一种基于闭源流媒体的隐蔽通讯方法

doi:10.11896/j.issn.1002-137X.2019.09.021

摘要/Abstract

摘要： 隐蔽信道代表无法预见的通信方法,其利用授权的公开通信作为隐蔽消息的载体介质。隐蔽通道可以是一种安全有效的传输隐藏在明显流量中的机密信息的方式。已有的基于流媒体的隐蔽信道往往由于建立起了新的通讯链接而容易被监测到。鉴于此,文中对经过流媒体服务器的数据包进行了针对性的测试和研究,研究发现已有的闭源流媒体不对经过服务器的数据包进行严格检查,并发现数据包在修改部分数据后依然可达终端。基于以上事实,文中通过探究经过服务器修改后的数据包的数据位分布规律,建立了一个基于闭源流媒体的隐蔽通道。为了提高数据包的熵值,使用高效且小巧的speck算法对数据包的内容进行加密。为了实时监测现有链接和实时流量,文中将防火墙串联在网络结构中,并借助防火墙对网络连接和通讯质量进行监测。实验数据表明,所提方法不会增加网络连接的数目,也不会影响通讯质量,而且能够兼容多种流媒体设备,并且表明了所提方法实用且不容易被检测到。不仅如此,由于此隐蔽信道搭载在闭源流媒体上,隐蔽信息的传输效率较高。上述结果表明,基于现有的闭源流媒体软件的通讯流而建立起隐蔽信道的方法是可行的,且该方法在对数据包的内容进行加密后,具有较强的隐蔽性。

关键词: VoIP, 多媒体流, 即时通讯, 流量分析, 隐蔽通道

Abstract: A covert channel represents an unforeseen method of communication that utilizes authorized public communication as a carrier medium for covert messages.A covert channel can be a safe and efficient way to transmit confidential information hidden in explicit traffic.Existing streaming-based covert channels are often easily detected due to the establishment of new communication links.For this reason,this paper conducted targeted tests and research on data pa-ckets passing through the streaming media server.It is found that the existing closed source streaming media does not strictly check the data packets passing through the server,and the data packets can still reach the termina lafter modi-fying some data.Based on the above facts,this paper established a hidden channel based on closed source streaming media by exploring the data bit distribution rules of the modified data packets through the server.In order to improve the entropy value of the data packet,this paper used an efficient and compact speck algorithm to encrypt the packet content.In order to monitor existing links and real-time traffic in real time,the firewalls were connected in series in the network structure,and the network connection and communication quality were monitored by a firewall.Experimental data show that this method does not increase the number of network connections and does not affect the communication qua-lity,and it is compatible with a variety of streaming media devices,showing that this method is practical and not easily detected.Moreover,since the hidden channel is mounted on the closed source streaming medium,the transmission efficiency of the covert information is high.The above results show that the method of establishing a covert channel based on the communication flow of the existing closed source streaming media software is feasible,and has strong concealment after encrypting the content of the data packet.

Key words: Covert channels, Instant messaging, Multimedia stream, Traffic analysis, VoIP

中图分类号:

TP393

郭崎, 崔竞松. 一种基于闭源流媒体的隐蔽通讯方法[J]. 计算机科学, 2019, 46(9): 150-155. https://doi.org/10.11896/j.issn.1002-137X.2019.09.021

GUO Qi, CUI Jing-song. Covert Communication Method Based on Closed Source Streaming Media[J]. Computer Science, 2019, 46(9): 150-155. https://doi.org/10.11896/j.issn.1002-137X.2019.09.021

参考文献

[1]MAZURCZYK W.VoIP Steganography and Its Detection-ASurvey[J].ACM Computing Surveys,2012,46(2):1-21.
[2]DANG T D,SONKOLY B,MOLNÁR S.Fractal analysis andmodeling of VoIP traffic[C]//11th International Telecommunications Network Strategy and Planning Symposium.Vienna:IEEE,2004:123-130.
[3]AZFAR A,CHOO K K R,LIU L.A study of ten popular Android mobile VoIP applications:Are the communications encrypted?[C]//2014 47th Hawaii International Conference on System Sciences.Waikoloa:IEEE,2014:4858-4867.
[4]LI B,MA M,JIN Z.A VoIP traffic identification scheme based on host and flow behavior analysis[J].Journal of Network and Systems Management,2011,19(1):111-129.
[5]LV S C.Content filtering and analysis of instant messaging systems [D].Chengdu:University of Electronic Science and Technology of China,2012.(in Chinese)吕世超.即时通信系统内容过滤和分析研究[D].成都:电子科技大学,2012.
[6]WANG H T,FU Y.Instant Communication—Principles,Technologies and Applications[J].Information and CommunicationTechnology,2010,4(3):34-40.(in Chinese)王海涛,付鹰.即时通信——原理、技术和应用[J].信息通信技术,2010,4(3):34-40.
[7]ZHENG L F,XIN Y.Analysis and Implementation of Instant Messaging Software Protocol Based on DPI[J].Information Network Security,2016(1):51-58.(in Chinese)郑丽芬,辛阳.基于DPI的即时通信软件协议分析与实现[J].信息网络安全,2016(1):51-58.
[8]JIA Z X.Design and implementation of real-time chat tool based on IOS system [D].Beijing:University of Chinese Academy of Sciences,2015.(in Chinese)贾侦修.基于IOS系统的即时聊天工具的设计与实现[D].北京:中国科学院大学,2015.
[9]LI L P,WANG J H.Secret Communication Using Covert Channels in Network Transmission[J].Computer Science,2009,36(5):115-117.(in Chinese)李丽萍,王建华.网络传输中采用隐蔽通道实现秘密通信[J].计算机科学,2009,36(5):115-117.
[10]YAN Y X.Research on an instant messaging system based on UDP protocol [D].Dalian:Dalian Maritime University,2008.(in Chinese)燕永新.一种基于UDP协议的即时通信系统的研究[D].大连:大连海事大学,2008.
[11]WANG Y G,WU J Z,ZENG H T,et al.Research on Covert Channel [J].Journal of Software,2010,21(9):2262-2288.(in Chinese)王永吉,吴敬征,曾海涛,等.隐蔽信道研究[J].软件学报,2010,21(9):2262-2288.
[12]DONG L P,CHEN X Y,YANG Y J,et al.Implementation and Dection of Network Covert Channel [J].Computer Science,2015,42(7):216-221.(in Chinese)董丽鹏,陈性元,杨英杰,等.网络隐蔽信道实现机制及检测技术研究[J].计算机科学,2015,42(7):216-221.
[13]CABUK S,BRODLEY C E,SHIELDS C.IP covert timing channels:design and detection[C]//Proceedings of the 11th ACM conference on Computer and communications security.New York:ACM,2004:178-187.
[14]MAZURCZYK W,LUBACZ J.LACK－a VoIP steganographic method[J].Telecommunication Systems,2010,45(2／3):153-163.
[15]ZHAO H,SHI Y Q,ANSARI N.Hiding Data in MultimediaStreaming over Networks[C]//2010 8th Annual Communication Networks and Services Research Conference.Canada:IEEE,2010:50-55.
[16]SWANSON M D,KOBAYASHI M,TEWFIK A H.Multimedia data-embedding and watermarking technologies[J].Proceedings of the IEEE,1998,86(6):1064-1087.
[17]ZHANG X,LIANG C,ZHANG Q,et al.Building covert timing channels by packet rearrangement over mobile networks[J].Information Sciences,2018,445-446:66-78.
[18]MAZURCZYK W,SZCZYPIORSKI K.Steganography of VoIP streams[C]//OTM Confederated International Conferences On the Move to Meaningful Internet Systems.Berlin:Springer Heidelberg,2008:1001-1018.
[19]MAZURCZYK W.Lost audio packets steganography:the firstpractical evaluation[J].Security and Communication Networks,2012,5(12):1394-1403.
[20]ZHANG X,TAN Y A,LIANG C,et al.A Covert Channel Over VoLTE via Adjusting Silence Periods[J].IEEE Access,2018,6:9292-9302.
[21]LATHAM D C.Department of defense trusted computer system evaluation criteria:DoD 5200.28-STD [S].Department of Defense,1985.
[22]REZAEI F,HEMPEL M,SHARIF H.Towards a reliable detection of covert timing channels over real-time network traffic[J].IEEE Transactions on Dependable and Secure Computing,2017,14(3):249-264.

相关文章 15

[1]	庞兴龙, 朱国胜. 基于半监督学习的网络流量分析研究 Survey of Network Traffic Analysis Based on Semi Supervised Learning 计算机科学, 2022, 49(6A): 544-554. https://doi.org/10.11896/jsjkx.210600131
[2]	宁玉辉, 姚喜. 一种应急指挥系统的设计与实现 Design and Implementation of Emergency Command System 计算机科学, 2021, 48(6A): 613-618. https://doi.org/10.11896/jsjkx.201000136
[3]	王斌,梁银平,岳鹏,李杰,张立海. 全国地质钻孔数据库服务平台网站流量分析与研究 Research and Analysis on Throughout of National Geological Drilling Database Service Platform Website 计算机科学, 2017, 44(Z6): 577-581. https://doi.org/10.11896/j.issn.1002-137X.2017.6A.130
[4]	姚力,刘强. VoIP中一种基于WebRTC的回声消除改进算法 VoIP Acoustic Echo Cancellation Algorithm Based on WebRTC 计算机科学, 2017, 44(Z6): 309-311. https://doi.org/10.11896/j.issn.1002-137X.2017.6A.070
[5]	杨鹏,赵辉,鲍忠贵. 网络时间隐蔽通道的拟合模型特性研究 Analysis on Fitting Model of Network Covert Timing Channel 计算机科学, 2017, 44(1): 145-148. https://doi.org/10.11896/j.issn.1002-137X.2017.01.028
[6]	林旺,田洪现. 基于SIP协议的嵌入式VoIP语音终端实现和协议分析 Implementation and Protocol Analysis of Embedded VoIP Voice Terminal Based on SIP 计算机科学, 2016, 43(6): 86-90. https://doi.org/10.11896/j.issn.1002-137X.2016.06.018
[7]	蒋波,李陶深,葛志辉. 缓存门限自适应调整的智能手机节能研究 Research of Smartphone Energy Saving Based on Buffer Threshold Adaptive Adjustment 计算机科学, 2016, 43(1): 137-140. https://doi.org/10.11896/j.issn.1002-137X.2016.01.031
[8]	羊秋玲,金志刚,黄向党. 基于QoE的VoIP带宽分配机制研究 Research on QoE-based Bandwidth Allocation Mechanism for VoIP 计算机科学, 2014, 41(5): 102-106. https://doi.org/10.11896/j.issn.1002-137X.2014.05.022
[9]	颜若愚. 基于流量矩阵和Kalman滤波的DDoS攻击检测方法 DDoS Attacks Detection Method Based on Traffic Matrix and Kalman Filter 计算机科学, 2014, 41(3): 176-180.
[10]	段宗曜,饶水林. 信息化建设在高校校园中的实现模式研究 Study of the Implementation Model of Information Construction in Campus 计算机科学, 2013, 40(Z11): 417-420.
[11]	丁要军,蔡皖东,姚烨. 基于UDP统计指印混合模型的VoIP流量识别方法 VoIP Traffic Identification Based on UDP Statistical Fingerprinting Mixture Models 计算机科学, 2013, 40(9): 136-140.
[12]	李钦德，周文安，马飞，宋俊德. 基于RTP/RTCP的VoIP智能切换技术的实现方法研究 Research on the Implementation of Intelligent Handoff Technique of VoIP Based on RTP/RTCP 计算机科学, 2011, 38(2): 68-71.
[13]	李丽萍王建华. 网络传输中采用隐蔽通道实现秘密通信计算机科学, 2009, 36(5): 115-117.
[14]	夏耐林志强茅兵谢立. 隐蔽通道发现技术综述计算机科学, 2006, 33(12): 1-5.
[15]	傅鹤岗周振东. IEEES02．11b无线局域网的VoIP通信容量计算及分析计算机科学, 2006, 33(10): 51-54.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed