Those awkward silences during phone calls can communicate a lot. Especially if you're sending hidden messages during them. Computer scientists at the Warsaw University of Technology have come up with a way to secretly send nearly 2000 bits of encrypted data per second during a typical Skype conversation by exploiting the peculiarities of how Skype packages up voice data. They reported their findings this week.
Steganography, as Warsaw's Jozef Lubacz, Wojciech Mazurczyk, and Krzysztof Szczypiorksi explained in their excellent feature article in February 2010, differs from encryption in that its not just that the message is unreadable; the fact that it's being sent at all is hidden as well. Steganography's been in use for thousands of years and has evolved to include hiding data within compressed image files in such a way that the image isn't degraded so much that a human eye would notice. The problem with that sort of steganography, the researchers point out, is that it leaves a trace. The image file will wind up on some server somewhere with your message embedded in it.
A safer class of steganography, from the spy's point of view, is called network steganography. This gets around the traceability problem by hiding the message in the peculiarities of the manner in which a network works. Mazurczyk, Szczypiorski, and colleagues have already come up with several versions of this including LACK, which hides messages in data packet delays; HICCUPS, which makes the message seem like the expected noise or distortion; and the less-creatively-named Protocol Steganography, which slips messages into underutilized data fields.
The new scheme SkyDe (for Skype Hide) uses the peculiarities of how Skype works to hide the message. First the researchers noted that even when there's silence in a Skype call, the software is still generating and sending packets of audio data. After analyzing Skype calls, they found that they could reliably identify those silence packets, because they were only about half the size of packets containing voices. Sky-De encrypts your hidden message, grabs a certain portion of outgoing silence packets,, and stuffs the encrypted message into them. A person at the receiving end's SkyDe software would then grab the small packets and let the big ones through. Skype software interprets the lost small packets as silence anyway, so it doesn't miss them.
A video explains it all:
Mazurczyk, Szczypiorski, and colleagues are particularly pleased with SkyDe, because it hits a number of criteria you'd want for any good steganographic system. With such systems you're always trading off between the quality of the carrier (the Skype call in this case), the bandwidth available for hidden messages, and the ability to keep secret that you are passing a message (they call it "undetectability"). Without causing a suspicious change in voice quality, they could load up 30 percent of the silence packets for a bandwidth of 1.8 kilobits per second. They also found that even if someone in between the callers were intercepting the packets and analyzing them by how often certain byte values occur, SkyDe is pretty much undetectable. Warsaw's Network Security Group is planning to work on boosting SkyDe's bandwidth among other things.
So spy agencies have more to worry about than ever. First it was how easy it is to hack the Cisco IP phones in government offices, now its hidden messages in Skype calls. What's next? Messages encoded in genes?