Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hiding Packets in VoIP Chat

Posted by CmdrTaco on from the because-you-can dept.

holy_calamity writes "Two Polish researchers say they have developed a system to hide secret steganographic messages in the packets of a VOIP connection. It exploits the fact that VoIP uses UDP, not TCP; it is designed to tolerate some packets going missing -- so hijacking a few to transmit a hidden message is not a problem." You may also be interested in reading the original paper.

30 of 90 comments (clear)

  1. Too late by oodaloop · · Score: 4, Informative

    Didn't /. just post an article a few months ago about how the NSA figured out a way to block steganographic messages in VOIP?

    --
    Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
    1. Re:Too late by Zymergy · · Score: 5, Informative

      Sort of... "Blocking Steganosonic Data In Phone Calls" http://it.slashdot.org/article.pl?sid=08/04/02/0133212
      There is this too... http://it.slashdot.org/article.pl?sid=04/01/10/2358247

    2. Re:Too late by bickerdyke · · Score: 5, Informative

      Only as long as you'd try to hide your secret data in the Audio stream. If you inject your secret data directly into the network "connection" (read: the sequence of UDP Packets sent) it bypasses manipulated background noise.

      --
      bickerdyke
    3. Re:Too late by redxxx · · Score: 3, Interesting

      The first link would not work because they can't just add noise. They would have to inspect and remove packets from the data stream. It works totally differently and would not be applicable.

      The second is just looking for out of band communication in data streams. It could be configured to look for it in Voip traffic, but most of it is encrypted. It wouldn't be easy, particularly doing it in something like real time, but not impossible.

    4. Re:Too late by GuldKalle · · Score: 4, Funny

      And since when is referring to previous relevant /. articles being a troll? Probably just someone trying to post a steganographic message using the /. mod-system.
      --
      What?
  2. Pay for 388 words? by CogDissident · · Score: 5, Insightful

    To continue reading this article, subscribe to New Scientist. Get 4 issues of New Scientist magazine and instant access to all online content for only USD $5.95

    Thanks Slashdot, because I really want to go to Slashdot to get links to a story that I have to pay to read.

    1. Re:Pay for 388 words? by Beat+The+Odds · · Score: 5, Funny

      Thanks Slashdot, because I really want to go to Slashdot to get links to a story that I have to pay to read.

      You're welcome?

    2. Re:Pay for 388 words? by chunk08 · · Score: 4, Funny

      Wait, someone who reads articles? On slashdot?

      You must be new here.

      --
      Do away with our corrupt tax code. Support the Fair Tax
  3. Complete article by TripMaster+Monkey · · Score: 5, Informative

    The complete article, accessible without NewScientist subscription, may be found here.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  4. Well... by Vectronic · · Score: 3, Insightful

    It's not a sectret anymore now is it?

    1. Re:Well... by Vectronic · · Score: 4, Funny

      Nor a secret for that matter.

    2. Re:Well... by fracai · · Score: 4, Funny

      I assumed the misspelling was one part of a larger steganographic message. Let it be known that I am now browsing over your comment history looking for further "mistakes".

      I'm on to you.

      --
      -- i am jack's amusing sig file
    3. Re:Well... by lanswitch · · Score: 3, Funny

      Twitter, is that you?

    4. Re:Well... by Vectronic · · Score: 3, Funny

      By that logic, we might both be Twitter, considering his nack for replying to himself.

    5. Re:Well... by h4ck7h3p14n37 · · Score: 5, Interesting

      That reminds me of a neat story.

      A few years ago at a tech conference I met someone who worked for the data storage division at Dell. Some of the technical manuals that the engineer needed for their work were classified as secret (product hadn't gone to market yet) and the engineer had to sign various NDAs with the company to get access to the documents.

      Said engineer compared their copy of a manual with another engineer's copy and discovered that each manual had a different set of spelling errors. Apparently Dell was generating documents with unique sets of typos in order to be able to track down the identify of the person who leaked a document.

  5. No way by William+Robinson · · Score: 4, Funny

    secret steganographic messages in the packets of a VOIP connection

    Stop this research. No way I am going to say GoodBye to my Secretary. She knows a lot more than just stenography;)

    --
    hilarious
  6. UDP Only... by mchawi · · Score: 4, Interesting

    Based on the RFCs for VOIP they are supposed to support UDP and TCP per the new specs. Most companies are moving to support both so you can choose, but some of the large companies are going to TCP because this is what all of the 'Unified Communications' packages go with (such as Microsoft Office/Live/Communicator, etc).

    One of the reasons they are leaning this way is security. Go figure.

    Besides that, I don't really see the point. What does this solve that just encrypting sensitive data wouldn't?

    1. Re:UDP Only... by k_187 · · Score: 3, Insightful

      If somebody's looking for something encrypted data is something. With this method, there isn't anything to find, unless I'm totally misunderstanding it.

      --
      11 was a racehorse
      12 was 12
      1111 Race
      12112
    2. Re:UDP Only... by zappepcs · · Score: 4, Interesting

      Well, it might ensure that the NSA et al are not infecting your VoIP equipment with tracing software while you are talking, and those pesky terrorists might not be able to send text data about the next planes to hijack while having a bad conversation quality exchange about prayer times and how to find Mecca while in Chicago.

      When a security hole is found, it needs to be plugged because the threats it poses are not always explicitly understood at first glance.

      In fact, in computing in general, there are multiple ways to sneak a couple of packets through here and there if you're willing to be patient. I'd mention a few of them, but that would probably get me on a fucked up watch list. The fact remains that this is but one way to do so. Monitoring the network packet for packet won't uncover them all either, nor will it out any terrorists who don't want anyone watching their communications. Why, even my music on hold can contain data for transmission to the right person with the right audio equipment. Never mind a blog post, or email. In fact... woooootttt! I could use the NSA's website as the key for an encryption routine that they would never decode in several decades of trying. sigh, but that won't stop them from telling us that it's all for our protection.

      Just encrypting it would not stop the possibility of rogue data if your application can withstand a few missing packets. VoIP is not the only protocol which is susceptible.

      --
      Support NYCountryLawyer RIAA vs People
    3. Re:UDP Only... by PhuCknuT · · Score: 4, Informative

      The idea behind steganography is not just to encrypt the data, but to hide the fact that you're sending it in the first place.

    4. Re:UDP Only... by Kr3m3Puff · · Score: 5, Informative

      First, Stenographic or Stenophonetic solutions are supposed to disguise that you are actually communicating encrypted information, which is 1/2 the battle. If you know two parties are transmitting encrypted information that is sometimes enough (especially in this day and age) to either attack via brute force, or even worse, make them legally hand over their decryption keys, where then you need plausible denability. When the third party doesn't even know you are transmitting information, you are in a much better situation.

      First, wide adoption of RTP transmission via TCP is highly unlikely, due to the nature of streaming media in general which UDP is designed for and TCP is not. Fixed datagrams and packet ordering protocol are a major pain in the a$$ for streaming media.

      Where as the call control protocol (SIP, H.323, MGCP, etc) via TCP is probablly more likely and most standards support transmission under either, though the vast majority is still UDP based.

      You are right from a security perspective with TCP you know if information is gone missing, where as UDP you never really know.

      --
      D.O.U.O.S.V.A.V.V.M.
    5. Re:UDP Only... by Tanktalus · · Score: 5, Funny

      Plain cryptography is something like having a locked car sitting in a room. It might not be easy to get into, but you know it when you see it. This is like having a car behind a painting. You don't notice that there is anything being kept away from you. Well, other than that big-assed painting.

      No? How about this...

      Plain cryptography is something like having a locked car sitting in a room. It might not be easy to get into, but you know it when you see it. This is like having the locks of the car behind paintings. You don't notice the keyholes. Well, other than those out-of-place paintings hanging off the door handles.

      No? How about this...

      Plain cryptography is something like driving your car across the border while trying to keep from having to show your passport to the border patrol (by showing them fake ID). This is like doing the same while having the trunk full of cocaine when you do so.

      Bah, nevermind.

  7. Make noises by tristian_was_here · · Score: 5, Funny

    If you want to hide packets over VoIP I suggest making "beeping" noises.

  8. Re:Complete article, without ads by Animats · · Score: 5, Informative

    Here is the actual paper as a clean PDF. This is the good version.

    The linked Technology Marketing Corporation page mentioned in the parent post has only the beginning of the article. It also has 24/7 Media ads in the middle of the article, Google ads on the right, TMC ads at the top, bottom, and in boxes within the article, buttons for more promoted services at the left, a Flash banner at the top, ads from OAS at the lower right, a Digg button, and an email signup box. Oh, and the page refreshes itself every two minutes to change the ads.

  9. Original paper? by Kyont · · Score: 4, Funny

    You may also be interested in reading the original paper. CmdrTaco, you must be new here.
    --
    You shall see a cow on the roof of a cotton house.
  10. Re:authors by Anonymous Coward · · Score: 3, Funny

    Ha...

    A Polish guy goes in for his yearly eye examination.
    The eye doctor says, "OK, read the smallest line down on the chart that you can."
    The guy reads out, "W... Z... P... X... Y... I... Z... Y... K...".
    The doctor says, "Wow, that's great, you can read the bottom line?"
    The Polish guy says, "Read it? Hell, I know the man!"

  11. Amazing! by 192939495969798999 · · Score: 4, Funny

    I didn't even know we knew what a Stegosaurus sounded like, and these guys hid its messages in VoIP traffic!

    --
    stuff |
  12. Re:Complete article, without ads by Colin+Smith · · Score: 4, Funny

    So. You're the one paying for my internet surfing.

    Sounds like you need adblock.

    --
    Deleted
  13. Patterns in the noise by StreetStealth · · Score: 3, Interesting

    It does get one thinking, though... So many things on the internet appear to be governed purely by entropy; how many of them could conceivably be used for steganographic purposes?

    Imagine a series of /. accounts set up for bots to automatically comment on stories, with an algorithm somewhere to scrape and concatenate certain characters based on a key consisting of times and offsets...

    Come to think of it, there's no reason why this necessarily couldn't be the case with some of the vast volumes of blog comment spam out there. Spread out wide enough and with a resilient enough algorithm, there could be more than enough signal to cover for the noise of spam-killed comments...

    --
    Your mind is clear / The things that you fear / Will fade with how much you / Believe what you hear
  14. Viruses will be the next safe transmitters by suitepotato · · Score: 3, Insightful

    I think the future will see the use of trojan/virus techniques to send data. It's already been fairly well proven that stopping botnets is next to impossible given current technologies, attitudes and ideas on the part of administrators and engineers, and most importantly that AI bears not a candle compared to Natural Stupidity.

    Forget just VoIP. In the future we'll hide communications networks under multiple layers of encryption inside trojan'd everything that is awfully hard to tell innocent user data from something else. We'll probably also host websites and files that way in a coalescence and then expansion of BT/P2P and anonymous remailer methods but not so much with identifiable clients but instead viral ware that people choose to allow on their machines so as to prevent privacy invasion by government and business.

    --
    If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)