead, the covert sender stores secret information in the ARP (Address Resolution Protocol) cache of an unaware host that is not involved in the hidden data exchange. Thus, the ARP cache is used as a covert network storage and the accumulated information can then be extracted by the covert receiver using SNMP (Simple Network Management Protocol).

Item Type: Conference or Workshop Item (Paper)
Subjects: Natural sciences > Computer and information sciences
Divisions: Faculty of Computer Science
Depositing User: Aleksandra Mileva
Date Deposited: 27 Aug 2019 12:03
Last Modified: 27 Aug 2019 12:03

Actions (login required)

View Item View Item