Mobile VoIP Steganography From Framework to Implementation Marcus - - PowerPoint PPT Presentation

mobile voip steganography
SMART_READER_LITE
LIVE PREVIEW

Mobile VoIP Steganography From Framework to Implementation Marcus - - PowerPoint PPT Presentation

Dec 17, 2023 247 likes •528 views

Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel Jrgen Wurzer Institute of IT Security Research St. Plten University of Applied Sciences DeepSec 2010 November 25 th 2010 Mobile VoIP Steganography

slide-1
SLIDE 1

Mobile VoIP Steganography

From Framework to Implementation Marcus Nutzinger Rainer Poisel Jürgen Wurzer

Institute of IT Security Research

  • St. Pölten University of Applied Sciences

DeepSec 2010 November 25th 2010

slide-2
SLIDE 2

Mobile VoIP Steganography – From Framework to Implementation

Introduction

Us, Ourselves, and We

Studied “Telecommunications and Media” Employed at the Institute for IT Security Research at

  • St. Pölten University of Applied Sciences

Project StegIT-2 Digital Forensics

DeepSec 2010 November 25th 2010

slide-3
SLIDE 3

Mobile VoIP Steganography – From Framework to Implementation

Introduction

Cryptology, Cryptography and Steganography

Cryptography

Study and practice of hiding information Protection of secret data Data transfer obvious

Steganography

Science of covert communication Conceals the existence of secret information

Cryptology

Science that incorporates both cryptography and cryptanalysis.

DeepSec 2010 November 25th 2010

slide-4
SLIDE 4

Mobile VoIP Steganography – From Framework to Implementation

Introduction

Cryptology, Cryptography and Steganography

Cryptography

Study and practice of hiding information Protection of secret data Data transfer obvious

Steganography

Science of covert communication Conceals the existence of secret information

Cryptology

Science that incorporates both cryptography and cryptanalysis.

DeepSec 2010 November 25th 2010

slide-5
SLIDE 5

Mobile VoIP Steganography – From Framework to Implementation

Introduction

Cryptology, Cryptography and Steganography

Cryptography

Study and practice of hiding information Protection of secret data Data transfer obvious

Steganography

Science of covert communication Conceals the existence of secret information

Cryptology

Science that incorporates both cryptography and cryptanalysis.

DeepSec 2010 November 25th 2010

slide-6
SLIDE 6

Mobile VoIP Steganography – From Framework to Implementation

Introduction

Filtering of internet services and applications

Pervasive Substantial Selective Suspected No evidence

Figure: Worldmap of internet filtering (Source: OpenNet Initiative, 2010)

DeepSec 2010 November 25th 2010

slide-7
SLIDE 7

Mobile VoIP Steganography – From Framework to Implementation

Introduction

Steganography in Brief

Encoder

Cover Image

Decoder

Key Stego Object Communications Channel Original Cover

Figure: Generic procedure of steganography

DeepSec 2010 November 25th 2010

slide-8
SLIDE 8

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Functional Overview – The Framework

embedding extraction

  • riginal

(cover) modified from Alice (stego object) micro speaker modified from Bob (stego object) Alice secret message A from Alice for Bob secret message B from Bob StegIT-2 framework

GUI Chat

Figure: Principle of the StegIT-2 Framework

DeepSec 2010 November 25th 2010

slide-9
SLIDE 9

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Functional Overview – VoIP

Linux router (e.g. OpenWrt) Linux router (e.g. OpenWrt) Internet VoIP Client VoIP Client

Figure: Using the framework for VoIP-Steganography

DeepSec 2010 November 25th 2010

slide-10
SLIDE 10

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Functional Overview – VoIP

embedding extraction framework RTP packets RTP packets netfilter-queue Linux router (e.g. OpenWrt) embedding extraction framework RTP packets RTP packets netfilter-queue Linux router (e.g. OpenWrt) Internet VoIP Client VoIP Client

Figure: Using the framework for VoIP-Steganography

DeepSec 2010 November 25th 2010

slide-11
SLIDE 11

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Functional Overview – GSM

embedding extraction micro speaker Alice modified handsfree set adapter soundcard for audio input (line in / mic) and audio output (line out) PC with StegIT-2 framework mobile phone embedding extraction micro speaker Bob modified handsfree set adapter soundcard for audio input (line in / mic) and audio output (line out) PC with StegIT-2 framework mobile phone

Figure: Using the framework for Steganography in GSM-calls

DeepSec 2010 November 25th 2010

slide-12
SLIDE 12

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Outlining the Components

Components

Protocol for data flow handling Integrity check of embedded data Segmentation of data for transmission Unification of secret data and cover medium Management of component instantiation Interfaces for third party software

DeepSec 2010 November 25th 2010

slide-13
SLIDE 13

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Layered Approach

Alice Bob Secret Data Protocol Presentation Embedding Synchronization Transmission Secret Data Protocol Presentation Embedding Synchronization Transmission Frame transmission (e.g. RTP) Bytes Bits Chips Samples Samples 6 5 4 3 2 1

Figure: Steganographic data exchange as a layered model

DeepSec 2010 November 25th 2010

slide-14
SLIDE 14

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Software-Architecture I

IEmbeddingEngine

+embedIntoSamples() +extractFromSamples()

ISampleIO

+read() +write()

CAlsaIO CPulseAudioIO CRoutingIO CWaveIO CSocketIO CDeinterlaceIO COriginalModifiedIO CCombinationIO ISampleIO

1 1 1 2 1 2 1 1

main

CSamplesPreprocessor

+createStegoObject() +extractFromStegoObject() 1 1 1 1

CStegCallHandle

+getEmbeddingEngine() 1 1

Figure: Architecture for IO-components

DeepSec 2010 November 25th 2010

slide-15
SLIDE 15

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Software-Architecture II

Start End io->read() Init framework: io, samles preprocessor, embedding engine EOF Action createStegoObject() extractFromStegoObject() io->write() false true Wait for extract thread Destroy framework extract thread: Wait for extraction, Extract secret data Copy audio samples into a ring buffer for extraction 1 =EMBED =EXTRACT 1

Figure: Flowchart of the main-routine

DeepSec 2010 November 25th 2010

slide-16
SLIDE 16

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Software-Architecture III

Spatial Domain

Digital representation

Codec-specific

  • e. g. LSB Hiding

Transform Domain

Analogue representation

Echo Hiding Spread Spectrum Phase Coding

DeepSec 2010 November 25th 2010

slide-17
SLIDE 17

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Software-Architecture III

Spatial Domain

Digital representation

Codec-specific

  • e. g. LSB Hiding

Transform Domain

Analogue representation

Echo Hiding Spread Spectrum Phase Coding

DeepSec 2010 November 25th 2010

slide-18
SLIDE 18

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Software-Architecture III

Start embedOrExtract() End embedOrExtract() Representation Action embedIntoSamples() Embed into encoded audio data extractFromSamples() Extract from encoded audio data Action embedIntoSamples() Embed into decoded audio samples extractFromSamples() Extract from decoded audio samples Decode Encode =EMBED =EMBED =EXTRACT =EXTRACT =ORIGINAL =DECODE For format specific embedding / extraction For decoded "analog" embedding / extraction

Figure: Different modes for Samples-Handling

DeepSec 2010 November 25th 2010

slide-19
SLIDE 19

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Software-Architecture IV

IEmbeddingEngine

+embedIntoSamples() +extractFromSamples()

IExtendedBitSource

+getBit() +putBit()

CStreamBuilder IBitSource

+getBit() +putBit()

IPacketSource

+getPacket() +putPacket()

IStegIO

+read() +write() 1 1 1 1 1 1

CPacketBuilder CByteBuilder CDynamicSSEE

1 1

CFrameBuilder CFileProtocolEngine CDummyProtocolEngine CGuiProtocolEngine CDatagramBuilder

1 1

CDefenseEmbeddingEngine CEchoEmbeddingEngine CRandLsbEmbeddingEngine

1 1 1 1 1

CSimpleFileProtocolEngine

Figure: Architecture for embedding components

DeepSec 2010 November 25th 2010

slide-20
SLIDE 20

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Platforms - Commodity Hardware

Mipsel

Asus WL-500g Premium v1, based on Broadcom 4704 (modified) OpenWrt SDK Port to other platforms:

Routing-Interface Audio-Interface

OpenWrt SDK: Adaptions

Support for NFQUEUE Additional packages added Customized firewall settings Customized start scripts

DeepSec 2010 November 25th 2010

slide-21
SLIDE 21

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Platforms - Commodity Hardware

Mipsel

Asus WL-500g Premium v1, based on Broadcom 4704 (modified) OpenWrt SDK Port to other platforms:

Routing-Interface Audio-Interface

OpenWrt SDK: Adaptions

Support for NFQUEUE Additional packages added Customized firewall settings Customized start scripts

DeepSec 2010 November 25th 2010

slide-22
SLIDE 22

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Platforms - Mobile- and Smartphones

Possibly usage on smartphones

currently only Linux based phones considered

  • e. g. Android powered

smartphones

NDK allows for reuse of

  • ur C++ codebase

Scenarios

VoIP Raw Voice-Data

DeepSec 2010 November 25th 2010

slide-23
SLIDE 23

Mobile VoIP Steganography – From Framework to Implementation

Technical Details

Platforms - Mobile- and Smartphones

Possibly usage on smartphones

currently only Linux based phones considered

  • e. g. Android powered

smartphones

NDK allows for reuse of

  • ur C++ codebase

Scenarios

VoIP Raw Voice-Data

DeepSec 2010 November 25th 2010

slide-24
SLIDE 24

Mobile VoIP Steganography – From Framework to Implementation

Defense

Analyzing robustness

Preventing steganography

Project goal No steganalysis Different approaches

Noise Jitter Frequency shifting (semitone) Signal cancelling

DeepSec 2010 November 25th 2010

slide-25
SLIDE 25

Mobile VoIP Steganography – From Framework to Implementation

Demonstration

Setup

eth0 vnet1 vnet2 eth0

192.168.101.10 192.168.101.1 192.168.102.2 192.168.102.20

Alice Bob Defense

Defense deactivated Defense activated Guest (Virtual Maschine) Guest (Virtual Maschine) Host (Physical Maschine) VoIP Client VoIP Client GUI GUI Call between Alice (192.168.101.10) and Bob (192.168.102.20) FW GUI FW FW

Figure: Architecture for embedding components

DeepSec 2010 November 25th 2010

slide-26
SLIDE 26

Mobile VoIP Steganography – From Framework to Implementation

Outlook

Future scenarios

Video streams as cover medium Windows-Port Better usability Improved data throughput Smaller, more powerful devices Use of steganographic loaders

DeepSec 2010 November 25th 2010

slide-27
SLIDE 27

Mobile VoIP Steganography – From Framework to Implementation

Questions and Answers

Thank you for your attention!

Any questions?

DeepSec 2010 November 25th 2010