THE next time your internet (VoIP) phone call sounds a bit fuzzy, it might not be your ISP that鈥檚 to blame. Someone could be trying to squeeze a secret message between the packets of data carrying the caller鈥檚 voice.
Wojciech Mazurczyk and Krzysztof Szczypiorski, information scientists at the Institute of Telecommunications in Warsaw, Poland, revealed last week that they are developing a 鈥渟teganographic鈥 system for VoIP networks (). Steganography is the art of hiding messages by embedding them in ordinary communications. For example, a message can be encoded as a string of numbers which are used to modify the brightness and colour of an image. The effect is too subtle to be noticed by unwitting observers but the message can be deciphered with appropriate software by anyone who knows it鈥檚 there.
Now the Polish researchers have worked out how to use internet phone calls rather than images as the carrier. 鈥淭he idea is simple,鈥 says Mazurczyk: you replace some of the voice data packets that you are sending with the hidden message. This is possible because VoIP uses a data transmission routine called the User Datagram Protocol (UDP). Unlike the more familiar TCP, which delivers web pages and emails, UDP does not guarantee that packets will arrive in the same order they were sent: they may arrive out of order, be duplicated or simply go missing. The fact that the voice message can survive when VoIP packets are lost means that some of them can be used for another message 鈥 the hidden one.
Advertisement
鈥淭he idea is simple: replace some of the voice data with a hidden message鈥
鈥淲e intentionally hold on to secret message packets for some time before sending them. This means when they are received they will not be treated as voice packets but as lost ones,鈥 explains Mazurczyk. The researchers are trying to minimise the number of packets used to avoid degradation of audio quality 鈥 which could be a giveaway to any eavesdropper who suspects there is a message hidden in the call.
鈥淚t鈥檚 an interesting proposal: it makes sense to hide data in a VoIP payload,鈥 says Tyler Moore, a computer security engineer at the University of Cambridge. However, he warns that while the message may be hidden, the identities of the callers aren鈥檛 鈥 and that鈥檚 often all a snooper needs to know.