Exploiting IP telephony with silence suppression for hidden data transfers

Sabine Schmidt , Wojciech Mazurczyk , Radoslaw Kulesza , Jörg Keller , Luca Caviglione

Abstract

Information hiding is increasingly used by malware for creating covert channels to exfiltrate data, orchestrate attacks, as well as to download additional code for extending its functionalities at runtime. Since the popularity of the carrier used for embedding secrets is fundamental to guarantee a suitable degree of stealthiness, this paper investigates how to create a covert channel within ubiquitous Voice over IP (VoIP) conversations. Specifically, we propose to hide information in fake RTP packets generated during silence intervals obtained by transforming a VoIP stream with Voice Activity Detection (VAD) into a non-VAD one. Experimental results collected in different scenarios indicate that embedding a covert channel in the VAD-activated VoIP stream offers a good trade-off between stealthiness and steganographic bandwidth. Guidelines to detect and mitigate information-hiding-capable threats targeting IP telephony applications are also provided.
Author Sabine Schmidt - University of Hagen (fernuni-hagen)
Sabine Schmidt,,
-
, Wojciech Mazurczyk (FEIT / IT)
Wojciech Mazurczyk,,
- The Institute of Telecommunications
, Radoslaw Kulesza (FEIT / IT)
Radoslaw Kulesza,,
- The Institute of Telecommunications
, Jörg Keller - University of Hagen (fernuni-hagen)
Jörg Keller,,
-
, Luca Caviglione - National Research Council of Italy (CNR)
Luca Caviglione,,
-
Journal seriesComputers & Security, ISSN 0167-4048, (A 30 pkt)
Issue year2018
Vol79
NoNovember 2018
Pages17-32
Publication size in sheets0.75
Keywords in PolishUkrywanie informacji, ukryty kanał sieciowy, telefonia VoIP IP, steganografia sieci, bezpieczeństwo sieci
Keywords in EnglishInformation hiding, Network covert channel, VoIP IP telephony, Network steganography, Network security
DOIDOI:10.1016/j.cose.2018.08.006
URL https://www.sciencedirect.com/science/article/pii/S0167404818305777#
Languageen angielski
File
2018 Mazurczyk Exploiting IP telephony with silence.pdf 1.25 MB
Score (nominal)30
ScoreMinisterial score = 30.0, 14-09-2018, ArticleFromJournal
Ministerial score (2013-2016) = 30.0, 14-09-2018, ArticleFromJournal
Publication indicators WoS Impact Factor: 2016 = 2.849 (2) - 2016=2.943 (5)
Citation count*
Cite
Share Share

Get link to the record


* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Back