Hiding Secret Messages In Skype Silences

Orome1 writes "A group of researchers from the Institute of Telecommunications of the Warsaw University of Technology have devised a way to send and receive messages hidden in the data packets used to represent silences during a Skype call. After learning that Skype transmits voice data in 130-byte packets and the silences in 70-byte packets, the researchers came upon the idea of using the latter to conceal the sending and receiving of additional messages."

source of funding for this project.

[140Mandak262Jamuna]

Apparently a consortium of "socialites" in Tampa, FL and a bevy of four star generals in Pentagon, searched through their couch cushions and scrounged up enough spare change to fund this project.

Go old school rather than packet level?

[Keruo]

If you talk long conversation, specific pauses might simply work as morse code.

Re:Go old school rather than packet level?

[Baloroth]

True, but the data rate would be much much lower than this can achieve, TFA says they can get almost 1 kilobit/second, good luck getting morse code that fast using pauses. And it would be easily decrypted assuming you didn't use a cipher on top of the Morse code system, while this is (supposedly) undetectable.

Re:Go old school rather than packet level?

If it were "undetectable", it wouldn't be able to be spotted by the *receiver* either.

It may well be *innocuous*, but 'undetectable communications' are about as useful as 'unbreakable encryption', and every bit as oximoronic.

Re:Go old school rather than packet level?

[anubi]

If I could process the digitizer output, I would use the same stenographic techniques used to inject hidden content in image files.

To the eye, an image with encoded input just looks a bit grainy. To the ear, a voice with encoded input would just sound like a bit of background noise,

Re:Go old school rather than packet level?

[Kjella]

If the people who are talking together wants to have some secret communication, then their whole conversation might be code. Side channel attacks are much more insidious because in any high security environment the source and destinations of traffic are closely monitored. So this looks like Alice is talking to Bob and that is entirely above board and legitimate, but in addition we're piggybacking secret data from Alice's computer that we've compromised to Bob who is our mole on the inside. Secure communication channels are specifically designed to avoid this sort of thing. For example that is why early SSL replaced a random padding with a defined padding, because the "random" padding could be an encrypted version of the session key or some other secret message and you couldn't tell.

Re:Go old school rather than packet level?

[anubi]

err...make that "steganograpic".

Eloquent silence

[maxwell+demon]

I wonder why Skype needs 70 bytes to transmit essentially nothing. Maybe they already do use it for secret data transmission, just to their own servers?

Re:Eloquent silence

UDP overhead is 28 bytes for ipv4. Add in overhead for the audio codec to represent a timeframe for a sound and 70 bytes become reasonable.

Re:Eloquent silence

[icebike]

Exactly what I was thinking.

You would think that a packet specifying X seconds of simulated silence could be packed into a few bits, so maybe two bytes should suffice.

Clearly there is something else going on, or they would not have designed such a large packet to "represent silence".
That one can distinguish the silence packets from the voice packets doesn't speak too well of the encryption that Skype has always claimed they use.

Re:Eloquent silence

[hawguy]

Exactly what I was thinking.

You would think that a packet specifying X seconds of simulated silence could be packed into a few bits, so maybe two bytes should suffice.

Clearly there is something else going on, or they would not have designed such a large packet to "represent silence".
That one can distinguish the silence packets from the voice packets doesn't speak too well of the encryption that Skype has always claimed they use.

If the Skype client didn't send packets during 'silence', then the client on the receiving end of an extended silent session wouldn't know whether there was silence on the other end or a network problem. That's why the client keeps sending packets even during "silence" rather than just timing silent sections then sending out a packet at the end of the silence saying "It was silent for the past 10 seconds, so that's why you didn't receive any data from me".

Re:Eloquent silence

[vlm]

My guess is they even added in the 38 byte ethernet overhead. Yielding 66 bytes. Add 4 bytes for the codec and its fairly reasonable.

Of course they probably didn't use the 8021q ethernet overhead which is 42 bytes, or they wouldn't have any payload at all! (I suppose its possible... an empty payload is intuitively about as "silent" as you can get)

Re:Eloquent silence

[Minwee]

Exactly what I was thinking.

You would think that a packet specifying X seconds of simulated silence could be packed into a few bits, so maybe two bytes should suffice.

Were you planning on sending that "two seconds of silence" packet at the _start_ of the pause? If so I know a few theoretical physicists and at least one state lottery commission who would _love_ to see your algorithm.

Re:Eloquent silence

[tlhIngan]

I wonder why Skype needs 70 bytes to transmit essentially nothing. Maybe they already do use it for secret data transmission, just to their own servers?

Encryption padding, I'd guess. Use something like AES which only works on 128/192/256 bit blocks (depending on key size)(16/24/32 bytes) and if you have a short packet of silence, it has to be padded in order to be encrypted. I'm guessing there might be a header and other stuff that pushes it to 70 bytes.

Re:Eloquent silence

[icebike]

First, I misspoke, and should have been mentioning milliseconds rather than seconds.
But, still, a keep alive packet arriving once a second should be sufficient, wouldn't you think?

Re:Eloquent silence

Btw, Silence is a sound for computers which is represented by a flat line or basically the value of 0. Not getting packets and getting a value of 0 are different things whereas the former can be due to packet lost and broken connection while the latter is an actual value.

Re:Eloquent silence

[icebike]

Why not send them where the current 70 byte packets are sent?
After all, this decision has already been made and implemented in the Skype protocol, as they are doing one or the other already.

Re:Eloquent silence

+1

Skype is far from the first VoIP protocol to do this.

http://en.wikipedia.org/wiki/Voice_activity_detection
http://en.wikipedia.org/wiki/Comfort_noise

Re:Eloquent silence

[maxwell+demon]

Since it doesn't contain any information, and it is identifiable as silence packet anyway, then why encrypt it?

Re:Eloquent silence

[maxwell+demon]

Sending two bytes is not the same as sending nothing.
The point is not that Skype sends packets for silence, but that it sends such big packets, despite obviously detecting the silence as such (otherwise the silence packages would be the same size as non-silence packages).

Re:Eloquent silence

[gstoddart]

I wonder why Skype needs 70 bytes to transmit essentially nothing.

My assumption was for a keepalive in the protocol.

Otherwise, packets would stop coming if someone stops talking, and sooner or later the other side would have to assume you've hung up.

Sending the packet for the silence would be the equivalent to "I'm still here".

Re:Eloquent silence

[maxwell+demon]

It is obvious that Skype uses voice activity detection, or else the silence packets would be as large as the voice packeage. The whole point is why they are still quite large (large enough to send a substantial amount of data).

The second link is totally irrelevant because it doesn't concern the sender, but the receiver. The noise the receiver generates certainly does not depend on the size of the silence packages the sender sends.

Re:Eloquent silence

[X0563511]

One word that makes it possible: buffering.

It wouldn't work with a realtime stream. TCP/UDP don't do realtime streams quite so well.

Re:Eloquent silence

[maxwell+demon]

You don't need 70 bytes for a simple keepalive. That's the point. Nobody argues that no packets should be sent. But why such large packets?

Taking your analogy, it would be like holding a short monologue just to tell "I'm still here."

Re:Eloquent silence

[ottothecow]

Maybe they found they were having trouble with traffic shaping/QOS type systems.

Have to keep something decently sized flowing through the connection or it gets de-prioritized and then when real content starts flowing again, it lags? I don't know if this is true, but it sounds like a reasonable explanation considering how skype's design is so heavily focused on being able to punch through hostile networking environments and maintain a workable stream.

Re:Eloquent silence

[cheater512]

That doesn't make any sense. If they were including Ethernet and TCP/IP then Skype must have the most efficient voice codec ever to transmit voice with 60 bytes.
Remember it is 70 for silence but only 130 for voice.

Also how do you get 1kbit/s in the silence with 4 bytes per packet?

No Skype is definitely sending silence with 70 bytes.

Re:Eloquent silence

[tlhIngan]

Since it doesn't contain any information, and it is identifiable as silence packet anyway, then why encrypt it?

Because there may be other data besides the ones saying "this is silence". Perhaps some identifier, a size, etc. Maybe there's control information like mouse coordinates (for whiteboard mode), maybe some text chat, etc.

As for not sending anything - well, Skype needs to send something in order to ensure the STUN is still active.

Re:Eloquent silence

[Ungrounded+Lightning]

If they were talking IPv6, UDP packet overhead is 48 bytes, leaving only 22 for keeping the CODECs synchronized and specifying how much silence is being encoded.

I note that some carriers deliberately inject what is called "comfort noise" - a small amount of background noise - during silences. This is to keep the user from becoming concerned that the connection has failed.

While I don't know whether, or how, skype does this, it would be reasonable to either actually send the connection's real background noise at a reduced bit rate, or send some small amount of information to the receiving end in a mechanism for avoiding artifacts (like those I've heard on AT&T cell service) which make it obvious that a noise generator is being switched on and off, or repeating waveforms that sound like a "Max Headroom" style failing connection.

Re:Eloquent silence

[makomk]

VOIP needs to be low latency, though, otherwise people get confused and try to talk over each other.

Re:Eloquent silence

[Miamicanes]

> You would think that a packet specifying X seconds of simulated silence could be packed into a few bits,
> so maybe two bytes should suffice.

You're confusing media-encoding with telephony. Media encoding occurs in non-realtime, so you can analyze a big chunk of data and plan ahead for both silence and bursts. Telephony is realtime. The more you delay the audio for analysis, the more annoying it becomes to the people having the conversation. With realtime telephony, you don't HAVE "X seconds" to buffer and delay transmission so you can analyze a chunk of audio that long.

The supreme irony of video compression is that you can compress pristine HD video down to 320x480 60 field/second VHS-quality with 4:0:0 chroma subsampling and end up with an average bitrate that's barely more than what you'd need for uncompressed (or maybe realtime-compressed, with max. 1ms added latency) audiophile-quality surround sound. Why? Surround sound SEVERELY limits what you can throw away in realtime (it uses phase relationships to encode side/rear/sub channels, which are one of the first things codecs like GSM's throw away and dispense with), and if you're compressing pristine noise-free video using DVD-noncompliant (but usually works anyway) outrageously long GOPs, B-frames, multipass variable-bitrate encoding, and aggressive huffman compression, you can pack the video down to almost nothing -- especially if you're willing to accept a little blockiness.

Re:Eloquent silence

[icebike]

You're confusing media-encoding with telephony. Media encoding occurs in non-realtime, so you can analyze a big chunk of data and plan ahead for both silence and bursts. Telephony is realtime. The more you delay the audio for analysis, the more annoying it becomes to the people having the conversation. With realtime telephony, you don't HAVE "X seconds" to buffer and delay transmission so you can analyze a chunk of audio that long.

Wait, wait, wait,...

Skype is already sending silence packets. Its ALREADY made the determination that it has silence, and packaged (something) differently.

So that pretty much makes the rest of what you said either totally wrong, or non germane.

There goes that idea

[Jeng]

If you are going to hide something, don't let everyone know where you put it.

Now that the exploit has been discussed it will be watched out for.

Re:There goes that idea

It's not an exploit.

Re:There goes that idea

If you are going to hide something, point everyone somewhere else. These guys are really using Youtube, but would prefer their Skype calls are monitored.

Re:There goes that idea

The more your opponent has to watch for, the better off you are -- because watching for more things taxes their computing resources.

Spies are happiest when most people use unencrypted, un-hidden communication, because then they can concentrate their computing resources on the relatively few cases where encryption or steganography are used or suspected of being used.

Re:There goes that idea

[maxwell+demon]

Of course, the opponent could just replace the data in the silence packages himself, thus closing that communication path for you. Normal people would not notice (otherwise that data transmission would not work to begin with).

Re:There goes that idea

[Jeng]

Wrong choice of words, but close enough.

One would exploit the information

Hidden

Would such messages really be hidden if the packets are obviously larger than they ought to be?

huh

[etash]

but now that they told us what they are going to do, the messages won't be a secret any more ?

tl;dr: security by obscurity is a bad thing!

Re:huh

[hobarrera]

It really depends, you can still encrypt the hidden message, hence, it'd be almost impossible to tell if it's just plain old silence, or an encrypted message.

Re:huh

i would assume you can encrypt the data, like pretty much every data ever. i think it was probably their intention to make it public, so that other people can't use it to leak data or other stuff that they did. we are talking about a college, not a criminal organization.

Re:huh

[Fnord666]

tl;dr: security by obscurity is a bad thing!

Maybe that's why this is an article about steganography rather than security?

I'm sure

[rainmayun]

the Chinese and Iranian governments are all over this already.

paranoid mode engaged !

So skype has 1kilobit/sec spare capacity when transmitting silence ? How much data does it actually sent then ? just for silence ?
This protocol is either very inefficient, or there is reason for this 'waste' of bandwidth. So what does skype use it for ?

Re:paranoid mode engaged !

[hawguy]

So skype has 1kilobit/sec spare capacity when transmitting silence ? How much data does it actually sent then ? just for silence ?
This protocol is either very inefficient, or there is reason for this 'waste' of bandwidth. So what does skype use it for ?

From TFA, it's 70 bytes per packet (560 bits, excluding packet overhead), so less than 2 packets/second gives 1kbit/second of data. That doesn't seem all that inefficient.

Re:paranoid mode engaged !

[maxwell+demon]

70 bytes to transmit what could be transmitted in one byte (the status "no activity") seems very inefficient.

Re:paranoid mode engaged !

[TheRealMindChild]

You aren't thinking of the protocol layers involved. At the top there is the "valid voip packet", which encapsulates everything. Next layer down you have an ID layer. Is it silence or is it waveform data? Silence, great. Next layer, for how long? 70 bytes isn't unreasonable.

Re:paranoid mode engaged !

[lamber45]

Except that the packet already has at least an 8-byte UDP header, a 20-byte IPv4 (or 40-byte IPv6) header, and a link-layer header of some sort. There's probably some sort of checksum and block padding within those 70 bytes (which may in fact include the UDP or TCP header as well).

Similarly, VNC tunneled over SSH doesn't use 1-byte and 2-byte packets. For a certain block-size for which I did calculations and watched some real-life traffic, actual packet payloads for the different relevant messages are as follows:

• SSH CHANNEL_OPEN "direct_tcp": 92 bytes
• KeyEvent (messagetype=4): 44 bytes
• PointerEvent (messagetype=5): 28 bytes
• ClientCutText: at least 44 bytes

Since there are only about 90 keys on my keyboard, that seems like a lot of wasted space per packet; but remember that just the TCP and IPv4 headers are 40 bytes, so it's only 51.2% of the IP data, and even less of the link-level data.

Bitwise

[MMAfrk19BB]

Are real silence packets identical in payload? If so, a bitwise comparison of silence packets could be easily automated and would detect the altered packets, right? And if this is the case, how is this useful in a government-surveillance scenario? (I'm assuming that's what this is for.)

Re:Bitwise

[Art+Challenor]

Not if you only send zeros:

http://search.dilbert.com/search?w=database+only+zeros&x=0&y=0

Re:Bitwise

[vlm]

Each side has a very smart bridge.

If bridge A sees an incoming 130 byte packet from the LAN side thats obviously skype, pass it.
If bridge A sees an incoming 70 byte packet from the LAN side thats obviously skype, add a 60 byte encrypted / hashed / whateverd back channel of data.

If bridge B sees an incoming 130 byte packet from the LAN side thats obviously skype, ram it thru the decrypt / dehash / whateverd thing and see if the last 60 bytes decodes to a valid back channel data packet. To a crude first approximation your bit error rate will approximate your magic number or header or whatever length, so requiring the decrypted packet data to begin with 0x1234 means you'll only false positive about once in 2**32 decodes, probably good enough for text, maybe not so good for DVD iso transfer.

This simple idea is pretty simple to traffic analyze. Are the conversation patterns more like speech or embedded text? A slightly intelligent algo on the TX side could fix that (perhaps only the first silence packet after normal speech gets special data, or it only sends special data in a vaguely normal conversational (very) random pattern). You can come up with traffic analysis systems all day.. my rev-2 design could be caught by displaying a histogram of how long each stretch of silence is, how odd that this convo 1 packet long silences match the typical graph for 2 packet long silences instead of typical 1 packet long...

Best of luck with that technique

read this first then decide: cryptome.org/isp-spy/skype-spy.pdf

Voice has a time component - realtime

That's why the data is sent representing 'silence' - coordination. If the packet stream is held constant or close, it's much simpler.

Move Along

Nothing to see hear.

Re:Move Along

[Stewie241]

Obviously. Nothing to see, because it is voice, and nothing to hear, because it is silence.

Waste of time

[Russ1642]

There are a million ways to communicate in secret, and this ranks among the stupidest.

Re:Waste of time

[hawguy]

There are a million ways to communicate in secret, and this ranks among the stupidest.

Which ways are less stupid than hiding your packets in a stream that's believed to be innocuous and even if the voice packets are monitored, your hidden data would presumably remain hidden?

Re:Waste of time

Its called steganography.

http://en.wikipedia.org/wiki/Steganography

It may also employ cryptography. It is part of a layered defense in sending secret messages. One part of sending something in secret is to keep secret the fact you sent it at all. That is where steganography comes into play. As just the fact a message was sent can mean something.

For example in the cold war people would use things as simple as caring a particular newspaper by someone to mean a particular message. Or by stopping by a coffee shop every day and then one day getting creme in your coffee instead of sugar.

So yes there are thousands of ways to send a message. It is a interesting use of an existing well used tech. I would almost say nice hack.

Re:Waste of time

There are a million ways to communicate in secret, and this ranks among the stupidest.

Which ways are less stupid than hiding your packets in a stream that's believed to be innocuous and even if the voice packets are monitored, your hidden data would presumably remain hidden?

Posting as AC to slashdot where you will be moderated -1, Troll, and your message will never be read by the unknowing yet will be transmitted within a seemingly innocent data stream to thousands of people, thus providing you a covert data channel where it's not known who is the real recipient of the data and it's not possible to prove the covert message was received.

Re:Waste of time

[gmhowell]

There are a million ways to communicate in secret, and this ranks among the stupidest.

Which ways are less stupid than hiding your packets in a stream that's believed to be innocuous and even if the voice packets are monitored, your hidden data would presumably remain hidden?

Posting as AC to slashdot where you will be moderated -1, Troll, and your message will never be read by the unknowing yet will be transmitted within a seemingly innocent data stream to thousands of people, thus providing you a covert data channel where it's not known who is the real recipient of the data and it's not possible to prove the covert message was received.

That's as good an explanation for apk as any, I suppose.

Whitespace!

[Vlad_the_Inhaler]

C may currently have overtaken Java as the most popular language but Whitespace is going to overtake them all!

Re:Whitespace!

[maxwell+demon]

You seem to have posted to the wrong story.
But never mind, worse things happen at C.

Re:Whitespace!

Curiously, he may have posted cleverly to the correct story. I'll leave connecting the dots to your imagination. It's kind of cute.

vetrol

ok skype is a nice and more
vetrol anashed islamic

I've seen this before

I've had a lot of chats with silences with hidden messages... mostly with women.

Obviously...

[Brickwall]

"A group of researchers from the Institute of Telecommunications of the Warsaw University of Technology have devised a way to send and receive messages hidden in the data packets

Using Reverse Polish Encryption, no doubt.

skype update in

[dutchwhizzman]

3

2

1

Because MicroSoft will have none of this, obviously.

The quiet ones ...

[PPH]

... have the loudest minds.

Side channel communications is not news.

[Frobnicator]

Side channel attacks are old-school but any security researcher worth their title knows about them.

This was a popular attack in the 60's and 70's for governments.

Decades ago CS programs taught about how spies once leaked data from secret-privileged machines by emitting communications through CPU load, or through disk usage, or through various other timing attacks.

No peer-review yet

FTFA: "More details about the software and how it works will be soon shared with the public, as the researchers are set to present the research at the 1st ACM Workshop on Information Hiding and Multimedia Security which is to be held in Montpellier, France, in June"

This is a premature claim. The workshop paper submission only just opened (http://www.ihmmsec.org/) and the papers will not have been reviewed until April. Having seen many similar schemes proposed, which fail to elementary detection algorithms, I'll be waiting to see whether it survives peer review before giving it any credence.

(And even then it's very likely that it will be detected soon enough.)

But Can China Read It?

[TheNinjaroach]

Since the Chinese government has access to wiretap all Skype calls, I wonder if they would be able to access the silent bits of information as well.

Beep

[Kittenman]

James Blish.

'Nuff said.

Pfft

My wife packs even more information in her silences

Old news

[sootman]

Believe me, there are HUGE amounts of secret data transmitted in the silences in conversations... with your significant other, at least.

silence

i'm sorry but since when was that idea knew? always said so much before a hidden cd track.

If you play Skype calls in reverse...

[RedHackTea]

You can hear the song "Here's to My Sweet Satan."

What a Gold Nugget !

Good !

An old method of 'communication' in our modern world is 'out' as in 'cat out of the bag.'

The question now is, Will the USA Tellcos under direction by Secret Executive Order in accordance with WH reduce Whitespace for National Security purposes?

The fact of the matter is that CIA, DIA, DoD, DHS, DoS and WH are blind to the rampant successful snooping and do not have a clue (neither the ability of assess, monitor, or even understand) to the back-doors already multiple and operational 24/7 backdoors !

The 'rubber nicks' in the Congress, White House and various places DC will not have the stomach nor back bone to nuclear bomb Beijing, Tehran, Moscow, London, Tel Avi or even their own comfort women prostitutes at Fort Meade Maryland !

LoL

Proprietary 3rd party research

Development aid from Poland because Micro$oft doesn't have enough money to do its own research.

Love it.

Or not

[Keychain]

Hidden shmidden. If they didn't encrypt it, Skype could simply inspect the silence packet and get everything they are transmitting. It's only secret to someone who has a microphone in your room