Exploiting IP telephony with silence suppression for hidden data transfers
Sabine Schmidt , Wojciech Mazurczyk , Radoslaw Kulesza , Jörg Keller , Luca Caviglione
AbstractInformation hiding is increasingly used by malware for creating covert channels to exfiltrate data, orchestrate attacks, as well as to download additional code for extending its functionalities at runtime. Since the popularity of the carrier used for embedding secrets is fundamental to guarantee a suitable degree of stealthiness, this paper investigates how to create a covert channel within ubiquitous Voice over IP (VoIP) conversations. Specifically, we propose to hide information in fake RTP packets generated during silence intervals obtained by transforming a VoIP stream with Voice Activity Detection (VAD) into a non-VAD one. Experimental results collected in different scenarios indicate that embedding a covert channel in the VAD-activated VoIP stream offers a good trade-off between stealthiness and steganographic bandwidth. Guidelines to detect and mitigate information-hiding-capable threats targeting IP telephony applications are also provided.
|Journal series||Computers & Security, ISSN 0167-4048, (A 30 pkt)|
|Publication size in sheets||0.75|
|Keywords in Polish||Ukrywanie informacji, ukryty kanał sieciowy, telefonia VoIP IP, steganografia sieci, bezpieczeństwo sieci|
|Keywords in English||Information hiding, Network covert channel, VoIP IP telephony, Network steganography, Network security|
|Score|| = 30.0, 14-09-2018, ArticleFromJournal|
= 30.0, 14-09-2018, ArticleFromJournal
|Publication indicators||: 2016 = 2.849 (2) - 2016=2.943 (5)|
* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.