Unfortunately, VoVoIP raises serious security concerns regarding current VoIP deployments since it exploits VoIP covert channel vulnerability. The VoIP covert channel is a communication channel that can be used by a process to transfer information in a manner that violates the system security policy. Such attacks may utilize signaling protocols (i.e. SIP, H.323) and/or data transport protocols (i.e. RTP) to send information across the network in seemingly innocent VoIP traffic. Clearly, this technique can be extended to transfer arbitrary data, enabling various types of vandalism whose damages can amount to large financial loses. For example, emerging threats such as VoIP SPAM or Botnet may work in tandem to transfer control signals or binary executables through VoIP covert channels. Some multi-level security systems may need to prohibit the use of VoIP altogether. It is important to note that at least one communicating party must be infected by a trojan in order to launch the attack. The receiver may be another infected VoIP client, or an attacker wire-tapping the network communication.
The dangers posed by these VoIP covert channels are easy to see. VoVoIP shows that 8000kbps of information can be easily transfered in seemingly innocent voice packets, and such bandwidth can be further improved by sacrificing the cover audio quality. Worse yet, any audio steganography techniques can launch a VoIP covert channel attack, and our study [] shows that some attacks may even survive through audio compressions! Therefore simply forbidding the usage of G.711 codecs cannot be a solution. Since current VoIP deployments take no consideration for such problems, they are vulnerable to VoIP covert channel attacks. Clearly, we must consider a more effective and thorough defense mechanism.
There are two types of countermeasures to mitigate the VoIP covert channel threat. One is an active sanitization of VoIP traffic which would either randomly or completely erase least significant bits of VoIP traffic. This method will be effective against simple LSB-based attacks on voice communication using the G.711 codec. The downside is the reduced audio quality to all users. Similarly, prohibiting the use of G.711 codecs would prevent attacks although such policy may interfere the communication with other VoIP users. Keep in mind that G.711 is a must-support codec. The other approach passively scans audio traffic and detects suspicious call sessions. In [], Hamza states that audio streams with embeded information show distinctive characteristic when a series of algorithms which measures objective audio quality are applied. We found that this technique is directly applicable to the VoIP covert channel problem, and our experiments based on Matlab, as discussed in [], reveal that they are indeed effective. Moreover, this approach is very successful at identifying attacks regardless of the audio data hiding algorithms used.