TY - JOUR
T1 - A payload-dependent packet rearranging covert channel for mobile VoIP traffic
AU - Liang, Chen
AU - Wang, Xianmin
AU - Zhang, Xiaosong
AU - Zhang, Yu
AU - Sharif, Kashif
AU - Tan, Yu an
N1 - Publisher Copyright:
© 2018 Elsevier Inc.
PY - 2018/10
Y1 - 2018/10
N2 - VoIP (Voice over Internet Protocol) is one of the most prevalent services for the mobile users. An enormous amount of audio and video data is transmitted over VoIP communication continuously, to make it potentially available for stealth message transfer. The existing covert channel schemes focus on modifying packet payload or inter-packet delays, the former kind is easy to be detected since a minor modification may lead to distinct abnormalities, while the latter is too sensitive to network jitter due to its short inter-packet delays. Hence, to effectively construct covert channel becomes a challenge, and requires investigation in using mobile VoIP traffic for robust and stealthy covert communication. In this paper, we propose a covert channel scheme which communicates by rearranging the packet sending sequences while keeps the undetectability and robustness. Unlike the existed packet rearranging covert channels which may concentrate on packet rearranging according to the existed packet features such as packet id and packet length, the proposed scheme focuses on building packet rearranging covert channel whose function is regardless of the variation on legitimate traffic. According to the hash value of the payload, the packets are classified into delimiter packets and carrier packets, and the covert message is embedded onto a number of carrier packets (NoCP) between the relative delimiter packets. Moreover, to mitigate the interference from channel noise, the differences between two correlative NoCPs are utilized as the codewords by redundantly partitioning their values into 1-bit symbols. The channel parameters are adjustable to trade off between the efficiency and security. The corresponding experiments are conducted over three kinds of typical mobile VoIP traffics to evaluate the undetectability, robustness and throughput of our scheme. Results of the BER (bit error rate) and KS (Kolmogorov-Smirnov) test show that the scheme is robust and stealthy.
AB - VoIP (Voice over Internet Protocol) is one of the most prevalent services for the mobile users. An enormous amount of audio and video data is transmitted over VoIP communication continuously, to make it potentially available for stealth message transfer. The existing covert channel schemes focus on modifying packet payload or inter-packet delays, the former kind is easy to be detected since a minor modification may lead to distinct abnormalities, while the latter is too sensitive to network jitter due to its short inter-packet delays. Hence, to effectively construct covert channel becomes a challenge, and requires investigation in using mobile VoIP traffic for robust and stealthy covert communication. In this paper, we propose a covert channel scheme which communicates by rearranging the packet sending sequences while keeps the undetectability and robustness. Unlike the existed packet rearranging covert channels which may concentrate on packet rearranging according to the existed packet features such as packet id and packet length, the proposed scheme focuses on building packet rearranging covert channel whose function is regardless of the variation on legitimate traffic. According to the hash value of the payload, the packets are classified into delimiter packets and carrier packets, and the covert message is embedded onto a number of carrier packets (NoCP) between the relative delimiter packets. Moreover, to mitigate the interference from channel noise, the differences between two correlative NoCPs are utilized as the codewords by redundantly partitioning their values into 1-bit symbols. The channel parameters are adjustable to trade off between the efficiency and security. The corresponding experiments are conducted over three kinds of typical mobile VoIP traffics to evaluate the undetectability, robustness and throughput of our scheme. Results of the BER (bit error rate) and KS (Kolmogorov-Smirnov) test show that the scheme is robust and stealthy.
KW - Covert channel
KW - Mobile VoIP
KW - Packet rearranging
KW - UDP traffics
UR - http://www.scopus.com/inward/record.url?scp=85050086523&partnerID=8YFLogxK
U2 - 10.1016/j.ins.2018.07.011
DO - 10.1016/j.ins.2018.07.011
M3 - Article
AN - SCOPUS:85050086523
SN - 0020-0255
VL - 465
SP - 162
EP - 173
JO - Information Sciences
JF - Information Sciences
ER -