Communications - Scientific Letters of the University of Zilina 2016, 18(1):40-47 | DOI: 10.26552/com.C.2016.1.40-47

Covert Channel in RTP Payload Using a Pointer in Sip Header

Miroslav Voznak1, Ivo Zbranek1, Miralem Mehic1, Dan Komosny2, Homero Toral-Cruz3, Jerry Chun-Wei Lin4
1 VSB-Technical University of Ostrava, Czech Republic
2 Brno University of Technology, Czech Republic
3 University of Quintana Roo, Mexico
4 School of Computer Science and Technology, Harbin Institute of Technology Shenzhen Graduate School, Shenzhen, China

The paper addresses the issue of hiding data in the network flow. The authors discuss a new proposal of the steganographic approach in IP telephony: transmitting texts using the pointer in the SIP header by means of a data stream within the RTP protocol. This method is based on tagging the binary sequences in payload of the RTP packets, with the individual binary sequences representing individual steganogram characters. Subsequently, the position of the binary sequences is recorded in the SIP header in the Via field and the branch parameter. The proposed way of hidden data transmission cannot be detected by existing anomaly detectors; and does not represent an approach to statistical detection of covert channels. In fact, it is a new contribution to covert communication in ordinary VoIP traffic.

Keywords: steganography; VoIP; RTP; payload; SIP; pointer

Published: February 29, 2016  Show citation

ACS AIP APA ASA Harvard Chicago Chicago Notes IEEE ISO690 MLA NLM Turabian Vancouver
Voznak, M., Zbranek, I., Mehic, M., Komosny, D., Toral-Cruz, H., & Lin, J.C. (2016). Covert Channel in RTP Payload Using a Pointer in Sip Header. Communications - Scientific Letters of the University of Zilina18(1), 40-47. doi: 10.26552/com.C.2016.1.40-47
Share...
Download citation
  • BibTeX (.bib)
  • Bookends (.ris)
  • EasyBib (.ris)
  • EndNote (.enw)
  • EndNote 8 (.xml)
  • ISI WoS (.isi)
  • Medlars (.medlars)
  • Mendeley (.ris)
  • MODS (.xml)
  • Papers (.ris)
  • RefWorks (.txt)
  • RefManager (.ris)
  • RIS (.ris)
  • MS Word (.xml)
  • Zotero (.ris)
    • Open full article

    References

    1. KLIMO, M., KOVACIKOVA, T., SEGEC, P.: Selected Issues of IP Telephony. Communications - Scientific Letters of the University Of Zilina, 6 (4), 2004, 63-70. Go to original source...
    2. MAZURCZYK, W., SZCZYPIORSKI, K.: Steganography of VOIP Streams, Lecture Notes in Computer Science, 5332 LNCS (PART 2), 2008, 1001-1018. Go to original source...
    3. MAZURCZYK, W., SZAGA, P., SZCZYPIORSKI, K.: Using Transcoding for Hidden Communication in IP Telephony. Multimedia Tools and Applications, 70 (3), 2014, 2139-2165. Go to original source...
    4. NEVLUD, P., BURES, M., KAPICAK, L., ZDRALEK, J.: Anomaly-Based Network Intrusion Detection Methods. Advances in Electrical and Electronic Engineering, 11 (6), 2013, 468-474. Go to original source...
    5. VOZNAK, M., SAFARIK, J., REZAC, F.: Threat Prevention and Intrusion Detection in VOIP Infrastructures. International J. of Mathematics and Computers in Simulation, 7 (1), 2013, 69-76.
    6. BERK, V., GIANI, A., CYBENKO, G.: Detection of Covert Channel Encoding in Network Packet Delays. Dartmouth College : Hanover, Technical Report TR536, 2005.
    7. LAMPSON, B.W.: Note on the Confinement Problem, Communications of the ACM, 16 (10), 1973, 613-615. Go to original source...
    8. JANICKI, A., MAZURCZYK, W., SZCZYPIORSKI, K.: Steganalysis of Transcoding Steganography. Annales des Telecommunications/Annals of Telecommunications, 69 (7-8), 2014, 449-460. Go to original source...
    9. MAZURCZYK, W., KOTULSKI, Z.: New VOIP Traffic Security Scheme with Digital Watermarking. Lecture Notes in Computer Science, 4166 LNCS, 2006, 170-181. Go to original source...
    10. SZCZYPIORSKI, K. HICCUPS: Hidden Communication System for Corrupted Networks. Proc. of Intern. multi-conference on Advanced Computer Systems, October 2004, 31-40.
    11. SAFARIK, J., VOZNAK, M., REZAC, F., MACURA, L.: IP Telephony Server Emulation for Monitoring and Analysis of Malicious Activity in VOIP Network. Communications - Scientific Letters of the University of Zilina, 15 (2A), 2013, 191-196. Go to original source...
    12. REZAC, F., VOZNAK, M., TOMALA, K., ROZHON, J., VYCHODIL, J.: Security Analysis System to Detect Threats on a Sip VOIP Infrastructure Elements. Advances in Electrical and Electronic Engineering, 9 (5), 2011, 225-232. Go to original source...
    13. MEHIC, M., SLACHTA, J., VOZNAK, M.: Hiding Data in SIP Session, Proc. of 38th Intern. Conference on Telecommunications and Signal Processing (TSP), 2015, 1-5, doi: 10.1109/TSP.2015.7296445. Go to original source...
    14. MEHIC, M., MIKULEC, M., VOZNAK, M., KAPICAK, L.: Creating Covert Channel using SIP. Communications in Computer and Information Science, 429, 2014, 182-192. Go to original source...
    15. ASCII CONVERSION CHART, online available url https://designthatsit.files.wordpress.com/2013/12/ascii20conversion20chart.gif.

    This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.


    Return to the content