Steganography of VoIP Streams

Download Report

Transcript Steganography of VoIP Streams

Steganography
of VoIP Streams
From:
Proceedings of the OTM 2008 Confederated
International Conferences, CoopIS, DOA, GADA,
IS, and ODBASE 2008. Part II on On the Move to
Meaningful Internet Systems.
Authors:
Wojciech Mazurczyk, Krzysztof Szczypiorski
(Warsaw University of Technology, Faculty of
Electronics and Information Technology)
1
VoIP(Voice over IP)
Communication Flow
• Signalling protocols: SIP(Session Initiation Protocol)、
H.323
• Transport protocols: RTP (Real-time Transport
Protocol)
• Speech codecs: G711、G729、G723.1
• Other supplementary protocols: RCTP (Real-time
Control Transport Protocol)
o Specify quality of service (QoS) feedback and synchronization between
the media streams.
2
VoIP(Voice over IP) Communication Flow
SIP server
VoIP call setup based on SIP/RTP/RCTP protocols.
Picture from http://www.voipforo.com/en/SIP/SIP_example.php
3
Communication
steganography
• Exist
o IP/TCP/UDP protocols steganography
o Audio watermarking
o Medium dependent steganography
• New mechanisms
o LACK(Lost Audio Packets Steganography)
o RTP(Real Time Protocol) protocol steganography
4
IP/TCP/UDP protocols
steganography
•
The unused fields can hide something.
TCP and IP header
Picture from http://technet.microsoft.com/en-us/library/cc750854.aspx
5
IP/TCP/UDP protocols
steganography
•Measure the bandwidth.
o PRBRNS (Packet Raw Bit Rate) [bits/packet]: How much information may
be covertly sent in one packet.
o SB0: Total amount of bits that can be covert send in the fields of the first
packet.
o SBj: Total amount of bits that can be covertly sent in the fields of the
following packets
o l is number of packets send besides first packet.
6
Audio Watermarking
• Using audio watermarking algorithm to hide some
information into audio.
• If covert data rate is too high it may cause voice
quality deterioration and increased risk of
detection.
7
RTP steganography
• RTP header
8
RTP steganography
• Unused/ Free fields steganography
o Padding field (P) is set, the packet contains one or more additional
padding octets at the end of header which are not a part of the payload.
o Extension header (when X bit is set) , similar situation as with the padding
mechanism, a variable-length header extension may be used
• SRTP steganography
o RBRSRTP (Raw Bit Rate): bandwidth of the covert channel created by RTP
security mechanism steganography (in bits/s),
o SBAT is total amount of bits in authentication tag for SRTP protocol
(typically 80 or 32 bits),
o Ip describes voice packet generation interval, in miliseconds (typically
from 10 to 60 ms).
9
LACK(Lost Audio Packets
Steganography)
• Characteristic
o At the transmitter, some selected audio packets are intentionally delayed
before transmitting.
o If the delay of such packets at the receiver is considered excessive, the
packets are discarded by a receiver not aware of the steganographic
procedure.
o The payload of the intentionally delayed packets is used to transmit secret
information to receivers aware of the procedure.
• How to know which packet is intentionally delayed?
o
o
o
o
o
d1: speech codec processing delay,
d2: codec algorithm delay,
d3: packetization delay.
d4: de-jitter buffer delay
10
LACK(Lost Audio Packets
Steganography)
• What probability of intentional delay is acceptable?
o
pT : total packet loss probability in the IP network that offers VoIP service
with the utilizing of delayed audio packets.
o pN: network packet loss probability.
o pi: maximum probability of the packet loss for delayed audio packets.
o
o
• Bandwidth(Row Bit Rate)
o
o r: speech codec rate.
11
Summary
• Introduce two new steganographic method:
o RTP and RTCP protocols steganography.
o LACK
• Comparison:
12
Reference
•
•
•
•
Fisk, G., Fisk, M., Papadopoulos, C., Neil, J.: Eliminating Steganography in
Internet Traffic with Active Wardens. In Proc. of: 5th International Workshop on
Information Hiding, Lecture Notes in Computer Science, 2578, 18–35 (2002)
Johnston, A., Donovan, S., Sparks, R., Cunningham, C., Summers, K.: Session
Initiation Protocol (SIP) Basic Call Flow Examples. IETF, RFC 3665 (2003)
http://omen.cs.unimagdeburg.de/cms/upload/lehre/sommer05/audio_watermarking_techniqu
es.pdf
http://en.wikipedia.org/wiki/Steganography
13
Q&A
14
Def.
• Steganography: The art and science of writing
hidden messages in such a way that no one, apart
from the sender and intended recipient, suspects
the existence of the message, a form of security
through obscurity.
• Jitter: The variability over time of the packet latency
across a network.
15