Steganography of VoIP Streams

  • Wojciech Mazurczyk
  • Krzysztof Szczypiorski
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5332)


The paper concerns available steganographic techniques that can be used for creating covert channels for VoIP (Voice over Internet Protocol) streams. Apart from characterizing existing steganographic methods we provide new insights by presenting two new techniques. The first one is network steganography solution which exploits free/unused protocols’ fields and is known for IP, UDP or TCP protocols but has never been applied to RTP (Real-Time Transport Protocol) and RTCP (Real-Time Control Protocol) which are characteristic for VoIP. The second method, called LACK (Lost Audio Packets Steganography), provides hybrid storage-timing covert channel by utilizing delayed audio packets. The results of the experiment, that was performed to estimate a total amount of data that can be covertly transferred during typical VoIP conversation phase, regardless of steganalysis, are also included in this paper.


VoIP information hiding steganography 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ahsan, K., Kundur, D.: Practical Data Hiding in TCP/IP. In: Proc. of: Workshop on Multimedia Security at ACM Multimedia 2002, Juan-les-Pins, France (2002)Google Scholar
  2. 2.
    Baugher, M., McGrew, D., Naslund, M., Carrara, E., Norrman, K.: The Secure Real-time Transport Protocol (SRTP), IETF, RFC 3711 (2004)Google Scholar
  3. 3.
    Bender, W., Gruhl, D., Morimoto, N., Lu, A.: Techniques for Data Hiding. IBM. System Journal. 35(3,4), 313–336 (1996)CrossRefGoogle Scholar
  4. 4.
    Cuervo, F., Greene, N., Rayhan, A., Huitema, C., Rosen, B., Segers, J.: Megaco Protocol Version 1.0. IETF, RFC 3015 (2000)Google Scholar
  5. 5.
    Fisk, G., Fisk, M., Papadopoulos, C., Neil, J.: Eliminating Steganography in Internet Traffic with Active Wardens. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 18–35. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Giffin, J., Greenstadt, R., Litwack, P.: Covert Messaging Through TCP Timestamps. In: Proc. of: Privacy Enhancing Technologies Workshop (PET), pp. 194–208 (2002)Google Scholar
  7. 7.
    Guha, S., Daswani, N., Jain, R.: An Experimental Study of the Skype Peer-to-Peer VoIP System. In: Proc. of: IPTPS – Sixth International Workshop on Peer-to-Peer Systems (2006)Google Scholar
  8. 8.
    ITU-T Recommendation H.323: Infrastructure of Audiovisual Services – Packet-Based Multimedia Communications Systems Version 6, ITU-T (2006) Google Scholar
  9. 9.
    Johnston, A., Donovan, S., Sparks, R., Cunningham, C., Summers, K.: Session Initiation Protocol (SIP) Basic Call Flow Examples. IETF, RFC 3665 (2003)Google Scholar
  10. 10.
    Korjik, V., Morales-Luna, G.: Information Hiding through Noisy Channels. In: Proc. of: 4th International Information Hiding Workshop, Pittsburgh, PA, USA, pp. 42–50 (2001)Google Scholar
  11. 11.
    Lucena, N., Lewandowski, G., Chapin, S.: Covert Channels in IPv6. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 147–166. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Mazurczyk, W., Kotulski, Z.: New Security and Control Protocol for VoIP Based on Steganography and Digital Watermarking. In: Proc. of: IBIZA 2006, Kazimierz Dolny, Poland (2006)Google Scholar
  13. 13.
    Mazurczyk, W., Kotulski, Z.: New VoIP Traffic Security Scheme with Digital Watermarking. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 170–181. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Mazurczyk, W., Szczypiorski, K.: Covert Channels in SIP for VoIP Signalling. In: Jahankhani, H., Revett, K., Palmer-Brown, D. (eds.) ICGeS 2008. CCIS, vol. 12, pp. 65–72. Springer, Heidelberg (2008)Google Scholar
  15. 15.
    Murdoch, S., Lewis, S.: Embedding Covert Channels into TCP/IP. Information Hiding, 247–266 (2005)Google Scholar
  16. 16.
    Na, S., Yoo, S.: Allowable Propagation Delay for VoIP Calls of Acceptable Quality. In: Chang, W. (ed.) AISA 2002. LNCS, vol. 2402, pp. 469–480. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Petitcolas, F., Anderson, R., Kuhn, M.: Information Hiding – A Survey. IEEE Special Issue on Protection of Multimedia Content (1999)Google Scholar
  18. 18.
    Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A.: SIP: Session Initiation Protocol. IETF, RFC 3261 (2002)Google Scholar
  19. 19.
    Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.: RTP: A Transport Protocol for Real-Time Applications, IETF, RFC 3550 (2003)Google Scholar
  20. 20.
    Servetto, S.D., Vetterli, M.: Communication Using Phantoms: Covert Channels in the Internet. In: Proc. of IEEE International Symposium on Information Theory (2001)Google Scholar
  21. 21.
  22. 22.
    Szczypiorski, K.: HICCUPS: Hidden Communication System for Corrupted Networks. In: Proc. of ACS 2003, Międzyzdroje, Poland, October 22-24, 2003, pp. 31–40 (2003)Google Scholar
  23. 23.
    Takahashi, T., Lee, W.: An Assessment of VoIP Covert Channel Threats. In: Proc. of 3rd International Conference on Security and Privacy in Communication Networks (SecureComm 2007), Nice, France (2007)Google Scholar
  24. 24.
    US Department of Defense – Department of Defense Trusted Computer System Evaluation Criteria, DOD 5200.28-STD (The Orange Book) (1985) Google Scholar
  25. 25.
    Zander, S., Armitage, G., Branch, P.: A Survey of Covert Channels and Countermeasures in Computer Network Protocols. IEEE Communications Surveys & Tutorials, 3rd Quarter 2007 9(3), 44–57 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Wojciech Mazurczyk
    • 1
  • Krzysztof Szczypiorski
    • 1
  1. 1.Faculty of Electronics and Information Technology, Institute of TelecommunicationsWarsaw University of TechnologyWarsawPoland

Personalised recommendations