Hiding Data in a Switched Network

Aleksandra Mileva⁺ and Jordan Tikvesanski

 University “Goce Delcev” Stip, Republic of N. Macedonia
{aleksandra.mileva, jordan.tikvesanski}@ugd.edu.mk

Abstract

This paper presents two novel methods for hiding data in Cisco switches as intermediate innocent devices, from the entire VTP domain. New steganographic methods affect the switches in the distribution and access layer of the three - tier hierarchical network model. They are using a combination of Switched spoofing VLAN attack (a kind of VLAN hopping), and a version of “VTP bomb” attack, to trigger the cover storage and transfer. An experimental testbed was created for a proof-of-concept and a steganographic analysis of the newly created covert channels is performed. At the end, proper countermeasures are suggested.

Keywords: VTP, Covert channels, VLAN Trunking Protocol, Network steganography

+: Corresponding author: Aleksandra Mileva
Faculty of Computer Science, University “Goce Delcev”, “Krste Misirkov” 10-A, Stip, 2000, Republic of N. Macedonia, Tel: +389-32-550-106

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)
Vol. 13, No. 3, pp. 37-49, September 2022 [pdf]

Received: May 29, 2022; Accepted: August 22, 2022; Published: September 30, 2022

DOI: 10.22667/JOWUA.2022.09.30.037