Implementing Covert Communication over Voice Conversations with Windows Live Messenger

Page created by George Myers
 
CONTINUE READING
Implementing Covert Communication over Voice Conversations with Windows Live Messenger
Implementing Covert Communication over Voice Conversations with Windows Live Messenger
                    Hui Tian, Ronglie Guo, Jing Lu, Yonghong Chen

          Implementing Covert Communication over Voice Conversations with
                             Windows Live Messenger
                               1
                            Hui Tian, 1Ronglie Guo, 2Jing Lu, 1Yonghong Chen
               1
                College of Computer Science and Technology, National Huaqiao University,
                                          Xiamen 361021, China
                    2
                      Department of Information Systems, National Huaqiao University,
                                          Xiamen 361021, China
               {htian@hqu.edu.cn, ronglie@126.com, jlu@hqu.edu.cn, djandcyh@163.com}

                                                          Abstract
         With the increasing popularity of Voice over Internet Protocol (VoIP), VoIP-based steganography
     has become a new hot research topic. In this paper, we mainly focus on a public VoIP system, MSN
     voice (i.e. the VoIP of Windows Live Messenger), as a carrier to apply steganography to achieve
     covert communications. Differing from payload-based steganographic approaches for self-built VoIP
     systems, we exploit the potential least significant fields in the headers of real-time-transport-protocol
     (RTP) and real-time-transport-control-protocol (RTCP) packets to conceal secret messages. Our
     observations via research and experiments suggest that, in MSN voice scenarios, least significant bits
     of the timestamp in the RTP header and the least significant word of network-time-protocol timestamp
     in the RTCP header provide nice opportunities to apply steganography. Using these steganographic
     approaches, we design and implement a covert communication system over MSN voice. This system is
     evaluated in a wide area network environment. The experimental results demonstrate that the covert
     communications based on the proposed steganographic approaches are feasible and effective.

         Keywords: Steganography, Covert Communication, Real-time Transport Protocol, Real-Time
                                   Transport Control Protocol, Windows Live Messenger

     1. Introduction
         For many years, steganography, which is the art and science of hiding secret information in other
     innocuous-looking objects, has captured the attention and imagination of researchers [1-3]. Compared
     with cryptography that aims to hide the content of secret information, steganography pays more
     attention to hiding the presence of secret information and achieving a covert communication. In other
     words, steganography presents a new way of thinking by concerning itself more with stealth than
     defense. Therefore, to some degree, steganography can provide better security than cryptography.
         Voice over Internet Protocol (VoIP) is a promising technique that allows people to make telephone
     calls through a broadband Internet connection. Because of its advantages of low cost and advanced
     flexible digital features, VoIP is often considered as a credible and popular alternative to the public-
     switched telephone network (PSTN) [4]. In recent years, with the rapid development and increasing
     popularity of VoIP, VoIP-based steganography has become a new hot research topic in the information
     hiding filed. So far, researchers have proposed various successful steganographic approaches for VoIP,
     which can be generally classified into three categories.
         First, steganographic approaches for VoIP can be naturally derived from the protocol steganography
     techniques, since VoIP is a technique constructed on the Internet Protocol (IP). In general, the protocol
     steganography techniques have two main implementations [5-8]. The first implementation is to utilize
     the fact that few headers in packets are changed during transmission, and embed the secret messages
     into unused or optional fields of protocol headers, such as, IP headers, Transmission Control Protocol
     (TCP) headers, etc. This implementation can support relatively high covert data rate if all specific
     fields are used, but at the expense of potentially disabling the protocols for some specific functions.
     The second one is to encode the secret messages by varying packet rates, which is equivalent to
     modulating the packet timing (the inter-packet times). This implementation provides relatively high
     steganographic transparency, but sacrifices covert data rate and potentially degrades QoS (Quality of
     Service) of the network.

Advances in information Sciences and Service Sciences(AISS)                                                      18
Volume4, Number4, March 2012
doi: 10.4156/AISS.vol4.issue4.3
Implementing Covert Communication over Voice Conversations with Windows Live Messenger
Implementing Covert Communication over Voice Conversations with Windows Live Messenger
             Hui Tian, Ronglie Guo, Jing Lu, Yonghong Chen

   Second, steganography over VoIP can be achieved by embedding secret messages into the payload
of VoIP packets. A direct and practical approach is the least-significant-bits (LSBs) steganography,
which hides the binary bits of secret messages into the LSBs of speech streams [9, 10]. However, the
direct substitution is vulnerable to detection by the steganalysis algorithm proposed in Ref. [10]. Thus,
the secret messages should be encrypted prior to embedding to improve security [11, 12]. Another
challenge for LSBs steganography is to reduce the distortion of the covers as much as possible. Huang
et al. [13] first introduced a LSBs matching steganography to enhance transparency, which can reduce
the distortion of the cover speech in comparison with traditional LSBs steganography, but halve the
maximum embedding capacity. We further presented digital-logic-based encoding strategies for VoIP
steganography, which can enhance the transparency by increasing the similarity between the cover and
the covert message, instead of decreasing the embedding capacity [14]. Moreover, we suggested a
dynamic matrix encoding strategy, which can optionally regulate embedding capacity and embedding
transparency according to user’s requirements in VoIP steganography [15]. Besides the above LSBs
steganographic schemes, some researchers developed other successful approaches. For example, Aoki
[16] proposed a lossless steganographic approach for μ-law of G.711 (PCMU). Xiao et al. [17]
presented a novel codebook partition algorithm for Quantization Index Modulation (QIM), and
proposed a QIM steganographic approach for VoIP. In addition, Huang et al. [18] made a successful
effort on a new steganographic algorithm for embedding data in the inactive frames of VoIP streams
encoded by ITU-T G.723.1 codec.
   Third, there are hybrid steganographic approaches using both the protocol-based steganography and
the payload-based steganography. For example, Mazurczyk et al. [19, 20] proposed a steganography
named LACK for VoIP using lost audio packets, which modifies both the content of VoIP packets and
their time relations. In this approach, the payload of some intentionally delayed packets is employed to
transmit secret messages to the receiver, which is invisible to the unaware eavesdroppers. Moreover,
we presented an adaptive partial-matching steganography for VoIP, which can adaptively strike a
balance between steganographic transparency and steganographic bandwidth by properly setting high
and low thresholds of partial similarity value [21]. In this approach, the speech stream is used to hide
secret messages, and protocol steganography techniques are employed to transmit some signaling bits
and synchronization patterns.
   In the self-built VoIP (S-VoIP) scenario, all the steganographic approaches mentioned above can be
successfully employed to implement covert communications. However, the approaches, which embed
the secret messages into the payloads, are not well suitable for covert communications over the public
VoIP (P-VoIP) systems, such as Skype, Google Talk (GTalk) and MSN voice (VoIP of Windows Live
Messenger), because it is difficult to determine the speech codec adopted for the specific payloads. In
fact, P-VoIP systems either adopt the private speech codec (e.g. Skype), or dynamically choose the
speech codec according to the current network situation (e.g. MSN voice). This may be also the reason
why the area of covert communication over the P-VoIP system is relatively unexplored. Nevertheless,
compared with the S-VoIP systems, the P-VoIP systems possess broader applicability. Hence, covert
communication based on the P-VoIP systems is a subject worthy of thorough studies. In this study, we
focus on a typical P-VoIP system, MSN voice, as the carrier of covert communications.
   In MSN voice, actual voice packets are sent using Real-time Transport Protocol (RTP) and Real-
Time Transport Control Protocol (RTCP) for VoIP calls. As in the TCP/IP headers, there are some
potential fields available for steganography in the RTP/RTCP headers. In this paper, we attempt to
employ RTP and RTCP steganography to achieve secure covert communications.
   The rest of this paper is organized as follows. Section 2 reviews the RTP and RTCP steganography,
and analyzes their application in covert communications based on MSN voice. Section 3 describes the
prototype implementation of the proposed covert communication system and some experimental results.
Finally, concluding remarks are given in Section 4.

2. RTP/RTCP Steganography for MSN Voice Streams
   RTP [22] is extensively employed in communication systems that involve streaming media, such as
VoIP and video teleconference applications. It defines a standardized packet format for real-time audio
and video data over IP networks, and provides end-to-end delivery services in conjunction with RTCP.
Some researchers have paid attention to RTP/RTCP steganography. For example, Mazurczyk et al. [20]

                                                                                                            19
Implementing Covert Communication over Voice Conversations with Windows Live Messenger
             Hui Tian, Ronglie Guo, Jing Lu, Yonghong Chen

first describe the available fields for steganography in theory; Bai et al. [23] also give a theoretical
covert channel using the jitter field of the RTCP headers. In this section, we will further extend the
above research results, and reinvestigate the RTP/RTCP steganography in the MSN voice scenario.

2.1. RTP Steganography in the MSN Voice Scenario

                                      Figure 1. RTP header format

   Figure 1 illustrates the structure of RTP headers. In theory, the shaded fields are potentially used to
hide the secret messages. In what follows, we mainly discuss their possible applications in the covert
communications based on MSN voice.
   The timestamp reflects the sampling instant of the first octet in the RTP data packet [22], and often
increases monotonically. For an audio packet, the timestamp increment (denoted by Δ) is the product of
the sampling rate (denoted by Rs) and the packetization interval (denoted by Tp), namely,
                                               Rs  Tp                                               (1)

   The low-order bits of timestamp can be used to steganography, because they are completely random
and indistinguishable from encrypted data. This character also suggests that the secret message should
be encrypted prior to embedding operation. In the following text, we assume that the secret messages
were encrypted beforehand for ease of description. Further, it should be noted that the steganographic
timestamp need to maintain a monotonic increase. Generally, there are two possible approaches.
   First, the sender can replace the timestamp increment with the secret message, namely, the new
timestamp is the sum of the former timestamp and the secret message. Correspondingly, the receiver
can restitute the secret message by calculating the difference between the current timestamp and the
former one. In this approach, the restituting operations for the RTP packets are strongly correlative. If
the former packet is lost, then the receiver cannot restitute the secret message. Since RTP does not
guarantee delivery, the applicability of this approach is limited.
   Second, the secret message can be embedded into the LSBs of the timestamp. To maintain the
monotonically increasing characteristic, the number of the adopted LSBs (denoted by N) should satisfy
following relation:
                                          N   log 2 ( )                                          (2)

Accordingly, the maximum steganographic bandwidth (denoted by BTS) is
                                           BTS  N Tp                                                  (3)

    In the MSN voice scenario, the packetization interval is 20 ms, i.e. Tp = 20 ms; the sample rate is
16000 Hz, i.e. Rs = 16000 Hz, so the general timestamp increment is 320. However, the timestamp
increment between the silence packet and the followed common packet is a multiple of 320. Anyway,
we can employ maximum 8 LSBs in each timestamp to hide secret messages. Therefore, the maximum
steganographic bandwidth is 400 bps.
    In addition, if the padding bit is set, the RTP packet contains one or more additional padding octets
at the end that are not part of the payload. The last octet of the padding contains a count of the padding
octets including the count itself. The padding field is optional and often not used, which can thereby be
employed to hide secret messages. The maximum capacity of the padding field can reach 254 Bytes.

                                                                                                             20
Implementing Covert Communication over Voice Conversations with Windows Live Messenger
             Hui Tian, Ronglie Guo, Jing Lu, Yonghong Chen

Unfortunately, all MSN audio packets do not contain this field, so steganography based on the field
cannot be applied. If the extension bit is set, the fixed header is followed by one extension header,
which can be used to applied steganography similarly with the padding field. However, no extension
headers appear in normal MSN audio packets, so this field cannot also be adopted.
   Therefore, as stated previously, only the LSBs of the timestamp in RTP headers can be successfully
used to applied steganography in the MSN voice scenario.

2.2. RTCP Steganography in the MSN Voice Scenario

                                  Figure 2. RTCP (SR) header format

    RTCP is a sister protocol of RTP, of which the primary function is to provide out-of-band statistics
and control information for an RTP stream. RTCP defines several packet types to carry a variety of
control information [22], including sender report (SR), receiver report (RR), source description (SDES),
end of participation (BYE) and application-specific message (APP). Each RTCP packet begins with a
fixed header (the first four octets) similar to that of RTP data packets, followed by structured elements
that vary depending on the RTCP packet type. Moreover, multiple RTCP packets can be sent together
as a compound packet in a single packet of the lower layer protocol, such as the compound packet
including SR and SDES, the compound packet including RR and SDES, etc.
    In this section, we mainly focus on the steganography based on SR packets in the MSN voice
scenario. Figure 2 shows the header structure of SR packets. For common RTCP packet, the padding
field similar to that of RTP packet is optional and often not used, which can thereby be used to hide
secret messages, if the padding bit is set. However, in the MSN voice scenario, RTCP packets do not
contain this field, so the field has limited applicability to covert communication. In contrast, the least
significant word (LSW) of the network time protocol (NTP) timestamp provides a nice opportunity to
apply steganography. The NTP timestamp indicates the wallclock time when this report was sent,
which is in seconds relative to 0 h UTC on 1 January 1900. The full resolution NTP timestamp is a 64-
bit unsigned fixed-point number with the integer part in the first 32 bits and the fractional part in the
last 32 bits. Thus, it provides a time scale that rolls over every 232 seconds (136 years) and a theoretical
super-high resolution of 2−32 seconds (233 picoseconds). The function of the NTP timestamp is to
synchronize multiple streams transmitted from separate hosts. Since there is only one stream in peer-to-
peer voice conversations using MSN, the modification of this field will not induce impacts on voice
conversations. Generally, we can employ the LSBs of the LSW to hide secret messages for two reasons.
First, the bits in the LSW are completely random and indistinguishable from encrypted secret messages.
Second, the impact induced by replacing the LSBs of the LSW is negligible, which can be considered
reasonable in the presence of network delays.

                   Figure 3. The steganographic filed in the LSW of NTP timestamp

   Similarly to steganography based on the RTP timestamp, it is necessary and significant to maintain
the monotonically increasing characteristic of the NTP timestamps, so the number of the LSBs, which
can be used for steganography, depends upon the minimum of the NTP timestamp increment. By

                                                                                                               21
Implementing Covert Communication over Voice Conversations with Windows Live Messenger
             Hui Tian, Ronglie Guo, Jing Lu, Yonghong Chen

analyzing the results of package capture, we find that the last 11 bits of the LSW are always 0 in the
MSN voice scenario. Therefore, we can adopt other 21 bits in the LSW at most. However, for the sake
of security, we employ only the middle 11 bits of the LSW, as shown in Figure 3. Since the high 10
bits remain unchanged, the distortion of the NTP timestamp is not more than 2−10 seconds, which is
slight and negligible. If the average transmission interval of RTCP SR packets is 2 seconds, then the
steganographic bandwidth of this approach can achieve 5.5 bps.

3. Implementation and Evaluation

                               Figure 4. The architecture of CovertMSN

   Using above steganographic approaches, we design and implement a covert communication system
based on MSN voice in Windows, called CovertMSN, of which the architecture is shown in Figure 4.
This system mainly consists of the following modules:
   (1) Human machine interface: this module provides a friendly visual operating interface. Figure 5
       shows typical operational views of CovertMSN.

 (a) Transmission of interactive secret messages               (b) Reception of the secret file
                            Figure 5. The operating interface of CovertMSN

   (2) Voice packet capture module: this module aims to intercept and capture the packets produced
       by MSN voice, which is an essential prerequisite for steganography over voice packets.

                                                                                                         22
Implementing Covert Communication over Voice Conversations with Windows Live Messenger
             Hui Tian, Ronglie Guo, Jing Lu, Yonghong Chen

   (3) Packet parsing module: the function of this module is to parse each packet and determine its
       type. The available RTP and RTCP packets will be handed to the covert communication module
       to perform steganography.
   (4) Covert application module: this module provides steganographic applications for users. We
       implement two types of covert-communication functions, namely, interactive secret messages
       and secret files, which are illustrated in Figure 5.
   (5) Covert communication module: this module is the core of the covert communication system,
       which aims to embed secret data into packets at the sender side and extract the secret data from
       corresponding packets at the receiver side. Since RTP on top of UDP often does not provide any
       mechanism to ensure timely delivery or offer other QoS guarantees, we need to design a reliable
       transmission mechanism for secure covert communications. In this work, we introduce sliding-
       window strategy [24] for this problem, which is first presented in Ref. [25].
   (6) Packet processing module: the function of this module is to send packets at the sender side and
       receive packets at the receiver sides. In this module, the steganographic packets are transparent
       and transmit similarly with other original packets.

                                                          MSN Server

                                               Internet

Client A                                                                                              Client B
                                   Figure 6. The experimental scenario
    We evaluate the proposed steganographic approaches in CovertMSN, and set up the experimental
scenario as shown in Figure 6. In the scenario, covert communications can be performed successfully,
which suggests that the embedded secret messages under cover of MSN voice streams can easily pass
through firewalls and other monitor equipment without being undetected. In the experiments, we also
measure the practical covert data rates, as shown in Table 1. The practical covert data rates are smaller
than the theoretic maximum steganographic bandwidths, which are mainly caused by the following two
reasons: (1) the practical packetization intervals are sometimes larger than the theoretic ones; (2) the
slight packet loss is not a significant concern for MSN voice, however, will induce the retransmission
of the missing secret data and thereby decrease the effective data rates.

                    Table 1. Data rates of the proposed steganographic approaches
                                               Theoretic maximum              Practical covert
     Steganographic approaches              steganographic bandwidth              data rates
                                                       (bps)                        (bps)
     Steganography based on RTP
               timestamp                                400                          335
             (Section 2.1)
     Steganography based on NTP
                                                        5.5                          5.1
        timestamp (Section 2.2)

   In addition, we further compare the differences between the original fields and their steganographic
versions. We investigate the statistical characteristics of the incremental values of RTP timestamps and
NTP timestamps as against their initial values before and after steganographic operations respectively.
The statistical results are illustrated in Figure 7 and Figure 8. As shown in Figure 7, the steganographic

                                                                                                                 23
Implementing Covert Communication over Voice Conversations with Windows Live Messenger
             Hui Tian, Ronglie Guo, Jing Lu, Yonghong Chen

RTP timestamps show a monotonically increasing trend in a macroscopic fashion, which is compatible
with the actual characteristic of common RTP timestamps. In a microscopic fashion, we would like to
point out that the general increment of RTP timestamps in a MSN voice conversation is 320, but the
increments of steganographic RTP timestamps fluctuate around 320. This difference may be a potential
threat to the steganographic approach based on the RTP timestamps if the attackers well know this rule
and are capable of capturing all the steganographic RTP packets. However, the recognition of the
specific RTP packet stream in enormous network traffic is a very perplexing and challenging problem,
so such a type of covert communication is still hard to discover.

   Figure 7. The statistical characteristic of the incremental values of RTP timestamps as against the
                        initial value before and after steganographic operations

    From Figure 8, we can learn that the statistical characteristic of the steganographic NTP timestamps
is exactly accordant with the actual characteristic of the original ones. Moreover, the NTP timestamp
increments are irregular and unpredictable, so they can provide excellent transparency (imperceptibility)
for the covert communication.

   Figure 8. The statistical characteristic of the incremental values of NTP timestamps as against the
                        initial value before and after steganographic operations

                                                                                                            24
Implementing Covert Communication over Voice Conversations with Windows Live Messenger
             Hui Tian, Ronglie Guo, Jing Lu, Yonghong Chen

   To sum up, the proposed steganographic approaches are feasible and effective for achieve the secure
covert communications over MSN voice. Compared with the steganographic approach based on the
RTP timestamps, the steganographic approach using the NTP timestamps of RTCP packets can provide
better transparency but a smaller steganographic bandwidth. Therefore, which approach will be chosen
to perform the covert communication is often depended on the specific requirement for steganographic
security and bandwidth.

4. Conclusions
    In this paper, we presented two steganographic approaches for covert communications over MSN
voice. One is to utilize LSBs of the timestamp in the RTP header, and the other is to employ the middle
11 bits of the LSW of the NTP timestamp in the RTCP SR header. Using the above approaches, we
designed and implemented a covert communication system based on MSN voice in Windows, called
CovertMSN. This system can be successfully performed in a wide area network environment, which
suggests the embedded secret messages under cover of MSN voice streams can be easily sent through
firewalls and other monitor equipment without being undetected. Furthermore, the statistical results
indicate that the proposed steganographic approaches can provide good security and transparency for
covert communications. In comparison with the steganographic approach based on the RTP timestamps,
the steganographic approach using the RTCP SR NTP timestamps can provide better steganographic
transparency but a smaller steganographic bandwidth. Therefore, one needs to choose the appropriate
approach in accordance with the specific requirement for steganographic security and bandwidth.

5. Acknowledgements
   This work was supported in part by Natural Science Foundation of Fujian Province of China under
Grant No. 2011J05151, Scientific Research Foundation of National Huaqiao University under Grant
No. 11BS210, Fundamental Research Funds for the Central Universities under Grant No. JB-ZR1131
and No. JB-ZR1148, and Science and Technology Planning Project of Fujian Province of China under
Grant No. 2011H6016.

6. References
[1] Niels Provos, Peter Honeyman, “Hide and Seek: An Introduction to Steganography”, IEEE
    Security & Privacy Magazine, vol. 1, no. 3, pp. 32–44, 2003.
[2] Zuwei Tian, Xingming Sun, Hengfu Yang, "Information Hiding Algorithm based on PE File Icon
    Resource", Journal of Convergence Information Technology, vol. 6, no. 6, pp. 469–475, 2011.
[3] Lingyun Xiang, Xingming Sun, Gang Luo, Bin Xia, "Steganalysis of Syntactic Transformation
    based Steganography", International Journal of Digital Content Technology and its Applications,
    vol. 5, no. 5, pp. 320–330, 2011.
[4] Bur Goode, "Voice over Internet protocol (VoIP)", Proceedings of the IEEE, vol. 90, no. 9, pp.
    1495–1517, 2002.
[5] Steven J. Murdoch, Stephen Lewis, “Embedding Covert Channels into TCP/IP”, In Proceedings of
    the 7th Information Hiding workshop, pp. 247-262, 2005.
[6] Sebastian Zander, Grenville Armitage, Philip Branch, “A Survey of Covert Channels and
    Countermeasures in Computer Network Protocols”, IEEE Communications Surveys and Tutorials,
    vol. 1, no. 3, 44-57, 2007.
[7] Xiapu Luo, Edmond W. W. Chan, Rocky K. C. Chang, “TCP Covert Timing Channels: Design
    and Detection”, In Proceedings of the 38th IEEE/IFIP International Conference on Dependable
    Systems and Networks (DSN), pp. 420-429, 2008.
[8] Yali Liu, Dipak Ghosal, Frederik Armknecht, Ahmad-Reza Sadeghi, Steffen Schulz, Stefan
    Katzenbeisser, “Robust and Undetectable Steganographic Timing Channels for i.i.d. Traffic”, In
    Proceedings of the12th Information Hiding workshop, pp. 193–207, 2010.
[9] Chungyi Wang, Quincy Wu, “Information Hiding in Real-time VoIP Streams”, In Proceedings of
    the 9th IEEE International Symposium on Multimedia, pp. 255–262, 2007.

                                                                                                          25
Implementing Covert Communication over Voice Conversations with Windows Live Messenger
             Hui Tian, Ronglie Guo, Jing Lu, Yonghong Chen

[10] Jana Dittmann, Danny Hesse, Reyk Hillert, “Steganography and Steganalysis in Voice over IP
     Scenarios: Operational Aspects and First Experiences with a New Steganalysis Tool Set”, In
     Proceedings of SPIE, Security, Steganography, and Watermarking of Multimedia Contents VII,
     pp. 607–618, 2005.
[11] Christian Krätzer, Jana Dittmann, Thomas Vogel, Reyk Hillert, “Design and Evaluation of
     Steganography for Voice-over-IP”, In Proceedings of the 2006 IEEE International Symposium on
     Circuits and Systems, pp. 2397–2340, 2006.
[12] Hui Tian, Ke Zhou, Yongfeng Huang, Jin Liu, Dan Feng, “A Covert Communication Model Based
     on Least Significant Bits Steganography in Voice over IP”, In Proceedings of the 9th International
     Conference for Young Computer Scientists, pp. 647–652, 2008.
[13] Yongfeng Huang, Bo Xiao, Honghua Xiao, “Implementation of Covert Communication Based on
     Steganography”, In Proceedings of the 2008 International Conference on Intelligent Information
     Hiding and Multimedia Signal Processing, pp. 1512–1515, 2008.
[14] Hui Tian, Ke Zhou, Hong Jiang, Dan Feng, “Digital Logic Based Encoding Strategies for Voice-
     over-IP Steganography”, In the Proceedings of the 17th ACM Multimedia conference, pp. 777–
     800, 2009.
[15] Hui Tian, Ke Zhou, Dan Feng, “Dynamic Matrix Encoding Strategy for Voice-over-IP
     Steganography”, Journal of Central South University of Technology, vol. 17, no. 6, pp. 1285−
     1292, 2010.
[16] Naofumi Aoki, “A Technique of Lossless Steganography for G.711 Telephony Speech”, In
     Proceedings of the 2008 International Conference on Intelligent Information Hiding and
     Multimedia Signal Processing, pp. 608–611, 2008.
[17] Bo Xiao, Yongfeng Huang, Shanyu Tang, “An Approach to Information Hiding in Low Bit-Rate
     Speech Stream”, In Proceedings of the 2008 IEEE Global Telecommunications Conference, pp.1–
     5, 2008.
[18] Yongfeng Huang, Shanyu Tang, Jian Yuan, "Steganography in Inactive Frames of VoIP Streams
     Encoded by Source Codec", IEEE Transactions on Information Forensics and Security, vol. 6, no.
     2, pp. 296–306, 2011.
[19] Wojciech Mazurczyk, Krzysztof Szczypiorski, “Steganography of VoIP Streams”, In Proceedings
     of OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE,
     pp. 1001-1018, 2008.
[20] Wojciech Mazurczyk, Józef Lubacz, “LACK – a VoIP Steganographic Method”, Journal of
     Telecommunication Systems, vol. 45, no. 2-3, pp. 153–163, 2010.
[21] Hui Tian, Hong Jiang, Ke Zhou, Dan Feng, “Adaptive Partial-Matching Steganography for Voice
     over IP Using Triple M Sequences”, Computer Communications, vol. 34, no. 18, pp. 2236− 2247,
     2011.
[22] Henning Schulzrinne, Stephen Casner, Ron Frederick, Van Jacobson, “RTP: A Transport Protocol
     for Real-Time Applications”, IETF RFC 3550, 2003.
[23] Linda Yunlu Bai, Yongfeng Huang, Guannan Hou, Bo Xiao, "Covert Channels Based on Jitter
     Field of the RTCP Header", In Proceedings of the 2008 International Conference on Intelligent
     Information Hiding and Multimedia Signal Processing, pp. 1388–1391, 2008.
[24] Andrew Stuart Tanenbaum, “Computer Networks (5th ed.)”, Prentice Hall, USA, 2010.
[25] Bo Xiao, Yongfeng Huang, “Modeling and Optimizing of the Information Hiding Communication
     System over Streaming Media”, Journal of Xidian University, vol. 35, no. 3, pp. 554–558.

                                                                                                          26
You can also read