HICCUPS: Hidden
Communication System
for Corrupted Networks
From: The Tenth International MultiConference on
Advanced Computer Systems ACS'2003. Midzyzdroje. 2224 October 2004. pp. 31-40
Author: KRZYSZTOF SZCZYPIORSKI
1
Outline
What is HICCUPS?
 IEEE LAN RM vs.
TCP/IP Protocol Suite
 HICCUPS OPERATION
 Functional Parts of HICCUPS
 Performance of HICCUPS
 Conclusion
 Reference

2
What is HICCUPS?

Hidden Communication System
for Corrupted Networks
•
Work on wireless local area networks.
Use checksum to verify which frame has
steganogram.
Must have special hardware which do not
discard the frame with wrong checksum.
•
•
3
IEEE LAN RM vs.
TCP/IP Protocol Suite
4
HICCUPS OPERATION

It is possible to create three hidden data
channels (HDC) in MAC frame in networks

HDC1: channel based on cipher’s initialization
vectors.

HDC2: channel based on MAC network
addresses (for example destination and source).

HDC3: channel based on integrity mechanism
values (for example frame checksums).
5
HICCUPS OPERATION(Cont.)
6
HICCUPS OPERATION(Cont.)

http://www.youtube.com/watch?feature=p
layer_embedded&v=OWmZBwoI0o0
7
Functional Parts of HICCUPS

FP1: network cards dedicated.
Network cards should have possibility to
control HDC1-HDC3 and data payload in
MAC frame.

FP2: management system to control
HDC1-HDC3 and data payload in
MAC frame
8
Functional Parts of HICCUPS
(Cont.)
The management system (P2) may be
produced in software or hardware and
should perform functions mentioned below:
· joining hidden group,
· leaving hidden group,
· providing interface to upper network layer
to control HDC1-HDC3 and data payload in
MAC frame,with cryptographic extension:
· key agreement/key exchange,
· key refresh,
· encryption/decryption.

9
Performance of HICCUPS

assuming that real FER is 1.5%, stations may
pretend that FER is 2.5%.

For 11 Mbit/s IEEE 802.11b network [5] with
40% usage of bandwidth we have:
11 Mbit/s· 40%· (2.5%-1.5%) = 44 kbit/s
for steganographic system.

For 54 Mbit/s IEEE 802.11g network [6]
we have: 216 kbit/s.

10
Conclusion

HICCUPS is a new network
steganographic systemdedicated to shared
medium networks especially to WLAN

Advantage:Very fast(200 Kbs/sec)

Disadvantage:
– There are too many corrupted frame.
– Must have special hardware which do not discard the
frame with wrong checksum.
11
Reference







[1] Szczypiorski, K.: HICCUPS: Hidden Communication System for
Coruppted Networks. In Proc: The Tenth International
MultiConference on Advanced Computer Systems ACS'2003.
Midzyzdroje. 22-24 October 2004. pp. 31-40
[2]http://en.wikipedia.org/wiki/Stegenography
[3] Krzysztof Szczypiorski (4 November 2003). "Steganography in
TCP/IP Networks. State of the Art and a Proposal of a New System
- HICCUPS". Institute of Telecommunications Seminar. Retrieved 17
June 2010.
[4] http://stegano.net/tutorial/steg-met.html
[5] IEEE 802.11b-1999 Supplement to 802.11-1999,Wireless LAN
MAC and PHY specifications: Higher speed Physical Layer (PHY)
extension in the 2.4 GHz band
[6] IEEE 802.11b-1999 Supplement to 802.11-1999,Wireless LAN
MAC and PHY
specifications: Higher speed Physical Layer (PHY) extension in the
2.4 GHz band
12
Q &A
13