JOURNAL OF COMPUTING, VOLUME 3, ISSUE 12, DECEMBER 2011, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.

ORG

58

Implementation and Evaluation of a Software Prototype for Real-Time Steganography in VoIP Call
Abdulaleem Z. Al-Othmani, Azizah A. Manaf, and Akram M. Zeki
AbstractSteganography is an effective way of hiding secret data, by this means of protecting the data from unauthorized or unwanted viewing. In fact, along with encryption, steganography is one of the fundamental ways by which data can be kept confidential. One of the new and promising communication medium that can be used as a host for steganography is Voice over Internet Protocol. VoIP is a form of communication that allows people to make phone calls over an internet connection instead of typical analogue telephone lines. VoIP characteristics, such as, real-time transmission, bi-directional nature and vast amount of data make it very appropriate medium to hide secret data. This article concerns available steganographic techniques that can be used for creating covert channels for VoIP streams. Based on that, the proposed prototype is configured to apply some of these techniques in lab environment. The main contribution of this study is designing, implementing and testing a prototype of real time VoIP steganography. Index Terms Signal processing, VoIP, Steganography, real-time communication, LSB.

1 INTRODUCTION
teganography is the process of hiding secret data inside other data files or signals. In communication, steganography means hiding of a secret message within an ordinary medium signal during sending or transmission phases to be extracted at the destination by the intended recipient only. It is simply an art of hiding secret data in ways that prevent the detection of hidden messages [1]. In contrast to the traditional cryptography in which secret message is hidden by simply scrambling its content, the function of steganography is to hide not only the content of the message but also its mere existence by embedding the message into an innocent covert medium. In the ideal case, probable eavesdroppers who tries to scan this medium will not be able to know what to listen to and whether there is a hidden data or not [2], [3]. Therefore, steganography can offer a better security in many ways. Audio stream formats dont tend to be very accurate data formats, typically since the human ear is not very skilled at distinguishing sounds. With this natural inaccuracy, or redundancy, minor changes to an audio signal can be made so that human ear will not be able to distinguish the cover audio signal from the stego audio signal. Audio steganography is a practical way for transmitting

covert secret information via an innocuous cover audio signal. [4]. Although steganography is applicable to all data objects that contain redundancy, in this article, we consider VoIP audio signal only. Voice over Internet Protocol (VoIP), or IP telephony, is defined as a general term for a family of transmission technologies for delivery of voice communications over IP networks such as the Internet or other packet switched networks [5]. Through VoIP, voice communications are digitized and then segmented into standard digital data payloads (i.e., batches or collections of data) that are, in turn, encapsulated within IP packets so they can be transmitted via the IP transport network. This process allows voice and other information to coexist in a single IP data network so it can be transmitted using shared equipment and communications lines. VoIP systems usually interface with the traditional Public Switched Telephone Network (PSTN) to allow for transparent phone communications worldwide. Although VoIP has existed for several years, it has only recently begun to take off as a viable alternative to traditional voice systems and PSTN networks. At the present time, VoIP is one of the most popular services in the Internet. It was introduced to the telecommunication market and since then, changed it completely and gradually. As it is used worldwide more freely, the Abdulaleem Z. Al-Othmani, Faculty of Computer Science and Informa- traffic volume that it generates is still increasing. Because tion Systems, Universiti Teknologi Malaysia, 81310, Skudai, Johor, Malay- of its popularity, it is becoming a natural target for stegasia. nography. That is why VoIP is appropriate to enable hid Azizah A. Manaf, Advanced Informatics School (AIS), Universiti Teknoden communication throughout IP networks [1]. The relalogi Malaysia, International Campus, Jalan Semarak, 54100 Kuala Lumtively huge amount of data that could be hidden, the real pur, Malaysia. Akram M. Zeki, Department of Information System, Kulliyyah of Infortime nature of VoIP calls and the bi-directional capability mation and Communication Technology, Iterntaional Isalmic University, that is provided by such transmission make VoIP audio 50728 Kuala Lumpur, Malaysia. signal a promising steganographic medium to be used to hide data over internet networking. VoIP steganography

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 12, DECEMBER 2011, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

59

covers a wide range of information hiding techniques; including popular techniques based on IP or TCP and others protocols. The main idea is to use free, redundant or unused fields of these protocols [16]. This prototype will be designed and implemented to work in a lab-based environment. This means, the VoIP call will be limited to two hosts using point-to-point connection with static IP addresses. This is different from the real life VoIP applications which use client-server calls. As a result, the system will be based on LAN network which provides an environment with almost zero noise. This will greatly help to get better VoIP steganography performance and correctness. Due to the complexity of VoIP steganography, only specific basic types of visual and statistical measures will be considered. The most important success factor of this study is keeping the overall changes of the VoIP stream very small so that they can be hardly noticed while embedding a large amount of covert data and providing maximum extraction of the hidden information.

an echo into the discrete signal. If only one echo was produced from the original signal, only one bit of information could be encoded. Therefore, the original signal is broken down into blocks before the encoding process begins. Once the encoding process is completed, the blocks are concatenated back together to create the final signal.

3 RELATED WORK
Many of current audio and network steganography algorithms are theoretically applicable to VoIP streams. In practice only some of them are feasible or applicable to VoIP taking in mind available equipment and technology. There are also some techniques which are too complex to be applied on VoIP stream which needs real time embedding and extraction of secret data. There are many steganography techniques that are applicable to VoIP cover time domain, frequency domain and integer transform domain. The time domain algorithms provide less complexity and higher capacity than others, while other domains focus on the robustness and invisibility. Because VoIP is simply audio signal transmission using IP networking, it is possible also to apply network steganography techniques during VoIP call session. It is possible to use redundant, unused and reserve bits of protocols packets to hide some data. Gopalan and Wenndt [20] presented a method of embedding covert data in a cover audio signal by insertion of low power tones. Cvejic and Seppnen [10], presented a high bit rate LSB audio watermarking method that reduces embedding distortion of the host audio. Using their proposed two-step algorithm, secret data bits are embedded into higher LSB layers, resulting in increased robustness against noise addition. Agaian et al [11], presented two algorithms for digital audio steganography with embedding in the frequency domain and the integer transform domain (QSAS and ITSAS). Experimental results for both methods indicate that the changes in the embedded audio section are inaudible. The QSAS algorithm has lower embedding capacity but has much better SNR values. The ITSAS algorithm is preferred as it is reversible, simple, and efficient with acceptable SNR values. Chungyi and Quincy [12], proposed a scheme for transmitting secret speeches based on information hiding in VoIP systems. Their hiding process consists of two steps: compressing the secret speeches and then filling their binary bits directly into the LSBs of cover speech coded with G.711. Dittmann et al. [21], presented a more general scheme of steganography over VoIP, which can be used to transmit arbitrary secret messages. Kratzer et al. [13], suggested that messages be encrypted prior to embedding to improve security. Motivated by this view, they later proposed a scheme that introduces the cryptographies (i.e. Twofish, Tiger) for embedded messages. However, the encryption operation must be carried out offline before the embedding operation, because the adopted cryptographies are often time-consuming and incur delays that may in turn degrade the speech quality drastically. Szczypiorski et al. [14] and [15], provided new insights

2 METHODS OF AUDIO STEGANOGRAPHY

Generally, there are many steganographic techniques for hiding secret data or messages in audio in a way that the modifications made to the audio file are perceptually indiscernible. Major and common techniques include [6], [7] [8], [12], [17], [18], [19]:

2.1 LSB Coding

Least significant bit (LSB) coding is the simplest way to embed information in a digital audio file. By substituting the least significant bit of each sampling point with a binary message, LSB coding allows for a large amount of data to be encoded.

2.2 Parity Coding

The parity coding method breaks a signal down into separate regions of samples and encodes each bit from the secret message in a sample region's parity bit. If the parity bit of a selected region does not match the secret bit to be encoded, the process flips the LSB of one of the samples in the region.

2.3 Phase Coding

The phase coding technique works by replacing the phase of an initial audio segment with a reference phase that represents the secret information. The remaining segments phase is adjusted in order to preserve the relative phase between segments.

2.4 Spread Spectrum

Unlike LSB coding, the Spread Spectrum method spreads the secret information over the frequency spectrum of the sound file using a code which is independent of the actual signal [9]. As a result, the final signal occupies a bandwidth which is more than what is actually required for transmission

2.5 Echo Hiding

Information is embedded in a sound file by introducing

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 12, DECEMBER 2011, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

60

by presenting two new techniques. The first one is network steganography solution which exploits free/unused protocols fields and is known for IP, UDP or TCP protocols but has never been applied to RTP and RTCP which are characteristic for VoIP. The second method, called LACK (Lost Audio Packets Steganography), provides hybrid storage timing covert channel by utilizing delayed audio packets. The third one is HICCUPS (Hidden Communication System for Corrupted Networks) which is a generic steganographic framework for wireless LAN which can be used in voice over wireless LAN (VoWLAN) environments. Obtained results showed that during typical VoIP call, it is possible to send covertly more than 1.3 Mbits of data in one direction.

to the receiver as described in Figure 2.

4 PROTOTYPE DEVELOPMENT
The general architecture of the proposed VoIP steganography prototype is shown in Figure 1 below. Each covert data transmitted during VoIP call will be processed and embedded according to this architecture.

Fig. 2. Flowchart of the sending/embedding process.

The detailed procedure of embedding secret message into the compressed audio data function is based on the option of utilizing 1 LSB, 2 LSBs, 3 LSBs and 4 LSBs depending on user choice through GUI. The 1 LSB part of this function is working according to the following algorithm: Step 1: Get secret data and convert it to an array of bits A1. Step 2: Get a portion of voice data and save it into an array of bytes A2. Step 3: Insert starting bytes (0,255,0,255,0) into voice data array. Step 4: Insert 1 bit of secret data array into LSB of voice data array byte. Step 5: Increment indexes of A1 and A2. Step 6: repeat Step 4 and 5 until end of A1. Step 7: Insert ending bytes (255,0,255,0,255) into voice data array The embedding process of 1 LSB is being done according to figure 3 below.

Fig. 1. General architecture of proposed VoIP steganography prototype.

The first step in building a VoIP steganography prototype is implementing VoIP call by using either clientserver based or point-to-point based architecture. The VoIP call in this prototype will be point-to-point based and consists of three steps: initializing call, performing the conversation, and ending the call. The initialization of VoIP calls start when one endpoint (the sender) sends an INVITE message to the other endpoint (the receiver) using receiver's IP address. If the receiver accepts the invitation, an OK message will be sent back to the sender. By receiving the OK message, the initialize step is done and then both parties will start the next (conversation).

4.1 Embedding process

As the conversation session starts, voice signals are captured from microphone and sampled into PCM codes. This task is done by using Microsoft DirectSound. The 16 bits PCM voice samples will then be compressed into 8 bits using G711 audio codec algorithm. The secret data will now be embedded using LSB technique. The stego voice signal will be packetized into UDP packets and sent

Fig. 3. Replacement of 1 LSB in embedding function.

4.2 Extracting process

Received UTP packets from the sender are extracted by the use of extracting function. The hidden data are then extracted from the audio bits and converted back to its

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 12, DECEMBER 2011, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

61

original form and displayed on the GUI of the receiver. The audio data are decompressed from 8 bits G711 data into 16 bits PCM voice samples using G711 audio codec algorithm. Then the audio signals are regenerated from voice data and sent to speakers, which is done with the help of Microsoft DirectSound. Figure 4 shows the flowchart of the extracting process.

Fig. 5. Screenshot of prototype GUI showing VoIP call steganography results.

5 EXPERIMENTAL RESULTS
For the purpose of testing, each LSB steganography algorithm is tested many times. Different secret data with different lengths, are used in each test. The waveforms and statistical results of each test are recorded and analyzed. Another testing is by sending a different secret message with different sizes using each one of LSB algorithms in this prototype. The result of each algorithm test are then analyzed and compared. Generally, two testing approaches are used with this project prototype. The program performance is tested first and then the testing experiments are carried out. Statistical measures include Time interval needed to receive, extract and display secret data, the number of bits transmitted, number of VoIP call sample or bytes used to embed such secret data, the signal-to-noise ratio SNR, and average deviation as shown in equation 1. (1) Where: AvDev = average deviation. n = number of VoIP call data bytes used to hide the secret data. Si = value of the secret data hidden in the VoIP call data byte i. Vi = value of the VoIP call data byte used to hide secret data value Si. The first experiment is done by embedding a sample 100bytes text message using each one of LSB techniques and then record statistical results of each technique. The secret data sent by the sender is totally and correctly received by the receiver using any of the four targeted techniques. The results of this experiment and statistical records are summarized in Table 1 below.

Fig. 4. Flowchart of the receiving/extracting process.

The detailed procedure of extracting process is done according to the following algorithm: Step 1: Get the received voice signal and save it into an array of bytes A2. Step 2: Search the received voice data for the starting bytes (0,255,0,255,0). Step 3: Extract the LSB of one byte of voice data array and save it into an array of bits A1. Step 4: Increment indexes of A1 and A2. Step 5: Repeat Step 4 and 5 until finding the ending bytes (255,0,255,0,255). Step 6: Recombine array A1 into array of characters. Step 7: Display the result (the array of characters) on the GUI.

4.3 Presenting Results

Results of the VoIP call as well as embedded and extracted secret data are presented in the GUI of the prototype as text information. Other results like the input and output waveforms are presented also on GUI as drawings. Statistical results of the VoIP steganography process is displayed on the prototype main form as well. There are also some middle data could be presented like the voice data array and the array of bits of the secret data. Figure 5 illustrates screenshoot of the GUI of the VoIP steganography prototype, showing statistical results.

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 12, DECEMBER 2011, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

62

TABLE 1 RESULTS OF HIDING 100 BYTES OF SECRET DATA

Measure Average Deviation 1 LSB 0.007109 2 LSBs 0.0142429 3 LSBs 0.039231 4 LSBs 0.075223

Other experiments were done by using 100 Bytes, 1KB, 4KB and 8 KB of secret data. The results of these experiments and statistical records are summarized in table 2 below. TABLE 2 RESULTS OF HIDING DIFFERENT SIZES OF SECRET DATA
1 LSB Measure Time to extract data (sec) Used voice segments Average Deviation 100 Bytes 4 1 0.007109 1 KB 237 4 0.007447 2 LSBs Time to extract data (sec) Used voice segments Average Deviation 2 1 0.0142429 108 2 0.019293 700 8 0.013514 1368 15 4 KB 1378 15 0.006822 8 KB 2908 30 0.004482 Fig. 6. Screenshot of voice waveforms of received signal with secret data embedded.

In figure 6 above, the green arrows point to the starting signals of each LSB technique waveform while the dark red arrows point to the ending signals. The secret data is embedded between these two arrows and the receiver checks and extract secret data only from the signals between them. The red waveforms are the original voice signal before embedding while the blue waveforms are the modified voice signals after embedding the secret message.

6 CONCLUSION
0.01468 3 LSBs

Time to extract data (sec) Used voice segments Average Deviation

1 1 0.039231

51 2 0.056067 4 LSBs

382 5 0.03364

837 10 0.066338

Time to extract data (sec) Used voice segments Average Deviation

1 1 0.075223

1 1 0.068524

223 4 0.082939

710 8 0.06109

Steganography is a fascinating and effective method of hiding data which has been used throughout history. The biggest challenge to steganography is how to increase the amount of information to be embedded in the host channel without affecting the properties of that channel while keeping this secret transmission invisible to unauthorized parties. This study reviewed available steganographic techniques that can be used for creating covert channels for VoIP streams. In this paper, LSB technique of VoIP steganography was tested and evaluated. The evaluated prototype was focusing on enhancing data capacity of covert data in VoIP steganography was introduced. The results of this study provide a reasonable tradeoff between the adequate information hiding requirement (good security and sufficient capacity) and the low latency requirement for VoIP.

The above table shows that the quality of the voice signal after embedding 1 bit only (1 LSB) is higher than when using 4 bits at the same time (4 LSBs), while 1 LSB needs more time to transmit secret data than 4 LSBs. By comparing the different sizes of secret data, the above data shows that there are differences in the total number of voice segments required to send the desired secret message.

REFERENCES
[1] Mazurczyk,W.andK.Szczypiorski,CovertChannelsinSIPfor VoIPSignalling,inGlobalESecurity,H. Jahankhani,K.Revett, and D. PalmerBrown, Editors. 2008, Springer Berlin Heidelberg.p.6572. [2] Hui,T.,etal.AnMSequenceBasedSteganographyModelforVoice over IP. in Communications, 2009. ICC 09. IEEE International Conferenceon.2009.

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 12, DECEMBER 2011, ISSN 2151-9617 https://sites.google.com/site/journalofcomputing WWW.JOURNALOFCOMPUTING.ORG

63

[3] Tian, H., et al., A Covert Communication Model Based on Least Significant Bits Steganography in Voice over IP, in Proceedings of the 2008 The 9th International Conference for Young Computer Scientists.2008,IEEEComputerSociety.p.647652. [4] Gopalan, K. Audio steganography using bit modification. in Multimedia and Expo, 2003. ICME 03. Proceedings. 2003 InternationalConferenceon.2003. [5] Schulzrinne, H. and J. Rosenberg, Internet Telephony: architecture and protocols an IETF perspective. Computer Networks,1999.31(3):p.237255. [6] Shahreza, S.S. and M.T.M. Shalmani. High capacity error free wavelet Domain Speech Steganography. in Acoustics, Speech and Signal Processing, 2008. ICASSP 2008. IEEE International Conferenceon.2008. [7] Johnson,N.F.andS.Jajodia,Exploringsteganography:Seeingthe unseen.Computer,1998.31(2):p.2634. [8] Bhattacharyya, D.,etal.,HidingDatainAudioSignalAdvanced Communication and Networking, C.C. Chang, et al., Editors. 2010,SpringerBerlinHeidelberg.p.2329. [9] Mengyu,Q.,A.H.Sung,andL.Qingzhong.FeatureMiningand Intelligent Computing for MP3 Steganalysis. in Bioinformatics, Systems Biology and Intelligent Computing, 2009. IJCBS 09. InternationalJointConferenceon.2009. [10] Cvejic, N. and T. Seppanen. Increasing robustness of LSB audio steganography using a novel embedding method. in Information Technology:CodingandComputing,2004.Proceedings.ITCC2004. InternationalConferenceon.2004. [11] Agaian, S., D. Akopian, And S. Dsouza. Two Algorithms in Digital Audio Steganography Using Quantized Frequency Domain Embedding and Reversible Integer Transforms. In Smmsp2005. Riga,Latvia. [12] Chungyi, W. and W. Quincy. Information Hiding in RealTime VoIP Streams. in Multimedia, 2007. ISM 2007. Ninth IEEE InternationalSymposiumon.2007. [13] Kratzer,C.,etal.Designandevaluationofsteganographyforvoice overIP. in Circuits and Systems, 2006. ISCAS 2006. Proceedings. 2006IEEEInternationalSymposiumon.2006. [14] Mazurczyk, W. and Z. Kotulski, New VoIP Traffic Security SchemewithDigitalWatermarkingComputerSafety,Reliability,and Security, J. Grski, Editor. 2006, Springer Berlin / Heidelberg. p.170181. [15] Mazurczyk, W. and K. Szczypiorski, Steganography of VoIP Streams, in On the Move to Meaningful Internet Systems: OTM 2008,R.MeersmanandZ.Tari,Editors.2008,SpringerBerlin/ Heidelberg.p.10011018. [16] Mazurczyk,W., J. Lubacz andK. Szczypiorski Hiding Data in VoIP In Proc. of:The 26th Army Science Conference (ASC 2008), [17] Kumar S. B., D. Bhattacharyya, P. Das, D. Ganguly and S. Mukherjee, A tutorial review on Steganography, International Conference on Contemporary Computing (IC3 2008),Noida,India,August79,2008,pp.105114. [18]Bender,W.,W.Butera,D.Gruhl,R.Hwang,F.J.Paiz,S.Pogreb, Techniques for data hiding, IBM Systems Journal, Volume 39,Issue34,July2000,pp.547568. [19] Vapnik, V.N. Statistical Learning Theory. John Wiley and Sons,NewYork,USA,1998. [20] Gopalan, K., S. Wenndt. Audio Steganography For Covert DataTransmissionByImperceptibleToneInsertion,Proc.the IASTEDInternationalConferenceonCommunicationSystems andApplications,Banff,Canada,July2004. [21] Dittmann, J., D. Hesse, R. Hillert. Steganography and steganalysisinvoiceoverIPscenarios:operationalaspectsand rst experiences with a new steganalysis tool set. SPIE and

IS&T Proc., San Jose, California, USA, January 2005, pp. 607 618

Abdulaleem Z. Al-Othmani is a Ph.D. student in Computer Science at the Universiti Teknologi Malaysia, KL. He received his Bachelor of Science in Computer Engineering in 2002 at Baghdad University, Iraq and a Master of Science in Computer Science in 2010 from the University of Technology Malaysia, Malaysia. In 2010, he started his Ph.D. in Computer Science at the Faculty of Computer Science and Information Systems, UTM. His research interests include audio signal processing, data hiding, cryptography, mobile steganography, and real time communication. Azizah A. Manaf is a professor of image processing and Pattern Recognition from University Technology Malaysia (UTM). She graduated with B.Eng (Electrical) 1980, MSc. Computer Science (1985) and PhD (Image Processing) in 1995 from UTM. Her current areas of interest and research are image processing, watermarking, steganography and computer forensics and she has postgraduate students at the Master and PhD level to assist her in these research areas. She has written numerous articles in journals and presented an extensive amount of papers at national and international conferences on her research areas. Prof. Dr. Azizah has also held management positions at the university and faculty levels such as Head of Department, Deputy Dean, Deputy Director, and Academic Director. She is currently the Deputy Dean Academic of Advance Informatics School (AIS) at UTM. Akram M. Zeki has obtained B.Sc. from University of Jordan, Amman, Jordan. And Master in Computer Graphics from Faculty of Computer Science and Information Technology at University Putra Malaysia. His PhD was from Faculty of Computer Science and Information System at University Technology Malaysia. Recently he is Assistant Professor at Kulliyyah of Information and Communication Technology, International Islamic University Malaysia. His research interest including: Watermarking, Steganography, Information Security and Image Processing. .