CNR Institutional Research Information System

Information hiding is increasingly used by malware for creating covert channels to exfiltrate data, orchestrate attacks, as well as to download additional code for extending its functionalities at runtime. Since the popularity of the carrier used for embedding secrets is fundamental to guarantee a suitable degree of stealthiness, this paper investigates how to create a covert channel within ubiquitous Voice over IP (VoIP) conversations. Specifically, we propose to hide information in fake RTP packets generated during silence intervals obtained by transforming a VoIP stream with Voice Activity Detection (VAD) into a non-VAD one. Experimental results collected in different scenarios indicate that embedding a covert channel in the VAD-activated VoIP stream offers a good trade-off between stealthiness and steganographic bandwidth. Guidelines to detect and mitigate information-hiding-capable threats targeting IP telephony applications are also provided.

Exploiting IP telephony with silence suppression for hidden data transfers

L Caviglione
2018

Abstract

Information hiding is increasingly used by malware for creating covert channels to exfiltrate data, orchestrate attacks, as well as to download additional code for extending its functionalities at runtime. Since the popularity of the carrier used for embedding secrets is fundamental to guarantee a suitable degree of stealthiness, this paper investigates how to create a covert channel within ubiquitous Voice over IP (VoIP) conversations. Specifically, we propose to hide information in fake RTP packets generated during silence intervals obtained by transforming a VoIP stream with Voice Activity Detection (VAD) into a non-VAD one. Experimental results collected in different scenarios indicate that embedding a covert channel in the VAD-activated VoIP stream offers a good trade-off between stealthiness and steganographic bandwidth. Guidelines to detect and mitigate information-hiding-capable threats targeting IP telephony applications are also provided.
2018
Istituto di Matematica Applicata e Tecnologie Informatiche - IMATI -
Inglese
WOS:000448099400002
79
17
32
2-s2.0-85052724379
https://www.sciencedirect.com/science/article/pii/S0167404818305777
Sì, ma tipo non specificato
Covert Channel
VoIP
Information Hiding
Network Security
Received 21 May 2018, Revised 5 August 2018, Accepted 20 August 2018, Available online 27 August 2018
5
info:eu-repo/semantics/article
262
Schmidt, S; Mazurczyk, W; Kulesza, R; Keller, J; Caviglione, L
01 Contributo su Rivista::01.01 Articolo in rivista
partially_open
01.01 Articolo in rivista
File in questo prodotto:
File Dimensione Formato  
prod_390856-doc_149006.pdf

accesso aperto

Descrizione: Exploiting IP telephony with silence suppression for hidden data transfers
Tipologia: Versione Editoriale (PDF)
Dimensione 1.05 MB
Formato Adobe PDF
Visualizza/Apri
1.05 MB Adobe PDF Visualizza/Apri
prod_390856-doc_149042.pdf

solo utenti autorizzati

Descrizione: Exploiting IP telephony with silence suppression for hidden data transfers
Tipologia: Versione Editoriale (PDF)
Dimensione 1.38 MB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
1.38 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/370629
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 17
  • ???jsp.display-item.citation.isi??? 13
social impact