Skip to main content

Creating Covert Channel Using SIP

  • Conference paper
Multimedia Communications, Services and Security (MCSS 2014)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 429))


Sending VoIP (Voice Over IP) by default requires two protocols:SIP and RTP. First one is used for establishing and changing the settings of the session and second one for exchanging voice packets. The main aim of this paper is to calculate the maximum number and type of SIP messages that can be transferred during established VoIP call without detection and raising an alarm from IDS (Intrusion detection system). Finally, we calculated Steganography bandwidth, amount of data in these messages that can be used for transfer of hidden content. Also, this paper deals with Snort IDS settings for raising alarm, traditional ones by using hard-coded rules and usage of anomaly detection plugin. Results of experiment are provided.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others


  1. Zander, S., Armitage, G., Branch, P.: A Survey of Covert Channels and Countermeasures in Computer Network Protocols. IEEE Communications Surveys & Tutorials 9(3), 44–57 (2007) (cited on page 7)

    Google Scholar 

  2. Mazurczyk, W., Szczypiorski, K.: Steganography of VoIP Streams. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1001–1018. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  3. Janicki, A., Mazurczyk, W., Szczypiorski, K.: Steganalysis of transcoding steganography. Ann. Telecommun., doi:10.1007/s12243-013-0385-4

    Google Scholar 

  4. Mazurczyk, W., Kotulski, Z.: New VoIP Traffic Security Scheme with Digital Watermarking. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 170–181. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  5. Mazurczyk, W., Szaga, P., Szczypiorski, K.: Using transcoding for hidden communication in IP telephony. Multimed. Tools Appl., doi:10.1007/s11042-012-1224-8

    Google Scholar 

  6. Anonymous, DNS Covert Channels and Bouncing Techniques (2005),

  7. Berk, V., Giani, A., Cybenko, G.: Detection of covert channel encoding in network packet delays (Tech. Rep. TR2005-536). Department of Computer Science, Dartmouth College (November 2005)

    Google Scholar 

  8. Szczypiorski, K.: HICCUPS: Hidden Communication System for Corrupted Networks. In Proc. of ACS 2003, Międzyzdroje, Poland, October 22-24, 2003, pp. 31–40 (2003) 23.

    Google Scholar 

  9. Mazurczyk, W., Smolarczyk, M., Szczypiorski, K.: Hiding Information in Retransmissions. Telecommunication Systems 52(2), 1113–1121 (2013)

    Google Scholar 

  10. Kulin, M., Kazaz, T., Mrdović, S.: SIP Server Security with TLS: Relative Performance, Evaluation. In: 2012 IX International Symposium on Telecommunications (BIHTEL). Fac. of Electr. Eng., Univ. of Sarajevo, Sarajevo, Bosnia-Herzegovina, pp. 1–6. IEEE (2012)

    Google Scholar 

  11. Tang, J., Cheng, Y., Hao, Y.: Detection and prevention of SIP flooding attacks in voice over IP networks. In: 2012 Proceedings IEEE INFOCOM. IEEE (2012)

    Google Scholar 

  12. Tang, J., Cheng, Y.: Quick detection of stealthy sip flooding attacks in voip networks. In: 2011 IEEE International Conference on Communications (ICC), pp. 1–5. IEEE (June 2011)

    Google Scholar 

  13. US Department of Defense – Department of Defense Trusted Computer System Evaluation Criteria, DOD 5200.28-STD (The Orange Book) (1985)

    Google Scholar 

  14. Session Initiation Protocol (SIP) Parameters,

  15. [RFC3261][RFC3427][RFC5727]

    Google Scholar 

  16. SDP: Session Description Protocol,

  17. Snort.AD - Snort(tm) preprocessor based on traffic anomalies detection,

  18. Szmit, M., Adamus, S., Bugala, S., Szmit, A.: Implementation of Brutlag’s algorithm in Anomaly Detection 3.0. In: FedCSIS, pp. 685–691 (September 2012)

    Google Scholar 

  19. The R Project for Statistical Computing,

  20. Szmit, M., Szmit, A.: Usage of Modified Holt-Winters Method in The Anomaly Detection of Network Traffic. Case Studies. Journal of Computer Networks and Communication (article in press)

    Google Scholar 

  21. Brutlag, J.D.: Aberrant Behavior Detection in Time Series for Network Monitoring. In: 14th System Administration Conference Proceedings, New Orleans, pp. 139–146 (2000)

    Google Scholar 

  22. Szmit, M., Szmit, A., Bugala, S.: Usage of Holt-Winters Model and Multilayer Perceptron in Network Traffic Modelling and Anomaly Detection. Informatica (03505596) 36(4) (2012)

    Google Scholar 

  23. Digium/Asterisk JIRA – Asterisk Issues,

  24. Open Source SIP Server,

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Mehić, M., Mikulec, M., Voznak, M., Kapicak, L. (2014). Creating Covert Channel Using SIP. In: Dziech, A., Czyżewski, A. (eds) Multimedia Communications, Services and Security. MCSS 2014. Communications in Computer and Information Science, vol 429. Springer, Cham.

Download citation

  • DOI:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07568-6

  • Online ISBN: 978-3-319-07569-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics