Voice over IP: A growing cadre of criminals is hiding secret messages

in voice data.From: "Voice Over IP: The VoIP Steganography Threat" . IEEE Spectrum. Retrieved 11 February 2010.Author: Józef Lubacz, Wojciech Mazurczyk, Krzysztof Szczypiorski .

1

Outline

• Steganography• Steganography threat• Network steganography technology.– HICCUPS (Hidden Communication System for

Corrupted Networks)– LACK(Lost Audio Packet Steganography)– Protocol Steganography for VoIP application

• Conclusion• Reference

2

Steganography

• Def: The communication of secret messages inside a perfectly innocent carrier.

• History– 494 B.C Histiaeus use Head TATTOO to send resistance

message.

• Limitation– The rule of thumb is that we can use 10 percent of

a carrier file’s size to smuggle data.

3

Steganography (cont.)

– Network steganography• The modern version steganography which hide

information using the protocol itself inside of using digital files.• Advantage:– Detecting their existence is nearly impossible. – The longer the communication is, the longer the

secret message we can send.

4

Steganography threat• Contradiction between threat and security?

In October 2001, the New York Times published an article claiming that al-Qaeda had used steganography to encode messages into images, and then transported these via e-mail and possibly via USENET to prepare and execute the September 11, 2001 terrorist attack.

5

Spy

Steal

Bad guy

VoIP

Steganographic message

Network steganography technology• LACK(Lost Audio Packet Steganography)– Hide information in packet delay.

• HICCUPS (Hidden Communication System for Corrupted Networks)– Disguise information as natural “distortion” or

noise.• Protocol Steganography for VoIP application– Hide information in unused data fields.

6

Lost Audio Packet Steganography• TCP/IP application layer steganography

technique.– Substitute RTP (Real-time Transport Protocol )

packet voice payload with bits of the steganogram.– Delay transmit the RTP packet which hide

steganogram.

• Detect way:– If the user tried to hide too many secret packets. It

cause suspicious packet delay.

7

Lost Audio Packet Steganography

8

Picture form [3]

Hidden Communication System for Corrupted Networks

• Work on wireless local area networks.• Use checksum to verify which frame has

steganogram.• Must have special hardware which do not discard

the frame with wrong checksum.• Very fast(200 Kbs/sec)• Detect:

– There are too many corrupted frame.– Detect the differences between the dropped and retransmitted

frames.

9

Protocol Steganography for VoIP application

• Protocol Steganography– A common name for a group of methods that use

another aspect of IP: packet header fields.

• Protocol Steganography for VoIP application– RTP Free/Unused Fields Steganograph.

10

Protocol Steganography for VoIP application

• RTP Free/Unused Fields Steganograph

11

Conclusion• Comparison of three mechanisms.

12

Type

Advantage Hardest to detectVery fast

Hardest to detect Hardest to detect

Shortage Difficult to use Lowest information density

Easiest to use

Performance 200 kilobits per second 160 bits per second 1–300 bits per second

Conclusion

• The anonymity of steganography might be good for privacy, but it also multiplies the threats to individuals, societies, and states.

13

Reference• [1]Józef Lubacz, Wojciech Mazurczyk, Krzysztof Szczypiorski (February 2010). "Vice

Over IP: The VoIP Steganography Threat" . IEEE Spectrum. Retrieved 11 February 2010.• [2]Wojciech Mazurczyk and Krzysztof Szczypiorski (November 2008). "Steganography

of VoIP Streams". Lecture Notes in Computer Science (LNCS) 5332, Springer-Verlag Berlin Heidelberg, Proc. of The 3rd International Symposium on Information Security (IS'08), Monterrey, Mexico. Retrieved 16 June 2010.

• [3]Wojciech Mazurczyk, Jozef Lubacz, Krzysztof Szczypiorski. “On Steganography in Lost Audio Packets.”

• [4] Szczypiorski, K.: HICCUPS: Hidden Communication System for Coruppted Networks. In Proc: The Tenth International MultiConference on Advanced Computer Systems ACS'2003. Midzyzdroje. 22-24 October 2004. pp. 31-40

• [5] http://en.wikipedia.org/wiki/Real-time_Transport_Protocol• [6] Steganography of VoIP Streams. In: R. Meersman and Z. Tari (Eds.): OTM 2008, Part

II – Lecture Notes in Computer Science (LNCS) 5332, Springer-Verlag Berlin Heidelberg, Proc. of OnTheMove Federated Conferences and Workshops: The 3rd International Symposium on Information Security (IS'08), Monterrey, Mexico, November 9-14, 2008, pp. 1001-1018

14