Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
SIP steganalysis using chaos theory
Zhao H., Zhang X.  CMCSN 2012 (Proceedings of the 2012 International Conference on Computing, Measurement, Control and Sensor Network, Taiyuan, China,  Jul 7-9, 2012) 95-100. 2012. Type: Proceedings
Date Reviewed: Jan 24 2013

Steganography involves the concealment of unrelated information in a data stream. The authors of this paper propose the use of chaos theory to determine whether a certain information element used in session initiation protocol (SIP) signaling is carrying steganographic information. They use a simplistic distance-based metric to train a simple classification system that recognizes suspect, and therefore potentially steganographic, information elements with 91.9 percent efficacy.

While there does not appear to be anything overtly wrong with the experiment and the results in the paper, the larger question to me is why we should bother with detecting steganography in SIP. SIP has a rather expressive grammar that allows wide variability of representation in messages. As such, it is relatively easy to do steganography in SIP in many places. Trying to assume that steganography will happen only in certain information elements is futile. The expressive grammar, the extensibility of the protocol, the need for intermediaries to pass unknown headers and information elements unmodified, and the need to include various multipurpose Internet mail extensions (MIME) types, including allowing JPEG and GIF images that are already vectors for steganographic attacks, allow for a virtually unlimited canvas with which to mount steganographic attacks in SIP. Picking one or two headers and studying the effect of steganography on these is futile, in my humble opinion.

Reviewer:  Vijay Gurbani Review #: CR140866 (1305-0387)
Bookmark and Share
  Reviewer Selected
Security and Protection (C.2.0 ... )
Network Protocols (C.2.2 )
Would you recommend this review?
Other reviews under "Security and Protection": Date
Security and protection of SCADA: a bigdata algorithmic approach
Shyamasundar R.  SIN 2013 (Proceedings of the 6th International Conference on Security of Information and Networks, Aksaray, Turkey,  Nov 26-28, 2013) 20-27, 2013. Type: Proceedings
Apr 16 2014
SIPAD: SIP-VoIP anomaly detection using a stateful rule tree
Seo D., Lee H., Nuwere E.  Computer Communications 36(5): 562-574, 2013. Type: Article
Apr 14 2014
NAVSEC: a recommender system for 3D network security visualizations
Nunnally T., Abdullah K., Uluagac A., Copeland J., Beyah R.  VizSec 2013 (Proceedings of the 10th Workshop on Visualization for Cyber Security, Atlanta, GA,  Oct 14, 2013) 41-48, 2013. Type: Proceedings
Dec 27 2013

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright © 2000-2014 ThinkLoud, Inc.
Terms of Use
| Privacy Policy