Exploiting IP telephony with silence suppression for hidden data transfers

Sabine Schmidt , Wojciech Mazurczyk , Radoslaw Kulesza , Jörg Keller , Luca Caviglione


Information hiding is increasingly used by malware for creating covert channels to exfiltrate data, orchestrate attacks, as well as to download additional code for extending its functionalities at runtime. Since the popularity of the carrier used for embedding secrets is fundamental to guarantee a suitable degree of stealthiness, this paper investigates how to create a covert channel within ubiquitous Voice over IP (VoIP) conversations. Specifically, we propose to hide information in fake RTP packets generated during silence intervals obtained by transforming a VoIP stream with Voice Activity Detection (VAD) into a non-VAD one. Experimental results collected in different scenarios indicate that embedding a covert channel in the VAD-activated VoIP stream offers a good trade-off between stealthiness and steganographic bandwidth. Guidelines to detect and mitigate information-hiding-capable threats targeting IP telephony applications are also provided.
Author Sabine Schmidt - University of Hagen (fernuni-hagen)
Sabine Schmidt,,
, Wojciech Mazurczyk (FEIT / IT)
Wojciech Mazurczyk,,
- The Institute of Telecommunications
, Radoslaw Kulesza (FEIT / IT)
Radoslaw Kulesza,,
- The Institute of Telecommunications
, Jörg Keller - University of Hagen (fernuni-hagen)
Jörg Keller,,
, Luca Caviglione - National Research Council of Italy (CNR)
Luca Caviglione,,
Journal seriesComputers & Security, ISSN 0167-4048, (A 30 pkt)
Issue year2018
NoNovember 2018
Publication size in sheets0.75
Keywords in PolishUkrywanie informacji, ukryty kanał sieciowy, telefonia VoIP IP, steganografia sieci, bezpieczeństwo sieci
Keywords in EnglishInformation hiding, Network covert channel, VoIP IP telephony, Network steganography, Network security
ASJC Classification3308 Law; 1700 General Computer Science
URL https://www.sciencedirect.com/science/article/pii/S0167404818305777#
projectThe Develpment of Digital Communicatios. Project leader: Siuzdak Jerzy, , Phone: +48 22 234-7868, start date 07-06-2017, end date 30-11-2018, IT/2017/statut, Completed
WEiTI Działalność statutowa
Languageen angielski
2018 Mazurczyk Exploiting IP telephony with silence.pdf 1.25 MB
Score (nominal)30
ScoreMinisterial score = 30.0, 03-04-2019, ArticleFromJournal
Ministerial score (2013-2016) = 30.0, 03-04-2019, ArticleFromJournal
Publication indicators Scopus SNIP (Source Normalised Impact per Paper): 2016 = 2.217; WoS Impact Factor: 2017 = 2.65 (2) - 2017=2.862 (5)
Citation count*
Share Share

Get link to the record

* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.