A Security Model for VoIP Steganography

advertisement
Voice over IP: A growing cadre of
criminals is hiding secret messages
in voice data.
From: "Voice Over IP: The VoIP Steganography Threat" . IEEE
Spectrum. Retrieved 11 February 2010.
Author: Józef Lubacz, Wojciech Mazurczyk, Krzysztof
Szczypiorski .
1
Outline
• Steganography
• Steganography threat
• Network steganography technology.
– HICCUPS (Hidden Communication System for
Corrupted Networks)
– LACK(Lost Audio Packet Steganography)
– Protocol Steganography for VoIP application
• Conclusion
• Reference
2
Steganography
• Def: The communication of secret messages
inside a perfectly innocent carrier.
• History
– 494 B.C Histiaeus use Head TATTOO to send resistance
message.
• Limitation
– The rule of thumb is that we can use 10 percent of
a carrier file’s size to smuggle data.
3
Steganography (cont.)
– Network steganography
• The modern version steganography which hide
information using the protocol itself inside of using
digital files.
• Advantage:
– Detecting their existence is nearly impossible.
– The longer the communication is, the longer the
secret message we can send.
4
Steganography threat
• Contradiction between threat and security?
In October 2001, the New York Times published an article claiming that al-Qaeda
had used steganography to encode messages into images, and then transported
these via e-mail and possibly via USENET to prepare and execute the September
11, 2001 terrorist attack.
Steal
Steganographic message
VoIP
Spy
Bad guy
5
Network steganography technology
• LACK(Lost Audio Packet Steganography)
– Hide information in packet delay.
• HICCUPS (Hidden Communication System for
Corrupted Networks)
– Disguise information as natural “distortion” or
noise.
• Protocol Steganography for VoIP application
– Hide information in unused data fields.
6
Lost Audio Packet Steganography
• TCP/IP application layer steganography
technique.
– Substitute RTP (Real-time Transport Protocol )
packet voice payload with bits of the steganogram.
– Delay transmit the RTP packet which hide
steganogram.
• Detect way:
– If the user tried to hide too many secret packets. It
cause suspicious packet delay.
7
Lost Audio Packet Steganography
Picture form [3]
8
Hidden Communication System for
Corrupted Networks
• Work on wireless local area networks.
• Use checksum to verify which frame has
steganogram.
• Must have special hardware which do not discard
the frame with wrong checksum.
• Very fast(200 Kbs/sec)
• Detect:
– There are too many corrupted frame.
– Detect the differences between the dropped and retransmitted
frames.
9
Protocol Steganography for VoIP
application
• Protocol Steganography
– A common name for a group of methods that use
another aspect of IP: packet header fields.
• Protocol Steganography for VoIP application
– RTP Free/Unused Fields Steganograph.
10
Protocol Steganography for VoIP
application
• RTP Free/Unused Fields Steganograph
11
Conclusion
• Comparison of three mechanisms.
T y p e
Advantage
Hardest to detect
Very fast
Hardest to detect
Hardest to detect
Shortage
Difficult to use
Lowest information
density
Easiest to use
Performance
200 kilobits per second
160 bits per second
1–300 bits per second
12
Conclusion
• The anonymity of steganography might be
good for privacy, but it also multiplies the
threats to individuals, societies, and states.
13
Reference
•
•
•
•
•
•
[1]Józef Lubacz, Wojciech Mazurczyk, Krzysztof Szczypiorski (February 2010). "Vice Over
IP: The VoIP Steganography Threat" . IEEE Spectrum. Retrieved 11 February 2010.
[2]Wojciech Mazurczyk and Krzysztof Szczypiorski (November 2008). "Steganography of
VoIP Streams". Lecture Notes in Computer Science (LNCS) 5332, Springer-Verlag Berlin
Heidelberg, Proc. of The 3rd International Symposium on Information Security (IS'08),
Monterrey, Mexico. Retrieved 16 June 2010.
[3]Wojciech Mazurczyk, Jozef Lubacz, Krzysztof Szczypiorski. “On Steganography in Lost
Audio Packets.”
[4] Szczypiorski, K.: HICCUPS: Hidden Communication System for Coruppted Networks.
In Proc: The Tenth International MultiConference on Advanced Computer Systems
ACS'2003. Mi dzyzdroje. 22-24 October 2004. pp. 31-40
[5] http://en.wikipedia.org/wiki/Real-time_Transport_Protocol
[6] Steganography of VoIP Streams. In: R. Meersman and Z. Tari (Eds.): OTM 2008, Part
II – Lecture Notes in Computer Science (LNCS) 5332, Springer-Verlag Berlin Heidelberg,
Proc. of OnTheMove Federated Conferences and Workshops: The 3rd International
Symposium on Information Security (IS'08), Monterrey, Mexico, November 9-14, 2008,
pp. 1001-1018
14
Download