Steganophony–when internet telephony meets steganography


Steganophony is the term coined by Wojciech Mazurczyk and Józef Lubacz at the Warsaw University of Technology in Poland to describe the practice of hiding messages in internet telephony traffic (presumably the word is an amalgamation of the terms steganography and telephony).

The growing interest in this area is fueled by the fear that terrorist groups may be able to use services such as Skype to send messages secretly by embedding them in the data stream of internet telephony. At least that’s what Mazurczyk and Lubacz tell us.

The pair has developed a method for doing exactly that called Lost Audio PaCKets Steganography or LACKS and outline it on the arXiv today.

LACKS exploits a feature of internet telephony systems: they ignore data packets that are delayed by more than a certain time. LACKS plucks data packets out of the stream, changes the information they contain and then sends them on after a suitable delay. An ordinary receiver simply ignores these packets if they arrive after a certain time but the intended receiver collates them and extracts the information they contain.

That makes LACKS rather tricky to detect since dropped packets are a natural phenomenon of the internet traffic.

But is this really an area driven by the threat of terrorism? If anybody really wants to keep messages secret then there are plenty of easier ways to do it, such as Pretty Good Privacy.

There’s a far more powerful driver for this kind of work. It’s name? Paranoia

Ref: LACK – a VoIP Steganographic Method

2 Responses to “Steganophony–when internet telephony meets steganography”

  1. Oh I dunno… Combine PGP and LACKS (what was wrong with LAPS?) and you’ve got yourself a pretty damn secure communications channel… With PGP an eavesdropper will at least know that you’re sending a message worth hiding. With LACKS it could go unnoticed.

  2. Amiya says:

    Interesting. I think, terrorists may indeed be able to get their data ‘untracked’, using steganophony.