A Security Model for VoIP Steganography
In 2005, an extensive taxonomy of threats for VoIP was published by a prominent industry group. Strangely, this taxonomy does not identify stegocommunication as a threat, even though many steganographic channels have been identified in VoIP protocols. To avoid such security gaps in the future, we argue that stegocommunication should be added to the traditional list of network threats: interruption, interception, modification, fabrication. The stegocommunication threat arises when the communication channel is purchased, provided, or supervised by anyone other than the communicating parties. We illustrate a stegocommunication threat to a business owner Charles. If Charles purchases a VoIP service for business-related communications by an employee Alice, then he faces the risk that Alice may undetectably communicate a business secret to an outside party Bob. In this insider-threat scenario, Charles can mitigate his security risk by installing a stegodetector.
VoIP Steganography Security Model
Zhiwei Yu Clark Thomborson Chaokun Wang Junning Fu Jianmin Wang
Department of Computer Science and Technology, Tsinghua University Department of Computer Science, The University of Auckland, New Zealand School of Software, Tsinghua University Key Laboratory for Information System Security, Ministry of
国际会议
武汉
英文
35-40
2009-11-18(万方平台首次上网日期,不代表论文的发表时间)