Abstract
Covert channels pose a significant threat for networking systems. In this paper, we examine the exploitation of Session Description Protocol (SDP) information residing in Session Initiation Protocol (SIP) requests with the aim to hide data in plain sight. While a significant mass of works in the literature cope with covert communication channels, only a very limited number of them rely on SIP to realize its goals. Also, none of them concentrates on SDP data contained in SIP messages to implement and evaluate such a hidden communication channel. Motivated by this fact, the work at hand proposes and demonstrates the feasibility of a simple but very effective in terms of stealthiness and simplicity SIP-based covert channel for botnet Command and Control (C&C). As a side contribution, we assess the soundness and the impact of such a deployment at the victim’s side via the use of two different types of flooding attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Mohr, C.: Report: Global voip services market to reach 137 billion by 2020, November 2014. http://www.tmcnet.com/channels/hosted-softswitch/articles/393593-report-global-voip-services-market-reach-137-billion.htm
Keromytis, A.D.: A comprehensive survey of voice over ip security research. IEEE Commun. Surv. Tutorials 14(2), 514–537 (2012)
Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., et al.: Survey of security vulnerabilities in session initiation protocol. IEEE Commun. Surv. Tutorials 8(3), 68–81 (2006)
Handley, M. et al.: Sdp: session description protocol. RFC 4566, US (2006)
Anagnostopoulos, M., Kambourakis, G., Kopanos, P., Louloudakis, G., Gritzalis, S.: Dns amplification attack revisited. Comput. Secur. 39, 475–485 (2013)
Silva, S.S.C., Silva, R.M.P., Pinto, R.C.G., Salles, R.M.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)
Wang, P., Wu, L., Aslam, B., Zou, C.C.: A systematic study on peer-to-peer botnets. In: IEEE ICCCN 2009, pp. 1–8, August 2009
Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Secure Comput. 7(2), 113–127 (2010)
Geneiatakis, D., Kambourakis, G., Lambrinoudakis, C., Gritzalis, T.S.: A framework for protecting a sip-based infrastructure against malformed message attacks. Comput. Netw. 51(10), 2580–2593 (2007)
Sip service providers and carriers (2015). http://www.cs.columbia.edu/sip/service-providers.html
Rosenberg, J., et al.: Sip: session initiation protocol. IETF RFC 3261, US (2002)
Mills, D.: Network time protocol (version 3) specification, implementation. RFC 1305, US (1992)
O’Doherty, P., Ranganathan, M.: JAIN SIP Tutorial - Serving the Developer Community, Technical report (2003)
Kamailio the open source sip server (2014). http://www.kamailio.org/w/
Berger, A., Hefeeda, M.: Exploiting sip for botnet communication. In: IEEE NPSec 2009, pp. 31–36, October 2009
Mazurczyk, W., Szczypiorski, K.: Covert channels in sip for voip signalling. In: Jahankhani, H., Revett, K., Palmer-Brown, D. (eds.) Global E-Security. CCIS, vol. 12, pp. 65–72. Springer, Heidelberg (2008)
Zhao, H., Zhang, X.: Sip steganalysis using chaos theory. In: IEEE CMCSN 2012, pp. 95–100, July 2012
Takahashi, T., Lee, W.: An assessment of voip covert channel threats. In: IEEE SecureComm 2007, pp. 371–380, September 2007
Mazurczyk, W., Szczypiorski, K.: Steganography of VoIP streams. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1001–1018. Springer, Heidelberg (2008)
Mazurczyk, W., Kotulski, Z.: Covert channel for improving voip security. In: Pejaś, J., Saeed, K. (eds.) Advances in Information Processing and Protection, pp. 271–280. Springer, US (2007)
Acknowledgements
This paper is part of the 5179 (SCYPE) research project, implemented within the context of the Greek Ministry of Development-General Secretariat of Research and Technology funded program “Excellence II / Aristeia II”, co-financed by the European Union/European Social Fund - Operational program “Education and Life-long Learning” and National funds.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Tsiatsikas, Z., Anagnostopoulos, M., Kambourakis, G., Lambrou, S., Geneiatakis, D. (2015). Hidden in Plain Sight. SDP-Based Covert Channel for Botnet Communication. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-22906-5_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22905-8
Online ISBN: 978-3-319-22906-5
eBook Packages: Computer ScienceComputer Science (R0)