Download VoIP Steganography and Its Detection – A Survey

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Computational electromagnetics wikipedia , lookup

Computational phylogenetics wikipedia , lookup

Data assimilation wikipedia , lookup

Computational chemistry wikipedia , lookup

Computational fluid dynamics wikipedia , lookup

False position method wikipedia , lookup

Transcript
VoIP Steganography and Its
Detection – A Survey
ACM Computing Surveys (CSUR) Volume 46 Issue 2, November
2013
WOJCIECH MAZURCZYK
Warsaw University of Technology
1
Outline
•
•
•
•
•
•
Introduction
Scenarios
VoIP Steganography
VoIP Steganalysis
Conclusion
Reference
2
Introduction
• Steganography is an ancient art that encompasses various information
hiding techniques, whose aim is to embed a secret message into a carrier
(steganogram).
3
Introduction(cont.)
• IP telephony is attracting the attention of the steganography research
community. It is because of the following features that IP telephony is a
perfect carrier for steganographic purposes:
• It is very popular.
• The large volume of VoIP data.
• Potentially high steganographic bandwidth that can be achieved.
• It involves the combined use of a variety of protocols.
• It is a real-time service.
• The VoIP calls are dynamic and of variable length.
4
Introduction(cont.)
• S1: Steganographic methods that modify protocol PDU (Protocol Data
Unit) – network protocol headers or payload field.
• S2: steganographic methods that modify PDUs’ time relations
• S3: Hybrid steganographic methods that modify both the content of PDUs
and their time relations.
5
Scenarios
• It is the famous “prisoners' problem” which was first formulated by
Simmons in 1983
6
Scenarios(cont.)
• Warden, the entity that performs detection (steganalysis).
•
In particular it:
• is aware that Alice and Bob can be utilising hidden communication
to exchange data in a covert manner.
• has a knowledge of all existing steganographic methods, but not of
the one used by Alice and Bob (this, as mentioned earlier, is
assumed to be their stego-key).
• is able to try to detect, and/or interrupt the hidden communication
7
Scenarios(cont.)

Model for hidden communication
8
Scenarios(cont.)


Every network steganographic method can be described typically by the
following set of characteristics:
 its steganographic bandwidth
 its undetectability
 Robustness
It is important to measure the steganographic cost:
 MSE (Mean-Square Error)
 PSNR (Peak Signal-to-Noise Ratio)
9
VoIP Steganography

Steganographic methods applied to voice payload:
 LSB-based methods applied to digital voice signal
 Other methods
10
VoIP Steganography(cont.)

Steganographic methods applied to VoIP-specific protocols:
 Methods that modify PDU’s time relations
 Methods that modify protocol PDU – protocol specific fields
 Hybrid methods
11
VoIP Steganalysis




For network steganography, as well as for digital media steganography,
there is still no universal, “one size fits all” detection solution.
SVM (Support Vector Machine) is utilized which is state of the art solution
for steganalysis in general.
Statistical steganalysis for LSB-based VoIP steganography was proposed by
Dittmann et al. [2005]. (99%)
Takahasi and Lee [2007] described a detection method based on calculating
the distances between each audio signal and its de-noised residual by using
different audio quality metrics. (LSB, DSSS, FHSSS are 94% and Echo hiding
methods is 73%)
12
VoIP Steganalysis(cont.)



A Mel-Cepstrum based detection, known from speaker and speech
recognition, was introduced by Krätzer and Dittmann [2007] (detection of
an LSB-based steganography is efficient with a success rate of 100%.)
Steganalysis of LSB steganography based on a sliding window mechanism
and an improved variant of the previously known Regular Singular (RS)
algorithm was proposed by Huang et al. [2011c] (64% decrease in the
detection time over the classic RS)
Huang et al. [2011d] also introduced the steganalysis method for
compressed VoIP speech that is based on second statistics.
13
VoIP Steganalysis(cont.)


A method for detecting CNV-QIM (Complementary Neighbour VerticesQuantisation Index Modulation) steganography in G.723.1 voice streams
was described Li and Huang [2012]. (an average detecting success rate of
96% when the duration of the G.723.1 compressed speech bit stream is less
than 5 seconds.)
A steganalysis method for TranSteg based on MFCC (Mel-Frequency
Cepstral Coefficients) parameters and GMMs (Gaussian Mixture Models)
was developed and tested for various overt/covert codec pairs in a single
warden scenario with double transcoding [Janicki et al. 2012b].
(G.711/G.726, with an average detection probability of 94.6%,
Speex7/G.729 with 89.6%, or Speex7/iLBC, with 86.3% detectability)
14
Conclusion
• Surprisingly, a lot of research effort is still devoted for improving methods
like LSB.
• Little effort has been devoted to the deployment of the methods that
modify the time relations between packets in the RTP stream, which is an
important branch of the network steganography field.
• Each method must be carefully evaluated due to specific requirements for
IP telephony as a real-time service.
15
Conclusion(cont.)
• New concept for VoIP enviroment
• New application for VoIP
• Extension of existing VoIP method
• Undetectability
• Robustness
• Steanography bandwith
• Comparison chart could be better if author added the name of the
method.
16
Q&A
17
Reference
• SIMMONS, G.J. 1984. The prisoner’s problem and the subliminal channel.
In Advances in Cryptology: Proceedings of CRYPTO ’83. Plenum Press,
Santa Barbara, California, USA
• ZANDER, S., ARMITAGE, G., BRANCH, P. 2007. A survey of covert channels
and countermeasures in computer network protocols, IEEE Commun Surv
Tutor 9(3):44–57
• WANG, C., WU, W. 2007. Information hiding in real-time VoIP streams, In
Proc. of 9th IEEE Int Symp Multimedia (ISM 2007), Taichung, Taiwan, 255–
262
18
‘Ta’
19