Information hiding is increasingly used to implement covert channels, to exfiltrate data or to perform attacks in a stealthy manner. Another important usage deals with privacy, for instance, to bypass limitations imposed by a regime, to prevent censorship or to share information in sensitive scenarios such as those dealing with cyber defense. In this perspective, the paper investigates how VoIP communications can be used as a methodology to enhance privacy. Specifically, we propose to hide traffic into VoIP conversations in order to prevent the disclosure, exposure and revelation to an attacker or blocking the ongoing exchange of information. To this aim, we exploit the voice activity detection feature available in many client interfaces to produce fake silence packets, which can be used as the carrier where to hide data. Results indicate that the proposed approach can be suitable to enforce the privacy in real use cases, especially for file transfers. As interactive services (e.g., web browsing) may experience too many delays due to the limited bandwidth, some form of optimization or content scaling may be advisable for such scenarios.
- Jörg Keller
FernUniversität in Hagen
- Steffen Wendzel
Worms University of Applied Science