Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Privacy in Digital Business

TrustBus 2015: Trust, Privacy and Security in Digital Business pp 48–59Cite as

Hidden in Plain Sight. SDP-Based Covert Channel for Botnet Communication

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9264))

Abstract

Covert channels pose a significant threat for networking systems. In this paper, we examine the exploitation of Session Description Protocol (SDP) information residing in Session Initiation Protocol (SIP) requests with the aim to hide data in plain sight. While a significant mass of works in the literature cope with covert communication channels, only a very limited number of them rely on SIP to realize its goals. Also, none of them concentrates on SDP data contained in SIP messages to implement and evaluate such a hidden communication channel. Motivated by this fact, the work at hand proposes and demonstrates the feasibility of a simple but very effective in terms of stealthiness and simplicity SIP-based covert channel for botnet Command and Control (C&C). As a side contribution, we assess the soundness and the impact of such a deployment at the victim’s side via the use of two different types of flooding attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Mohr, C.: Report: Global voip services market to reach 137 billion by 2020, November 2014. http://www.tmcnet.com/channels/hosted-softswitch/articles/393593-report-global-voip-services-market-reach-137-billion.htm

  2. Keromytis, A.D.: A comprehensive survey of voice over ip security research. IEEE Commun. Surv. Tutorials 14(2), 514–537 (2012)

    Article  Google Scholar 

  3. Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., et al.: Survey of security vulnerabilities in session initiation protocol. IEEE Commun. Surv. Tutorials 8(3), 68–81 (2006)

    Article  Google Scholar 

  4. Handley, M. et al.: Sdp: session description protocol. RFC 4566, US (2006)

    Google Scholar 

  5. Anagnostopoulos, M., Kambourakis, G., Kopanos, P., Louloudakis, G., Gritzalis, S.: Dns amplification attack revisited. Comput. Secur. 39, 475–485 (2013)

    Article  Google Scholar 

  6. Silva, S.S.C., Silva, R.M.P., Pinto, R.C.G., Salles, R.M.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)

    Article  Google Scholar 

  7. Wang, P., Wu, L., Aslam, B., Zou, C.C.: A systematic study on peer-to-peer botnets. In: IEEE ICCCN 2009, pp. 1–8, August 2009

    Google Scholar 

  8. Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Secure Comput. 7(2), 113–127 (2010)

    Article  Google Scholar 

  9. Geneiatakis, D., Kambourakis, G., Lambrinoudakis, C., Gritzalis, T.S.: A framework for protecting a sip-based infrastructure against malformed message attacks. Comput. Netw. 51(10), 2580–2593 (2007)

    Article  MATH  Google Scholar 

  10. Sip service providers and carriers (2015). http://www.cs.columbia.edu/sip/service-providers.html

  11. Rosenberg, J., et al.: Sip: session initiation protocol. IETF RFC 3261, US (2002)

    Google Scholar 

  12. Mills, D.: Network time protocol (version 3) specification, implementation. RFC 1305, US (1992)

    Google Scholar 

  13. O’Doherty, P., Ranganathan, M.: JAIN SIP Tutorial - Serving the Developer Community, Technical report (2003)

    Google Scholar 

  14. Kamailio the open source sip server (2014). http://www.kamailio.org/w/

  15. Berger, A., Hefeeda, M.: Exploiting sip for botnet communication. In: IEEE NPSec 2009, pp. 31–36, October 2009

    Google Scholar 

  16. Mazurczyk, W., Szczypiorski, K.: Covert channels in sip for voip signalling. In: Jahankhani, H., Revett, K., Palmer-Brown, D. (eds.) Global E-Security. CCIS, vol. 12, pp. 65–72. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  17. Zhao, H., Zhang, X.: Sip steganalysis using chaos theory. In: IEEE CMCSN 2012, pp. 95–100, July 2012

    Google Scholar 

  18. Takahashi, T., Lee, W.: An assessment of voip covert channel threats. In: IEEE SecureComm 2007, pp. 371–380, September 2007

    Google Scholar 

  19. Mazurczyk, W., Szczypiorski, K.: Steganography of VoIP streams. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1001–1018. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  20. Mazurczyk, W., Kotulski, Z.: Covert channel for improving voip security. In: Pejaś, J., Saeed, K. (eds.) Advances in Information Processing and Protection, pp. 271–280. Springer, US (2007)

    Chapter  Google Scholar 

Download references

Acknowledgements

This paper is part of the 5179 (SCYPE) research project, implemented within the context of the Greek Ministry of Development-General Secretariat of Research and Technology funded program “Excellence II / Aristeia II”, co-financed by the European Union/European Social Fund - Operational program “Education and Life-long Learning” and National funds.

Author information

Authors and Affiliations

  1. Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Greece

    Zisis Tsiatsikas, Marios Anagnostopoulos, Georgios Kambourakis & Sozon Lambrou

  2. Electrical and Computer Engineering Department, Aristotle University of Thessaloniki, 541 24, Thessaloniki, Greece

    Dimitris Geneiatakis

Authors
  1. Zisis Tsiatsikas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marios Anagnostopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Georgios Kambourakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sozon Lambrou
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dimitris Geneiatakis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zisis Tsiatsikas .

Editor information

Editors and Affiliations

  1. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  2. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  3. University of Malaga, Málaga, Spain

    Javier López

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Tsiatsikas, Z., Anagnostopoulos, M., Kambourakis, G., Lambrou, S., Geneiatakis, D. (2015). Hidden in Plain Sight. SDP-Based Covert Channel for Botnet Communication. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22906-5_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22905-8

  • Online ISBN: 978-3-319-22906-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation