SecMon: End-to-End Quality and Security Monitoring System

The Voice over Internet Protocol (VoIP) is becoming a more available and popular way of communicating for Internet users. This also applies to Peer-to-Peer (P2P) systems and merging these two have already proven to be successful (e.g. Skype). Even the existing standards of VoIP provide an assurance of security and Quality of Service (QoS), however, these features are usually optional and supported by limited number of implementations. As a result, the lack of mandatory and widely applicable QoS and security guaranties makes the contemporary VoIP systems vulnerable to attacks and network disturbances. In this paper we are facing these issues and propose the SecMon system, which simultaneously provides a lightweight security mechanism and improves quality parameters of the call. SecMon is intended specially for VoIP service over P2P networks and its main advantage is that it provides authentication, data integrity services, adaptive QoS and (D)DoS attack detection. Moreover, the SecMon approach represents a low-bandwidth consumption solution that is transparent to the users and possesses a self-organizing capability. The above-mentioned features are accomplished mainly by utilizing two information hiding techniques: digital audio watermarking and network steganography. These techniques are used to create covert channels that serve as transport channels for lightweight QoS measurement's results. Furthermore, these metrics are aggregated in a reputation system that enables best route path selection in the P2P network. The reputation system helps also to mitigate (D)DoS attacks, maximize performance and increase transmission efficiency in the network.Comment: Paper was presented at 7th international conference IBIZA 2008: On Computer Science - Research And Applications, Poland, Kazimierz Dolny 31.01-2.02 2008; 14 pages, 5 figure

Micro protocol engineering for unstructured carriers: On the embedding of steganographic control protocols into audio transmissions

Network steganography conceals the transfer of sensitive information within unobtrusive data in computer networks. So-called micro protocols are communication protocols placed within the payload of a network steganographic transfer. They enrich this transfer with features such as reliability, dynamic overlay routing, or performance optimization --- just to mention a few. We present different design approaches for the embedding of hidden channels with micro protocols in digitized audio signals under consideration of different requirements. On the basis of experimental results, our design approaches are compared, and introduced into a protocol engineering approach for micro protocols.Comment: 20 pages, 7 figures, 4 table

Using Transcoding for Hidden Communication in IP Telephony

The paper presents a new steganographic method for IP telephony called TranSteg (Transcoding Steganography). Typically, in steganographic communication it is advised for covert data to be compressed in order to limit its size. In TranSteg it is the overt data that is compressed to make space for the steganogram. The main innovation of TranSteg is to, for a chosen voice stream, find a codec that will result in a similar voice quality but smaller voice payload size than the originally selected. Then, the voice stream is transcoded. At this step the original voice payload size is intentionally unaltered and the change of the codec is not indicated. Instead, after placing the transcoded voice payload, the remaining free space is filled with hidden data. TranSteg proof of concept implementation was designed and developed. The obtained experimental results are enclosed in this paper. They prove that the proposed method is feasible and offers a high steganographic bandwidth. TranSteg detection is difficult to perform when performing inspection in a single network localisation.Comment: 17 pages, 16 figures, 4 table

An Exploration of covert channels within voice over IP

In the following thesis, an overview of covert channels within Voice over IP is given and then expanded upon by presenting an experiment which proves the ability to hide messages within the Session Initiation Protocol (SIP) and Session Description Protocol (SDP) of a Voice over IP packet. The plain text nature of the SIP and SDP packets allow for an easily embedded message to be encoded into the expected data, while also being hidden in plain sight due to the packet only being sent once per VoIP session. While previous papers [15] have proposed the ability to hide covert messages within the plain text SIP and SDP packets of a VoIP call stream, this thesis is the first to carefully analyze and test the ability to embed data in these packets and send a covert message, based on an agreement between the sending and receiving parties. Results include the success for covert messages to be hidden within the Max-Forwards field, a field used for the total number of hops between sender and receiver, the V field, a field used for the version of SIP being used, the T field, usually used for the time a session becomes active on the sending and receiving ends, and finally the O field which designates the owner the call was originally sent from. This success was met with equal failure of previously proposed abilities to hide messages [15] in the Branch statement, tag field, and Call-ID field. A method for systems administrators or network administrators to detect covert channels coming in over a VoIP enabled network using a simple, modified java based packet capture tool is then presented with the ability to check the Max-Forwards, V, T and O fields, due to their low entropy and easy detectability. Using this method, a discussion is given regarding the detectability of covert channels as compared to previous research papers

A Covert Channel in RTP Protocol

A new covert channel over the RTP protocol is designed and implemented by modifying the timestamp value in the RTP header. Due to the high frequency of RTP packets, the covert channel has a high bit-rate, theoretically up to 350 bps. The broad use of RTP for multimedia applications such as VoIP, provides abundant opportunities to such a covert channel to exist. By using the RTP header, many of the challenges present for covert channels using the RTP payload are avoided. A reference implementation of this covert channel is presented. Bit-rates of up to 325 bps were observed. The channel is very difficult to detect due to expected variations in the timestamp field and the flexible nature of RTP

Covert voice over internet protocol communications with packet loss based on fractal interpolation

The last few years have witnessed an explosive growth in the research of information hiding in multimedia objects, but few studies have taken into account packet loss in multimedia networks. As one of the most popular real-time services in the Internet, Voice over Internet Protocol (VoIP) contributes to a large part of network traffic for its advantages of real time, high flow, and low cost. So packet loss is inevitable in multimedia networks and affects the performance of VoIP communications. In this study, a fractal-based VoIP steganographic approach was proposed to realise covert VoIP communications in the presence of packet loss. In the proposed scheme, secret data to be hidden were divided into blocks after being encrypted with the block cipher, and each block of the secret data was then embedded into VoIP streaming packets. The VoIP packets went through a packet loss system based on Gilbert model which simulates a real network situation. And a prediction model based on fractal interpolation was built to decide whether a VoIP packet was suitable for data hiding. The experimental results indicated that the speech quality degradation increased with the escalating packet-loss level. The average variance of speech quality metrics (PESQ score) between the "no-embedding" speech samples and the “with-embedding” stego-speech samples was about 0.717, and the variances narrowed with the increasing packet-loss level. Both the average PESQ scores and the SNR values of stego-speech samples and the data retrieving rates had almost the same varying trends when the packet-loss level increased, indicating that the success rate of the fractal prediction model played an important role in the performance of covert VoIP communications

SecMon: end-to-end quality and security monitoring system

The Voice over Internet Protocol (VoIP) is becoming a more available and popular way of communication for the Internet users. This also applies to the Peer-to-Peer (P2P) systems and merging these two have already proven to be successful (e.g. Skype). Even the existing standards of VoIP provide an assurance of security and Quality of Service (QoS), however, these features are usually optional and supported by a limited number of implementations. As a result, the lack of mandatory and widely applicable QoS and security guarantee makes the contemporary VoIP systems vulnerable to attacks and network disturbances. In this paper we are facing these issues and propose the SecMon system, which simultaneously provides a lightweight security mechanism and improves quality parameters of the call. SecMon is intended specially for VoIP service over P2P networks and its main advantage is that it provides authentication, data integrity services, adaptive QoS and (D)DoS attack detection. Moreover, the SecMon approach represents a lowbandwidth consumption solution that is transparent to the users and possesses a self-organizing capability. The above-mentioned features are accomplished mainly by utilizing two information hiding techniques: digital audio watermarking and network steganography. These techniques are used to create covert channels that serve as transport channels for lightweight QoS measurement results. Furthermore, these metrics are aggregated in a reputation system that enables best route path selection in the P2P network. The reputation system helps also to mitigate (D)DoS attacks, maximize performance and increase transmission efficiency in the network

A New covert channel over RTP

In this thesis, we designed and implemented a new covert channel over the RTP protocol. The covert channel modifies the timestamp value in the RTP header to send its secret messages. The high frequency of RTP packets allows for a high bitrate covert channel, theoretically up to 350 bps. The broad use of RTP for multimedia applications, including VoIP, provides plentiful opportunities to use this channel. By using the RTP header, many of the challenges present for covert channels using the RTP payload are avoided. Using the reference implementation of this covert channel, bitrates of up to 325 bps were observed. Speed decreases on less reliable networks, though message delivery was flawless with up to 1% RTP packet loss. The channel is very difficult to detect due to expected variations in the timestamp field and the flexible nature of RTP