Biblio

The increasing diffusion of malware endowed with steganographic techniques requires to carefully identify and evaluate a new set of threats. The creation of a covert channel to hide a communication within network traffic is one of the most relevant, as it can be used to exfiltrate information or orchestrate attacks. Even if network steganography is becoming a well-studied topic, only few works focus on IPv6 and consider real network scenarios. Therefore, this paper investigates IPv6 covert channels deployed in the wild. Also, it presents a performance evaluation of six different data hiding techniques for IPv6 including their ability to bypass some intrusion detection systems. Lastly, ideas to detect IPv6 covert channels are presented.

Even if information hiding can be used for licit purposes, it is increasingly exploited by malware to exfiltrate data or to coordinate attacks in a stealthy manner. Therefore, investigating new methods for creating covert channels is fundamental to completely assess the security of the Internet. Since the popularity of the carrier plays a major role, this paper proposes to hide data within VoIP traffic. Specifically, we exploit Voice Activity Detection (VAD), which suspends the transmission during speech pauses to reduce bandwidth requirements. To create the covert channel, our method transforms a VAD-activated VoIP stream into a non-VAD one. Then, hidden information is injected into fake RTP packets generated during silence intervals. Results indicate that steganographically modified VAD-activated VoIP streams offer a good trade-off between stealthiness and steganographic bandwidth.