Voice over IP: A growing cadre of criminals is hiding secret messages in voice data. From: "Voice Over IP: The VoIP Steganography Threat" . IEEE Spectrum. Retrieved 11 February 2010. Author: Józef Lubacz, Wojciech Mazurczyk, Krzysztof Szczypiorski . 1 Outline • Steganography • Steganography threat • Network steganography technology. – HICCUPS (Hidden Communication System for Corrupted Networks) – LACK(Lost Audio Packet Steganography) – Protocol Steganography for VoIP application • Conclusion • Reference 2 Steganography • Def: The communication of secret messages inside a perfectly innocent carrier. • History – 494 B.C Histiaeus use Head TATTOO to send resistance message. • Limitation – The rule of thumb is that we can use 10 percent of a carrier file’s size to smuggle data. 3 Steganography (cont.) – Network steganography • The modern version steganography which hide information using the protocol itself inside of using digital files. • Advantage: – Detecting their existence is nearly impossible. – The longer the communication is, the longer the secret message we can send. 4 Steganography threat • Contradiction between threat and security? In October 2001, the New York Times published an article claiming that al-Qaeda had used steganography to encode messages into images, and then transported these via e-mail and possibly via USENET to prepare and execute the September 11, 2001 terrorist attack. Steal Steganographic message VoIP Spy Bad guy 5 Network steganography technology • LACK(Lost Audio Packet Steganography) – Hide information in packet delay. • HICCUPS (Hidden Communication System for Corrupted Networks) – Disguise information as natural “distortion” or noise. • Protocol Steganography for VoIP application – Hide information in unused data fields. 6 Lost Audio Packet Steganography • TCP/IP application layer steganography technique. – Substitute RTP (Real-time Transport Protocol ) packet voice payload with bits of the steganogram. – Delay transmit the RTP packet which hide steganogram. • Detect way: – If the user tried to hide too many secret packets. It cause suspicious packet delay. 7 Lost Audio Packet Steganography Picture form [3] 8 Hidden Communication System for Corrupted Networks • Work on wireless local area networks. • Use checksum to verify which frame has steganogram. • Must have special hardware which do not discard the frame with wrong checksum. • Very fast(200 Kbs/sec) • Detect: – There are too many corrupted frame. – Detect the differences between the dropped and retransmitted frames. 9 Protocol Steganography for VoIP application • Protocol Steganography – A common name for a group of methods that use another aspect of IP: packet header fields. • Protocol Steganography for VoIP application – RTP Free/Unused Fields Steganograph. 10 Protocol Steganography for VoIP application • RTP Free/Unused Fields Steganograph 11 Conclusion • Comparison of three mechanisms. T y p e Advantage Hardest to detect Very fast Hardest to detect Hardest to detect Shortage Difficult to use Lowest information density Easiest to use Performance 200 kilobits per second 160 bits per second 1–300 bits per second 12 Conclusion • The anonymity of steganography might be good for privacy, but it also multiplies the threats to individuals, societies, and states. 13 Reference • • • • • • [1]Józef Lubacz, Wojciech Mazurczyk, Krzysztof Szczypiorski (February 2010). "Vice Over IP: The VoIP Steganography Threat" . IEEE Spectrum. Retrieved 11 February 2010. [2]Wojciech Mazurczyk and Krzysztof Szczypiorski (November 2008). "Steganography of VoIP Streams". Lecture Notes in Computer Science (LNCS) 5332, Springer-Verlag Berlin Heidelberg, Proc. of The 3rd International Symposium on Information Security (IS'08), Monterrey, Mexico. Retrieved 16 June 2010. [3]Wojciech Mazurczyk, Jozef Lubacz, Krzysztof Szczypiorski. “On Steganography in Lost Audio Packets.” [4] Szczypiorski, K.: HICCUPS: Hidden Communication System for Coruppted Networks. In Proc: The Tenth International MultiConference on Advanced Computer Systems ACS'2003. Mi dzyzdroje. 22-24 October 2004. pp. 31-40 [5] http://en.wikipedia.org/wiki/Real-time_Transport_Protocol [6] Steganography of VoIP Streams. In: R. Meersman and Z. Tari (Eds.): OTM 2008, Part II – Lecture Notes in Computer Science (LNCS) 5332, Springer-Verlag Berlin Heidelberg, Proc. of OnTheMove Federated Conferences and Workshops: The 3rd International Symposium on Information Security (IS'08), Monterrey, Mexico, November 9-14, 2008, pp. 1001-1018 14