Real-time Steganography

This paper defines ``real-time'' use of steganography as the utilization of steganographic techniques to embed message data within an active, or real-time, media stream. The research and reference implementation presented herein focuses on VoIP call audio as the active media stream being targeted as cover-medium.

Nearly all uses of steganography targeting audio cover-medium in general, or VoIP cover-medium specifically, that were evaluated prior to performing this research were found to operate on a target cover-medium as a storage channel and provided separate ``hide'' and ``retrieve'' modes. In addition, most cover-medium that were targeted by such implementations were of a static nature such as WAV or MP3 files or were unidirectional such as streaming stego-audio to a recipient.

A few weeks prior to the research contained herein being initially presented[14] at the DEFCON 15[15] hacker conference on August 3rd through 5^th 2007, another use of steganography in a real-time fashion was made public via a research effort entitled Vo²IP[16]. An analysis of this research effort and its deficiencies has been included in an updated version of the previously mentioned analysis paper[13].

• Context Terminology
• RTP Payload Redundant Bits
  • Audio Word Size
  • Common VoIP Audio Codecs
  • G.711 (alaw/ulaw)
    • Throughput
  
  
• Identified Problems and Challenges
  • Unreliable Transport
  • Cover-Medium Size Limitations
  • Latency
  • Tracking of RTP Streams
  • Raw vs. Compressed Audio
    • Lossy vs. Lossless Compression
  • Media Gateway Audio Modifications
    • Audio Codec Conversion
    • Down-sampling and Normalization
    • Audio Stream Mixing
  • Mid-session Audio Codec Change