Multimedia Tools and Applications

, Volume 57, Issue 1, pp 109–126 | Cite as

What are suspicious VoIP delays?

  • Wojciech Mazurczyk
  • Krzysztof Cabaj
  • Krzysztof Szczypiorski
Article

Abstract

Voice over IP (VoIP) is unquestionably the most popular real-time service in IP networks today. Recent studies have shown that it is also a suitable carrier for information hiding. Hidden communication may pose security concerns as it can lead to confidential information leakage. In VoIP, RTP (Real-time Transport Protocol) in particular, which provides the means for the successful transport of voice packets through IP networks, is suitable for steganographic purposes. It is characterised by a high packet rate compared to other protocols used in IP telephony, resulting in a potentially high steganographic bandwidth. The modification of an RTP packet stream provides many opportunities for hidden communication as the packets may be delayed, reordered or intentionally lost. In this paper, to enable the detection of steganographic exchanges in VoIP, we examined real RTP traffic traces to answer the questions, what do the “normal” delays in RTP packet streams look like? and, is it possible to detect the use of known RTP steganographic methods based on this knowledge?

Keywords

IP telephony VoIP delays LACK Information hiding Network steganography 

References

  1. 1.
    Begtasevic F, Van Mieghem P (2001) Measurements of the hopcount in Internet. In: Proc. of the Passive and Active Measurement. 2001Google Scholar
  2. 2.
    Berk V, Giani A, Cybenko G (2005) Detection of covert channel encoding in network packet delays. Tech. Rep. TR2005-536, Department of Computer Science, Dartmouth College, November 2005, URL: http://www.ists.dartmouth.edu/library/149.pdf
  3. 3.
    Birke R, Mellia M, Petracca M, Rossi D (2007) Understanding VoIP from backbone measurements. In Proc. of 26th IEEE International Conference on Computer Communications (INFOCOM 2007), May 2007, pp. 2027-35, ISBN 1-4244-1047-9Google Scholar
  4. 4.
    Borella M, Swider D, Uludag S, Brewster G (1998) Internet packet loss: measurements and implications for End-to-End QoS. In Proc. of International Conference on Parallel Processing, August 1998Google Scholar
  5. 5.
    Cole RG, Rosenbluth JH (2001) Voice over IP performance monitoring. ACM SIGCOMM Computer Communication Review, vol. 31 no. 2, pp. 9–24, April 2001Google Scholar
  6. 6.
    Fei A, Pei G, Liu R, Zhang L (1998) Measurements on delay and hop-count of the internet. Proc. IEEE GLOBECOM’98, 1998Google Scholar
  7. 7.
    Girling CG (1987) Channels in LAN’s. IEEE Trans Software Eng SE-13(2):292–296CrossRefGoogle Scholar
  8. 8.
    Guha S, Daswani N, Jain R (2006) An experimental study of the skype peer-to-peer VoIP system. Sixth International Workshop on Peer-to-Peer Systems (IPTPS), February 2006Google Scholar
  9. 9.
    ITU-T Recommendation: G.711 (1988) Pulse code modulation (PCM) of voice frequencies, November 1988Google Scholar
  10. 10.
    ITU-T Recommendation: P.800 (1996) Methods for subjective determination of transmission quality, September 1996Google Scholar
  11. 11.
    ITU-T, Recommendation G.107 (2002) The E-model: a computational model for use in transmission planning, 2002Google Scholar
  12. 12.
    Kundur D, Ahsan K (2003) Practical internet steganography: data hiding in IP. Proceedings of the Texas Workshop on Security of Information Systems, April 2003Google Scholar
  13. 13.
    Liang YJ, Farber N, Girod B (2003) Adaptive playout scheduling and loss concealment for voice communications over IP networks. IEEE Transactions on Multimedia 5(4):532–543CrossRefGoogle Scholar
  14. 14.
    Lubacz J, Mazurczyk W, Szczypiorski K (2010) Vice over IP In: IEEE Spectrum, ISSN: 0018-9235, February, pp. 40–45Google Scholar
  15. 15.
    Markopoulou AP, Tobagi FA, Karam MJ (2002) Assessment of VoIP quality over internet backbones. IEEE Infocom, New YorkGoogle Scholar
  16. 16.
    Mazurczyk W, Szczypiorski K (2008) Steganography of VoIP Streams, In: R. Meersman and Z. Tari (Eds.): OTM 2008, Part II—Lecture Notes in Computer Science (LNCS) 5332, Springer-Verlag Berlin Heidelberg, Proc. of The 3rd International Symposium on Information Security (IS'08), Monterrey, Mexico, November 2008, pp. 1001–1018Google Scholar
  17. 17.
    Na S, Yoo S (2002) Allowable propagation delay for VoIP calls of acceptable quality. In: Chang, W. (ed.) AISA 2002. LNCS, vol. 2402, pp. 469–480. Springer, Heidelberg, 2002Google Scholar
  18. 18.
    Narbutt M, Murphy L (2003) VoIP playout buffer adjustment using adaptive estimation of network delays. In Proceedings of 18th International Teletraffic Congress (ITC-18), 2003, pp. 1171–1180Google Scholar
  19. 19.
    Petitcolas F, Anderson R, Kuhn M (1999) Information hiding—a survey IEEE. Special Issue on Protection of Multimedia Content, July 1999Google Scholar
  20. 20.
    Ramjee R, Kurose J, Towsley D, Schulzrinne H (1994) Adaptive playout mechanisms for packetized audio applications in wide-area networks. In Proceedings of the IEEE INFOCOM 1994, 1994, pp. 680–688Google Scholar
  21. 21.
    Schechter SE, Smith MD (2003) Access for sale, ACM Workshop on Rapid Malcode (WORM'03). ACM SIGSAC, November 2003Google Scholar
  22. 22.
    Schulzrinne H, Caspkner S, Frederick R, Jacobson V (2003) RTP: a transport protocol for real-time applications. IETF, RFC 3550, July 2003Google Scholar
  23. 23.
    Servetto SD, Vetterli M (2001) Communication using phantoms: covert channels in the internet. In Proc. of IEEE International Symposium on Information Theory, June 2001Google Scholar
  24. 24.
    Skype–URL: http://www.skype.com
  25. 25.
    Sreenan CJ, Chen J, Agrawal P, Narendran B (2000) Delay reduction techniques for playout buffering. IEEE Transactions on Multimedia 2:88–100CrossRefGoogle Scholar
  26. 26.
    Wu C, Chen K, Huang C, Lei C (2009) An empirical evaluation of VoIP playout buffer dimensioning in Skype Google Talk and MSN Messenger. In Proceedings of ACM NOSSDAV, 2009Google Scholar
  27. 27.
    Wireshark–URL: http://www.wireshark.org
  28. 28.
  29. 29.
    Zhou X, Van Mieghem P (2005) Hopcount and E2E delay: IPv6 Versus IPv4. PAM2005, BostonGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Wojciech Mazurczyk
    • 1
  • Krzysztof Cabaj
    • 1
  • Krzysztof Szczypiorski
    • 1
  1. 1.Faculty of Electronics and InformationWarsaw University of TechnologyWarsawPoland

Personalised recommendations