A new covert channel over the RTP protocol is designed and implemented by modifying the timestamp value in the RTP header. Due to the high frequency of RTP packets, the covert channel has a high bit-rate, theoretically up to 350 bps. The broad use of RTP for multimedia applications such as VoIP, provides abundant opportunities to such a covert channel to exist. By using the RTP header, many of the challenges present for covert channels using the RTP payload are avoided. A reference implementation of this covert channel is presented. Bit-rates of up to 325 bps were observed. The channel is very difficult to detect due to expected variations in the timestamp field and the flexible nature of RTP.
Date of creation, presentation, or exhibit
Department, Program, or Center
Department of Computing Security (GCCIS)
CHRISTOPHER FORBES, BO YUAN, DARYL JOHNSON, and PETER LUTZ (2010) A COVERT CHANNEL IN RTP PROTOCOL. Computational Intelligence: pp. 813-819. https://doi.org/10.1142/9789814324700_0123
RIT – Main Campus