Covert Channels in SIP for VoIP signalling

  title={Covert Channels in SIP for VoIP signalling},
  author={Wojciech Mazurczyk and Krzysztof Szczypiorski},
In this paper, we evaluate available steganographic techniques for SIP (Session Initiation Protocol) that can be used for creating covert channels during signaling phase of VoIP (Voice over IP) call. Apart from characterizing existing steganographic methods we provide new insights by introducing new techniques. We also estimate amount of data that can be transferred in signalling messages for typical IP telephony call. 
Steganography of VoIP Streams
The results of the experiment, that was performed to estimate a total amount of data that can be covertly transferred during typical VoIP conversation phase, regardless of steganalysis, are also included in this paper.
Analysis of a procedure for inserting steganographic data into VoIP calls
Analysis of the dependence of the insertion procedure on the probability distribution of VoIP call duration and the performance of the method under the name LACK is focused on.
SIP Steganalysis Using Chaos Theory
  • Hong Zhao, Xueying Zhang
  • Computer Science
    2012 International Conference on Computing, Measurement, Control and Sensor Network
  • 2012
The Session Initiation Protocol (SIP) is an IETF-defined signaling protocol widely used for controlling communication sessions such as voice and video calls over Internet Protocol (IP). With wide
Beyond steganography for Voice Over IP (VOIP)
Some security issues about VOIP, the role of steganography in VOIP communication, and OTSIP which is a proposed mechanism to secure VOIP based on Steganography and One Time Password are introduced.
Steganography for voice over IP (VOIP)
Some security issues about VOIP, the role of steganography in VOIP communication, and a proposed mechanism to secure VOIP based on Steganography and One Time Password are discussed.
Introducing the GBA Covert Channel in IP Multimedia Subsystem (IMS)
This paper introduces and discusses the application scenarios of a new covert channel in Generic Bootstrapping Architecture (GBA), and demonstrates that this vulnerability can be established to gain unauthorized access to unlawfully utilize the services.
Lost audio packets steganography: the first practical evaluation
First experimental results for an Internet Protocol (IP) telephony-based steganographic method called lost audio packets steganography (LACK) are presented and the method’s impact on the quality of voice transmission is shown.
Covert channels in TCP/IP protocol stack - extended version-
A survey of different techniques for hiding data in several protocols from the TCP/IP protocol stack, organized according to affected layer and protocol.
Hidden in Plain Sight. SDP-Based Covert Channel for Botnet Communication
This paper proposes and demonstrates the feasibility of a simple but very effective in terms of stealthiness and simplicity SIP-based covert channel for botnet Command and Control (C&C) and assess the soundness and the impact of such a deployment at the victim's side via the use of two different types of flooding attacks.
Using transcoding for hidden communication in IP telephony
The paper presents a new steganographic method for IP telephony called TranSteg (Transcoding Steganography), which aims to find a codec that will result in a similar voice quality but smaller voice payload size than the originally selected.


New VoIP Traffic Security Scheme with Digital Watermarking
A new, lightweight, no bandwidth consuming authentication and integrity scheme for VoIP service based on SIP as a signalling protocol that can greatly improve, if it is combined with existing security mechanisms, overall IP Telephony system's security.
Practical Data Hiding in TCP/IP
By passing supplementary information through IPv4 headers it is demonstrated how security mechanisms can be enhanced in routers, firewalls, and for services such as authentication, audit and logging without considerable additions to software or hardware.
New security and control protocol for VoIP based on steganography and digital watermarking
A new, lightweight security and control protocol for Voice over Internet Protocol (VoIP) service is presented, based on two information hiding techniques: digital watermarking and steganography and it is capable of exchanging and verifying QoS and security parameters.
A survey of covert channels and countermeasures in computer network protocols
A survey of the existing techniques for creating covert channels in widely deployed network and application protocols and an overview of common methods for their detection, elimination, and capacity limitation, required to improve security in future computer networks are given.
SIP: Session Initiation Protocol
14 The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for creating, 15 modifying, and terminating sessions with one or more participants. These sessions
Application layer covert channel analysis and detection.
This dissertation investigated Internet protocol stack and identified Application Layer as the level most vulnerable to covert channel operations and identified HTTP as the protocol which must fully understand HTTP protocol, recognise signatures of different HTTP implementations and be capable of anomaly analysis.
Session Initiation Protocol (SIP) Basic Call Flow Examples
This document gives examples of Session Initiation Protocol (SIP) call flows. Elements in these call flows include SIP User Agents and Clients, SIP Proxy and Redirect Servers. Scenarios include SIP
Embedding Covert Channels into TCP/IP
By examining TCP/IP specifications and open source implementations, tests to detect the use of naive embedding are developed and reversible transforms that map block cipher output onto TCP ISNs are described, indistinguishable from those generated by Linux and OpenBSD.
SDP: Session Description Protocol
This document defines the Session Description Protocol, SDP. SDP is intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of
RTP: A Transport Protocol for Real-Time Applications
RTP provides end-to-end network transport functions suitable for applications transmitting real-time data over multicast or unicast network services and is augmented by a control protocol (RTCP) to allow monitoring of the data delivery in a manner scalable to large multicast networks.