Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Encryption

Hiding Packets in VoIP Chat 90

Posted by CmdrTaco from the because-you-can dept.
holy_calamity writes "Two Polish researchers say they have developed a system to hide secret steganographic messages in the packets of a VOIP connection. It exploits the fact that VoIP uses UDP, not TCP; it is designed to tolerate some packets going missing -- so hijacking a few to transmit a hidden message is not a problem." You may also be interested in reading the original paper.
This discussion has been archived. No new comments can be posted.

Hiding Packets in VoIP Chat More

Hiding Packets in VoIP Chat

Comments Filter:

  • Too late (Score:5, Informative)

    by oodaloop ( 1229816 ) on Monday June 02, 2008 @12:42PM (#23628349)
    Didn't /. just post an article a few months ago about how the NSA figured out a way to block steganographic messages in VOIP?

  • Complete article (Score:5, Informative)

    by TripMaster Monkey ( 862126 ) on Monday June 02, 2008 @12:45PM (#23628379)
    The complete article, accessible without NewScientist subscription, may be found here [tmcnet.com].

  • Re:Too late (Score:5, Informative)

    by Zymergy ( 803632 ) * on Monday June 02, 2008 @12:46PM (#23628389)
    Sort of... "Blocking Steganosonic Data In Phone Calls" http://it.slashdot.org/article.pl?sid=08/04/02/0133212 [slashdot.org]
    There is this too... http://it.slashdot.org/article.pl?sid=04/01/10/2358247 [slashdot.org]

  • Re:UDP Only... (Score:5, Informative)

    by PhuCknuT ( 1703 ) on Monday June 02, 2008 @01:06PM (#23628599) Homepage
    The idea behind steganography is not just to encrypt the data, but to hide the fact that you're sending it in the first place.

  • Re:Complete article, without ads (Score:5, Informative)

    by Animats ( 122034 ) on Monday June 02, 2008 @01:06PM (#23628603) Homepage

    Here is the actual paper [arxiv.org] as a clean PDF. This is the good version.

    The linked Technology Marketing Corporation page mentioned in the parent post has only the beginning of the article. It also has 24/7 Media ads in the middle of the article, Google ads on the right, TMC ads at the top, bottom, and in boxes within the article, buttons for more promoted services at the left, a Flash banner at the top, ads from OAS at the lower right, a Digg button, and an email signup box. Oh, and the page refreshes itself every two minutes to change the ads.

  • Re:UDP Only... (Score:5, Informative)

    by Kr3m3Puff ( 413047 ) <me@kitsonk e l l y .com> on Monday June 02, 2008 @01:09PM (#23628633) Homepage Journal
    First, Stenographic or Stenophonetic solutions are supposed to disguise that you are actually communicating encrypted information, which is 1/2 the battle. If you know two parties are transmitting encrypted information that is sometimes enough (especially in this day and age) to either attack via brute force, or even worse, make them legally hand over their decryption keys, where then you need plausible denability. When the third party doesn't even know you are transmitting information, you are in a much better situation.

    First, wide adoption of RTP transmission via TCP is highly unlikely, due to the nature of streaming media in general which UDP is designed for and TCP is not. Fixed datagrams and packet ordering protocol are a major pain in the a$$ for streaming media.

    Where as the call control protocol (SIP, H.323, MGCP, etc) via TCP is probablly more likely and most standards support transmission under either, though the vast majority is still UDP based.

    You are right from a security perspective with TCP you know if information is gone missing, where as UDP you never really know.

  • Re:UDP Only... (Score:2, Informative)

    by papna ( 1242200 ) on Monday June 02, 2008 @01:09PM (#23628639)

    With this method, there isn't anything to find, unless I'm totally misunderstanding it.
    Or rather, there's nothing to notice.

    Plain cryptography is something like having a locked safe sitting in a room. It might not be easy to get into, but you know it when you see it. This is like having a safe behind a painting. You don't notice that there is anything being kept away from you.

  • Re:UDP Only... (Score:1, Informative)

    by Anonymous Coward on Monday June 02, 2008 @01:19PM (#23628753)
    Besides that, I don't really see the point. What does this solve that just encrypting sensitive data wouldn't?
    A lot. Remember when W. told OBL that we were listening in on their sat phones? Well, between that incident and the time that reagan gave up info about the KAL incident told a lot about our intel world (the 2 should have been swung, or gone on a hunting trip with cheney, for those actions of being traitors; it took several years for pilots to talk again and a number of interesting channels were shutdown in 2003). One of the things about the terrorists is that they are not just romantics. They are extremely bright (PhD's and MD all over). OBL went underground and pushed for hiding info. Of course, the issue is what package to look at. Well, when a small portion are encrypted, then it is trivial to find. of course that brings up the issue of whether the NSA can decrypt it? [wired.com] So, AQ has figured out that answer and needed another way to communicate. So they switched up to steg. Why? Because now, we have to hunt for these, figure out which packets to reassemble, which ORDER to assemble them, and then decrypt. That is DAMN difficult.

  • Re:Too late (Score:5, Informative)

    by bickerdyke ( 670000 ) on Monday June 02, 2008 @01:19PM (#23628755)
    Only as long as you'd try to hide your secret data in the Audio stream. If you inject your secret data directly into the network "connection" (read: the sequence of UDP Packets sent) it bypasses manipulated background noise.

Slashdot Top Deals

Waste not, get your budget cut next year.

Close