CN117614851A - VoIP hidden channel construction method, system and medium based on data packet length - Google Patents
VoIP hidden channel construction method, system and medium based on data packet length Download PDFInfo
- Publication number
- CN117614851A CN117614851A CN202311468920.1A CN202311468920A CN117614851A CN 117614851 A CN117614851 A CN 117614851A CN 202311468920 A CN202311468920 A CN 202311468920A CN 117614851 A CN117614851 A CN 117614851A
- Authority
- CN
- China
- Prior art keywords
- data
- packet
- hidden
- voice
- voip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000010276 construction Methods 0.000 title claims description 9
- 230000005540 biological transmission Effects 0.000 claims abstract description 67
- 238000000034 method Methods 0.000 claims abstract description 58
- 238000004891 communication Methods 0.000 claims description 17
- 230000008569 process Effects 0.000 claims description 16
- 238000004422 calculation algorithm Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 10
- 238000012544 monitoring process Methods 0.000 claims description 5
- 229920006395 saturated elastomer Polymers 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 238000001514 detection method Methods 0.000 abstract description 4
- 238000012795 verification Methods 0.000 abstract description 4
- 238000012360 testing method Methods 0.000 description 15
- 238000005516 engineering process Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 4
- 230000001960 triggered effect Effects 0.000 description 4
- 102100023185 Transcriptional repressor scratch 1 Human genes 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 229910002056 binary alloy Inorganic materials 0.000 description 2
- 238000013075 data extraction Methods 0.000 description 2
- 238000013524 data verification Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 239000006185 dispersion Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000011010 flushing procedure Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011056 performance test Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/508—Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement
- H04L41/5087—Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement wherein the managed service relates to voice services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/0001—Systems modifying transmission characteristics according to link quality, e.g. power backoff
- H04L1/0009—Systems modifying transmission characteristics according to link quality, e.g. power backoff by adapting the channel coding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Quality & Reliability (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method, a system and a medium for constructing a VoIP hidden channel based on the length of a data packet, which are used for encoding and decoding hidden data by utilizing the length characteristics of the data packet, constructing a packet data frame and a follow-up data frame to increase the reliability of data transmission, modulating and demodulating the hidden data by adjusting the sequence of the data packet, combining a digital verification method, ensuring the hidden transmission of the hidden data, improving the transmission performance of the hidden data and improving the security of voice data transmission on the basis of having the detection resistance and the robustness.
Description
Technical Field
The invention relates to the field of voice safety communication, in particular to a method, a system and a medium for constructing a VoIP hidden channel based on the length of a data packet.
Background
The related technology of data encryption is used for converting plaintext data into unidentifiable ciphertext data, which is a common means for ensuring the security of sensitive data. However, the encrypted data is still transmitted through the public channel, and the behavior of the user for transmitting the data can be still identified through the header information of the data packet. And with the continuous development of evidence obtaining technology, it is difficult to ensure that ciphertext data cannot be cracked and modified. Compared with the data encryption technology, the information hiding technology makes hidden data difficult to find, so that the safety of the data is ensured.
Hidden channel is an important branch of information hiding technology, and is a communication mode for implementing data hidden transmission outside a legal communication channel. Currently, the research on hidden channels is mainly divided into two directions, namely a storage hidden channel and a time hidden channel. The basic implementation method of the storage hidden channel is to store hidden data in a storage area shared by both communication parties, so that the storage hidden channel has better transmission performance, but has defects in the aspect of concealment. The time hidden channel modulates hidden data into transmission characteristics according to the time characteristics of data transmission, has no requirement of memory and information storage space, does not change the data content, and has the characteristics of good hidden property and strong detection resistance compared with the storage hidden channel.
With the continuous expansion of the mobile internet, the hidden channel provides a safe and hidden transmission solution for the mobile terminals, and meets the transmission requirement in a specific scene. The VoIP communication technology using data packet exchange as transmission mode provides low-delay and high-definition voice call, wherein in order to ensure reliable transmission of data packets in the network, the VoIP technology uses UDP-based RTP protocol as application layer protocol, provides end-to-end network transmission function of real-time data such as audio and video, and the like, data frames in the voice call need to be distributed into a plurality of RTP data packets for transmission, thereby greatly increasing the number of the data packets and providing construction basis for time hidden channels based on the length of the data packets. However, as the transmission characteristics of the data packets in the mobile internet have stronger regularity, higher requirements are put forward in terms of transmission concealment, and the construction difficulty of the time hidden channel is increased.
The prior time hidden channel device for classifying packet position adjustment and the construction method thereof, which uses the mobile video call process as a research object to propose to utilize packet content to perform characteristic calculation on the data packet, then classify the characteristics as coding basis, and further modulate and demodulate in a mode of adjusting the position of the data packet to construct a time hidden channel. As shown in fig. 1, in this implementation, the hash value of the payload portion of each data packet needs to be calculated by using an encryption algorithm such as MD5, and division calculation needs to be performed, so as to determine whether the data packet is a marker packet, and a large amount of calculation causes additional time overhead to affect the transmission performance of the hidden data; secondly, the binary system '0' needs the front and back two mark package interval mould 4 for more than 1 data package, the binary system '1' needs the front and back two mark package interval mould 4 for more than 2 or more than 3 data packages, and a plurality of data packages need to be transmitted to transmit one bit of hidden data, so that the transmission efficiency is low; finally, the characteristic classification adopts a mode of calculating payload hash and removing the remainder by using encryption algorithms such as MD5, the method cannot ensure uniformity and dispersion of classification, hash value integer division 4 can become a marking packet, probability is low, and bandwidth of a communication channel is reduced. The method does not take into account the characteristics and features of VoIP-based voice data transmissions.
Disclosure of Invention
In order to solve the defects existing in the prior art, the invention provides a method for constructing a VoIP hidden channel based on the length of a data packet, and provides a method for constructing a VoIP time hidden channel based on the length of the data packet, which is based on the characteristics and rules of voice data transmission in VoIP, by utilizing the length characteristics of the data packet to encode and decode hidden data, constructing a packet data frame and a follow-up data frame to increase the reliability of data transmission, modulating and demodulating the hidden data by adjusting the sequence of the data packet and combining a digital verification method, thereby ensuring the hidden transmission of the hidden data, improving the transmission performance of the hidden data on the basis of having the detection resistance and robustness, and mining the application potential of the scene.
The first aspect of the invention discloses a method for constructing a VoIP hidden channel based on the length of a data packet, which comprises the following steps:
step S1: the communication users transmit hidden data through a time hidden channel to carry out voice call, and the hidden data in the voice call is captured;
step S2: data grouping is carried out on the hidden data to generate a message block d with fixed length i ;
Step S3: calculating a check code based on a CRC algorithm, and calculating each message block d i Is a check value C of (2) i ;
Step S4: message block d using the previously shared key of the communication user i Performing AES256 encryption to obtain an encrypted message block D i ;
Step S5: using encrypted message block D i And corresponds to the message block d i Corresponding check value C i Constructing packet data frame G i ;
Step S6: monitoring the length characteristics of the voice VoIP data packet between the communication users, according to the packet data frame G i Adjusting the sending sequence of the voice VoIP data packet;
step S7: the voice VoIP data packet is sent to a receiving end through a network, the receiving end demodulates according to the reverse sequence of the modulation process, in the packet length decoding stage, the length characteristics of the voice data packet are monitored for decoding, and the packet data frame G 'is extracted' j ;
Step S8: extracting the encrypted message block D 'from the data frame according to the packet data frame format' j And check code C' j ;
Step S9: the encrypted message block D 'is processed using the AES256 algorithm' j Decrypted into message block d' j Finishing data decryption;
step S10: recalculate d' j And C' j Comparing, checking data and checking the correctness of the data;
step S11: merging all correct said message blocks d' j And obtaining complete hidden data.
According to the method of the first aspect of the present invention, the step S5 further includes:
and searching bit strings which possibly have conflicts in the data part of the packet data frame, and adding bits to distinguish the frame header mark part and the data part of the packet data frame.
According to the method of the first aspect of the present invention, the length feature of the voice VoIP packet between the communication users in step S6 further includes:
the length characteristics of the data packets are obtained from two aspects of size and parity, if the length of the voice VoIP data packets is random and scattered, a threshold value is set, and the voice VoIP data packets with the lengths exceeding the threshold value and not exceeding the threshold value are respectively encoded into '0' and '1'; if the parity of the packet length is relatively random and scattered, it is classified and encoded according to the parity.
The method according to the first aspect of the present invention is characterized in that said step S6 is performed in accordance with said packet data frame G i Adjusting the sending sequence of the voice VoIP data packet further includes: setting a buffer area to store and sort voice VoIP data packets, if the length characteristics of the voice VoIP data packets to be sent currently are not consistent with the bit positions of the hidden data, searching the voice VoIP data packets meeting the conditions in the buffer area to replace and send the voice VoIP data packets, and if the voice packets meeting the conditions are not found, storing the voice VoIP data packets to be sent currently in the buffer area.
According to the method of the first aspect of the present invention, after the buffer is saturated, all the voice packets in the buffer are emptied and sent out, and a subsequent data frame is constructed, and the non-sent data packets after the interrupt position are continuously sent.
The method according to the first aspect of the present invention, the step S7 further includes: and when a secondary data frame is encountered in the packet length decoding process, performing data coverage according to the interrupt position, and recovering the original packet data frame.
The second aspect of the present invention discloses a system for constructing a hidden channel of a VoIP based on a data packet length, wherein the hidden channel comprises a hidden channel control interface, a hidden channel message interface and a hidden channel execution component, and the system is implemented based on the method for constructing a hidden channel of a VoIP based on a data packet length according to the first aspect.
According to the system of the second aspect of the invention, the hidden channel control interface is positioned at the Linphone interface layer and is used for receiving and processing the control instruction of the user and feeding back the response result; the hidden channel message interface is positioned on a Mediastreamer2 layer in the Linphone SDK and is used for transmitting data and control commands between the hidden channel control interface and the hidden channel execution component; the hidden channel execution component is positioned in an Opus encoding and decoding module of the media stream layer 2 and is used for monitoring and controlling the voice data packet which is encoded and decoded by the Opus to realize the transmission logic of the time hidden channel.
According to the system of the second aspect of the invention, the hidden channel control interface comprises three control commands, namely, sending hidden data, acquiring the hidden data and checking the receiving state.
The third aspect of the present invention discloses a computer readable storage medium, on which a computer program is stored, so as to implement the method for constructing a VoIP hidden channel based on a data packet length according to the first aspect.
In summary, the scheme provided by the invention has the following technical effects:
the invention encodes and decodes the hidden data by utilizing the length characteristics of the data packets, modulates and demodulates the hidden data by adjusting the data packet sequence, and transmits each data packet to transmit the hidden data without additional time expenditure, thereby improving the transmission performance of the hidden data. And each data packet is original data, and the content of the data packet is complete and unmodified, so that the method has strong detection resistance.
The invention constructs packet data frames and continuous data frames, solves the problem of conflict between a data part and a frame header mark by utilizing a bit filling technology, and solves the problem of buffer saturation by a discontinuous transmission method. The reliability of data transmission is greatly improved, and the hidden transmission of secret data is ensured by combining a digital verification method, namely the method has stronger robustness.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a prior art flow of time-hidden channel implementation for packet location adjustment;
fig. 2 is a general architecture of a VoIP time hidden channel according to the present invention;
fig. 3 is a modulation flow chart of the VoIP time hidden channel of the present invention;
fig. 4 is a packet data frame structure of the present invention;
FIG. 5 is a frame structure of a secondary data frame according to the present invention;
FIG. 6 is a flow chart of data processing of a VoIP time hidden channel according to the present invention;
FIG. 7 is a variation of the length characteristics of a voice packet according to the present invention;
FIG. 8 is a variation of the length parity of the inventive voice data packet;
FIG. 9 is a hidden channel block diagram of the present invention;
FIG. 10 is a message interface diagram of the present invention;
fig. 11 is a test result of transmission rate and transmission capacity of a hidden channel according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As shown in fig. 2, the overall architecture of the VoIP time hidden channel of the present invention is as follows:
step 1: and transmitting hidden data between communication users through a time hidden channel to carry out voice call, and capturing the hidden data in the voice call. Wherein, users Alice and Bob transmit hidden data through a time hidden channel, and a listener listens to the VoIP calls of both parties in the network.
Step 2: in the data grouping stage of the modulation process, the hidden data is grouped to generate a message block d with fixed length i 。
Step 3: in the phase of calculating check code, based on CRC algorithm, each message block d is calculated i Is a check value C of (2) i 。
Step 4: in the data encryption stage, the message block d is obtained by using a key shared in advance by both communication parties i Performing AES256 encryption to obtain an encrypted message block D i 。
Step 5: in the pre-encoding phase, the encrypted message block D is used i Check value C corresponding to message block i Constructing packet data frame G i 。
Referring to the design of HDLC, as shown in FIG. 4, a similar data structure is designed to construct a packet data frame G i . The packet data frame is designed to be divided into four parts, first, the start flag of the data frame is set to "01111110", which is the same as HDLC. The next is a length portion, taking 8 bits, of which the lower 4 bits are used to represent the byte length of the block of covert data messages and the middle 2 bits are used toThe upper 2 bits are used to represent the total number of packets for this concealed data transmission. The data portion then carries the block of the covert data message encrypted using AES. The last part is a frame check sequence of the covert data message block, using a cyclic redundancy check (CRC-8).
However, since there may be a bit string that collides with the frame header tag in the data portion of the packet data frame, the receiving side cannot accurately determine the start tag of the data frame, and ambiguity is likely to occur. Thus, a bit string that may have a collision is found in the data portion of the packet data frame and one bit is added to distinguish the frame header tag from the data portion. In particular, the length of the packet data frame, the message block and the data in the check code are retrieved, and 1 bit '0' is filled in after once the consecutive 5 bits are all '1', i.e. the new data is "111110".
Step 6: in the packet length coding stage, the length characteristics of the current voice data packet are monitored according to the packet data frame G i And adjusting the sending sequence of the voice data packets.
In VoIP communication, opus coding is a popular coding algorithm, which provides a coding method of VBR mode, and the data content of the voice data coded by the mode in unit time is continuously changed, that is, the length of the voice data packet is continuously changed. It is this feature of the data packet length that is constantly changing that is used to modulate the buried data. According to the length characteristics of the voice data packet, the voice data packet is converted into '0' and '1' codes, and the voice data packet is mapped into hidden data by adjusting the transmission sequence of the voice data packet, so that a time hidden channel is constructed.
In general, the length characteristics of a packet can be considered in terms of both size and parity. If the length of the data packet is relatively random and scattered, a threshold may be set, and the data packets with lengths exceeding the threshold and not exceeding the threshold may be encoded as '0' and '1', respectively. If the parity of the packet length is relatively random and scattered, it can be classified and encoded according to the parity. Which scheme is used in particular needs to be selected according to the actual characteristics of the VoIP software.
The encoded data packets need to be re-ordered according to the hidden data before being sent to the receiving end. The method comprises the steps of creating a buffer area for storing and sequencing voice data packets, searching the voice data packets meeting the conditions in the buffer area for replacement and sending out if the length characteristics of the voice data packets to be sent currently are not consistent with the bit positions of the hidden data, and storing the voice data packets to be sent currently in the buffer area if the voice data packets meeting the conditions are not found.
Since the length of the buffer is limited, saturation of the buffer must occur during packet reordering. If the length characteristics of the voice packet to be transmitted and all voice packets in the buffer area are not in accordance with the condition when the encoding is needed currently, and if the buffer area is saturated, the voice packet to be transmitted cannot be stored in the buffer area, and then the packet length encoding is forced to be interrupted.
For this situation, it is first clear that the voice data packet cannot be discarded at will, for example, the voice packet to be transmitted is discarded directly, or the voice packet in the buffer is discarded entirely, which is not feasible.
Second, it is necessary to consider the problem of data transmission efficiency. When the buffer is saturated, the voice packets in the buffer can be completely emptied and sent out, so that no packet loss is generated, but the coded data stream of the hidden data is destroyed, and the packet data frame currently being sent needs to be retransmitted from the frame header mark. However, if the length of the packet data frame is long, the method greatly reduces the data transmission efficiency, so that one packet data frame may need to be repeatedly transmitted for success, and when the transmission fails, the transmitted voice packet coded data becomes invalid data, which wastes bandwidth resources and increases the interference of the receiving end on the identification of the packet data frame.
Therefore, the invention adopts a discontinuous mode to solve the problem of buffer saturation. That is, after the buffer area is saturated, all the voice packets in the buffer area are emptied and sent out, and a continuous data frame is constructed, and the non-sent data after the interrupt position is continuously sent to the receiving end, so that intermittent sending is realized, and the structure of the continuous data frame is shown in fig. 5.
Step 7: the VoIP data packet is sent to the receiving end through the network, and the receiving end demodulates according to the reverse order of the modulation process. In the packet length decoding stage, the length characteristics of the voice data packet are monitored for decoding, and the packet data frame G 'is extracted' j 。
When a subsequent data frame is encountered in the decoding process, data coverage is required according to the interrupt position, and the original packet data frame is recovered. Since the packet data frame and the subsequent data frame have the same frame header label, confusion is easy to occur, and the two data frames need to be distinguished: since the buffer flushing operation must be performed before the transmission of the subsequent data frame, i.e., a fixed number of '1's or '0's are continuously transmitted. Thus, it is characterized by this that two data frames can be distinguished.
Step 8: in the data extraction stage, the encrypted message block D 'is extracted from the data frame according to the packet data frame format' j And check code C' j 。
The receiver needs to eliminate bit filling before data extraction, namely after the data part finds out continuous 5 '1's, if the 6 th bit is '0', the receiver deletes the bit, and the operation is executed until all the data of the current packet data frame are processed. Then, length information, an encrypted message block and a check code can be extracted according to the format of the packet data frame, and the subsequent data decryption and data check stages are entered.
Step 9: during the data decryption phase, the AES256 algorithm is used to encrypt the message block D' j Decrypted into message block d' j 。
Step 10: in the data verification phase, d 'is recalculated' j And C' j And comparing and checking the correctness of the data.
Step 11: finally, in the packet merging stage, mergingAll correct message blocks d' j And obtaining complete hidden data.
According to the embodiment of the invention, the VoIP communication software Linphone is taken as an implementation object, the length characteristics of the data packet of the Linphone software in the voice call process are researched and analyzed, and a proper coding scheme is formulated.
And grabbing a data packet within 2 seconds of the Linphone voice call as a sample, and analyzing the length characteristics of the voice data packet. Fig. 7 shows the variation of the length characteristics of the voice data packet in the sample, and it can be seen that the length of the data packet is randomly varied in the voice call process, and the variation range is between 40 bytes and 110 bytes, but the distribution of the length characteristics of the voice data is relatively concentrated, and whether a threshold value exists can not be intuitively found, so that the voice data can be uniformly and discretely classified.
The variation of the parity of the length of the voice data packet in the sample is shown in fig. 8, and it can be seen that the parity distribution of the length of the data packet is relatively uniform and discrete, and has better data distribution characteristics.
Therefore, the present embodiment performs packet length encoding using the length parity of the voice data packet. That is, when the length of the voice packet is even, the encoding is '0'; when the length of the voice data packet is odd, it is encoded as '1'.
As shown in fig. 9, the hidden channel structure constructed according to the present invention includes three modules, namely, a hidden channel control interface, a hidden channel message interface, and a hidden channel execution component. The hidden channel control interface is positioned at the Linphone interface layer and is used for receiving and processing control instructions of users and feeding back response results; the hidden channel message interface is positioned in a Mediastreamer2 layer in the Linphone SDK and is used for transmitting data and control commands between the hidden channel control interface and the hidden channel execution component; the hidden channel execution component is positioned in an Opus encoding and decoding module of the media stream layer 2 and is used for monitoring and controlling the voice data packet which is encoded and decoded by the Opus to realize the transmission logic of the time hidden channel.
As shown in fig. 6, the hidden channel control interface provides three control commands, namely, transmitting hidden data, acquiring hidden data, and checking a receiving state.
All three commands are triggered by a chat interface message box, a message prefix of "@ SCRT@S@indicates sending data, when the commands are triggered, an input message is segmented, the content after the message prefix is regarded as hidden data to be transmitted, and then the hidden data is transferred to a message interface of an SDK layer to wait for sending.
The message prefix "@ SCRT@ R@" indicates that the hidden data is acquired, and when the command is triggered, the message interface of the SDK layer is called to acquire the current received packet hidden data, and the current received packet hidden data is displayed in a message input box according to the transmission sequence.
The message prefix "@ SCRT@ C@" indicates that the receiving state of the hidden data is checked, when the command is triggered, a message interface of the SDK layer is called to check whether all the packet hidden data is received, if so, the hidden data slices are spliced according to the packet sequence, and the complete hidden data content is displayed in the message input box.
The message interface is located in the Mediastreamer2 multimedia tool set, and the interface consists of two parts, namely a JAVA interface provided by the SDK layer for the Linphone interface layer and JNI call facing the time hidden channel execution component in the Opus module, as shown in fig. 10.
In order to realize memory isolation and internal data protection, in the software architecture design of the Linphone, the SDK layer and the interface layer carry out data transmission through a JAVA interface. Therefore, in this embodiment, the interfaces of each part are added according to the same mode, so as to realize interaction between the hidden channel control interface and the hidden channel execution component. In addition, in order to implement the message transmission function, it is necessary to implement the mutual conversion of the JAVA data type and the C data type, solving the related problems caused by the difference of the data types.
The time hidden channel construction method provided by the invention is based on the length characteristics of the data packet for modulation and demodulation. In Linphone, the processing work of voice data is realized in the media stream 2 multimedia tool set, and the MSFilter object is used for abstracting the processing procedure, so that the encoding and decoding of the voice data and the transmission and the reception of RTP data are realized.
The MSFilter has logic sequence, and the voice data is processed according to the sequence. Adjacent MSFilter will share a buffer area, after the last MSFilter processes the data, the processing result will be output to the buffer area, the buffer area will be the input data of the next MSFilter, continue to process until all MSFilter objects finish the data processing, the sender sends out the data through the network, and the receiver plays the voice data.
The hidden channel execution component is positioned in an Opus module in a multimedia tool set of the Mediastreamer2, and mainly relates to two MSfilters: msopusen and MSOpusDec correspond to modulation and demodulation of the buried data, respectively.
For the hidden data modulation process, the following is specific:
and receiving the hidden data through the message transmission interface, processing the hidden data and constructing a packet data frame. The processing process of the hidden data comprises data slicing, data encryption and data verification.
Firstly, the hidden data are sliced into a group of 8 bytes to generate a message block d with fixed length i The method comprises the steps of carrying out a first treatment on the surface of the Next, a CRC check code C of each packet data is calculated separately i The method comprises the steps of carrying out a first treatment on the surface of the Subsequently, each block data is subjected to AES256 encryption to obtain an encrypted message block D i The method comprises the steps of carrying out a first treatment on the surface of the Finally, the packet data frame G is constructed according to the encrypted message block and the CRC check code i 。
After the packet data frame is obtained, the data content of the packet data frame is cyclically modulated by means of msopusen, in particular in the Opus encoding function ms_opus_enc_process, as shown in algorithm 1.
For the mode of demodulating the hidden data, the embodiment demodulates the received voice data packet in the MSOpusDec, specifically, the embodiment is implemented in the Opus decoding function ms_opus_dec_process, and the hidden data is demodulated based on the parity of the length of the voice data packet, and the specific process is shown in algorithm 2.
Acquiring packet data frame G i Then, firstly, performing bit elimination, searching a bit string '111110' in the data after the frame header mark, and eliminating the '0' of the last bit; secondly, extracting the encrypted message block D according to the data frame format i And performing AES256 decryption to obtain a message block d i The method comprises the steps of carrying out a first treatment on the surface of the According to message block d i Recalculating the CRC check code and correlating it with the check code C in the packet data frame i Checking; after checking, the message block d i And sending the control command to a message transmission interface to wait for a user control command.
The test development environment used in the embodiment is shown in table 1, the test platform is two Android mobile phones, the mobile phone model is samsung 973F, and the operating system version is Android 10.0. The Linphone source code adopts Linphone Android 4.2.3 and Linphone SDK 4.3.0, the Android SDK version adopted by the compiling environment is 29, and the Android NDK is 20b.
3 network environments are set for testing, namely WiFi-WiFi, 4G-WiFi and 4G-4G, 16 bytes of hidden data are transmitted each time, the testing time is 1 minute, 10 tests are combined into a group, and 10 groups of tests are carried out. Judging whether the receiver can receive and accurately restore the hidden data in the test time.
Table 1 test environment configuration table
| Environmental objects | Detailed information |
| Mobile phone platform | Three stars G973F, android 10.0 |
| Test network | 4G network, wiFi 2.4G |
| Software version | Linphone Android 4.2.3,Linphone SDK 4.3.0 |
| Compiling environment | Ubuntu 16.04,Android SDK 29/NDK 20b |
The judgment basis of the feasibility test is whether the receiving end of the time hidden channel can completely and accurately receive the hidden data. In three different network environments, the call process in the different scenarios was simulated, and whether embodiment 1 was able to transmit hidden data with a higher success rate was tested.
The test results under different scenes are shown in table 2, and the transmission success rate of the hidden data is more than 80%. When the 4G network is accessed, the link is unstable due to the increase of the network complexity, and the transmission success rate is reduced along with the increase of the packet loss rate; in a WiFi-WiFi scene, the Linphone establishes a P2P link based on the LAN, and the transmission success rate is higher due to lower packet loss rate.
Table 2 hidden channel transmission success rate
| Test network | Number of successes | Success rate | Average packet loss rate |
| WiFi-WiFi | 95 | 95% | 0.41% |
| WiFi-4G | 83 | 83% | 2.36% |
| 4G-4G | 81 | 81% | 1.05% |
In the transmission performance test, the transmission rate and the transmission capacity of the time hidden channel are calculated so as to judge whether the transmission performance of the time hidden channel is efficient.
Assuming that the data length of the hidden data to be transmitted is K bits, and the number of voice packets used for modulating the hidden data is N, the transmission capacity of the time hidden channel is defined as c=k/N, that is, the hidden data of K bits requires N voice packets to be transmitted. Assuming that the time taken to transmit the hidden data is T, the transmission rate of the time hidden channel is defined as s=k/T.
The test is performed with 16 bytes of hidden data as a sample, and the lengths of the data slices in the packet data frame are set to 4 bytes, 6 bytes, 8 bytes, 10 bytes, and 12 bytes, respectively. The test results of the transmission rate and transmission capacity are shown in fig. 11.
As can be seen from fig. 11, the transmission performance of the hidden channel is highest when the data slice length is set to 8 bytes. This is because the transmission performance of the hidden channel is related to the length of the data slice in the packet data frame, and the longer the data slice, the smaller the proportion of the frame header flag and the check code is, the higher the transmission rate is.
However, increasing the length of the data slice means increasing the complexity of packet length coding, and increasing the breakpoint continuity, which results in reduced transmission performance and is more susceptible to interference from network noise during transmission.
In addition, the comparison results of the embodiment and the existing SPCC hidden channel and the RPDCTC hidden channel in time are shown in the table 3, and the transmission performance of the VoIP time hidden channel constructed by the method of the invention can be seen to be higher.
TABLE 3 hidden channel transmission rate comparison
| This embodiment | SPCC | RPDCTC |
| 4.05b/s | 0.8-3.0b/s | 1.0-2.0b/s |
The invention also provides a computer readable storage medium, on which a computer program is stored, to implement the method for constructing the VoIP hidden channel based on the data packet length as described above.
In summary, the method for constructing the VoIP hidden channel based on the data packet length of the invention utilizes the length characteristics of the data packet to encode and decode the hidden data, modulates and demodulates the hidden data by adjusting the data packet sequence, transmits each data packet to transmit the hidden data without additional time expenditure, improves the transmission performance of the hidden data, solves the problem of conflict between a data part and a frame header mark by constructing a packet data frame and a continuous data frame and utilizes a bit filling technology, and provides a discontinuous transmission method to solve the problem of saturation of a buffer area. The reliability of data transmission is greatly improved, and the hidden transmission of secret data is ensured by combining a digital verification method.
Note that the technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be regarded as the scope of the description. The foregoing examples represent only a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.
Claims (10)
1. The method for constructing the VoIP hidden channel based on the data packet length is characterized by comprising the following steps:
step S1: the communication users transmit hidden data through a time hidden channel to carry out voice call, and the hidden data in the voice call is captured;
step S2: data grouping is carried out on the hidden data to generate a message block d with fixed length i ;
Step S3: calculating a check code based on a CRC algorithm, and calculating each message block d i Is a check value C of (2) i ;
Step S4: message block d using the previously shared key of the communication user i Performing AES256 encryption to obtain an encrypted message block D i ;
Step S5: using encrypted message block D i And corresponds to the message block d i Corresponding check value C i Constructing packet data frame G i ;
Step S6: monitoring the length characteristics of the voice VoIP data packet between the communication users, according to the packet data frame G i Adjusting the sending sequence of the voice VoIP data packet;
step S7: the voice VoIP data packet is sent to a receiving end through a network, the receiving end demodulates according to the reverse sequence of the modulation process, in the packet length decoding stage, the length characteristics of the voice data packet are monitored for decoding, and the packet data frame G 'is extracted' j ;
Step S8: extracting the encrypted message block D 'from the data frame according to the packet data frame format' j And check code C' j ;
Step S9: the encrypted message block D 'is processed using the AES256 algorithm' j Decryption into message block d j ' finish data decryption;
step S10: recalculating d j 'check value, and C' j Comparing, checking data and checking the correctness of the data;
step S11: merging all correct message blocks d j ' complete covert data is obtained.
2. The method according to claim 1, wherein the step S5 further comprises:
and searching bit strings which possibly have conflicts in the data part of the packet data frame, and adding bits to distinguish the frame header mark part and the data part of the packet data frame.
3. The method according to claim 2, wherein the length feature of the voice VoIP packet between the communication subscribers at step S6 further comprises:
the length characteristics of the data packets are obtained from two aspects of size and parity, if the length of the voice VoIP data packets is random and scattered, a threshold value is set, and the voice VoIP data packets with the lengths exceeding the threshold value and not exceeding the threshold value are respectively encoded into '0' and '1'; if the parity of the packet length is relatively random and scattered, it is classified and encoded according to the parity.
4. A method according to claim 3, wherein said step S6 is performed in accordance with said packet data frame G i Adjusting the sending sequence of the voice VoIP data packet further includes: setting a buffer area to store and sort voice VoIP data packets, if the length characteristics of the voice VoIP data packets to be sent currently are not consistent with the bit positions of the hidden data, searching the voice VoIP data packets meeting the conditions in the buffer area to replace and send the voice VoIP data packets, and if the voice packets meeting the conditions are not found, storing the voice VoIP data packets to be sent currently in the buffer area.
5. The method of claim 4 wherein after the buffer is saturated, all voice packets in the buffer are emptied and sent out, and a subsequent data frame is constructed, and the non-sent data packets after the interrupt location continue to be sent.
6. The method according to claim 5, wherein: the step S7 further includes: and when a secondary data frame is encountered in the packet length decoding process, performing data coverage according to the interrupt position, and recovering the original packet data frame.
7. The utility model provides a VoIP hidden channel construction system based on data packet length which characterized in that: the hidden channel comprises a hidden channel control interface, a hidden channel message interface and a hidden channel execution component, and the system is realized based on the VoIP hidden channel construction method based on the data packet length as set forth in claims 1-6.
8. The system according to claim 7, wherein: the hidden channel control interface is positioned at the Linphone interface layer and is used for receiving and processing control instructions of users and feeding back response results; the hidden channel message interface is positioned on a Mediastreamer2 layer in the Linphone SDK and is used for transmitting data and control commands between the hidden channel control interface and the hidden channel execution component; the hidden channel execution component is positioned in an Opus encoding and decoding module of the media stream layer 2 and is used for monitoring and controlling the voice data packet which is encoded and decoded by the Opus to realize the transmission logic of the time hidden channel.
9. The system according to claim 8, wherein: the hidden channel control interface comprises three control commands, namely sending hidden data, acquiring the hidden data and checking the receiving state.
10. A computer-readable storage medium, characterized by: the computer readable storage medium stores a computer program for implementing the VoIP hidden channel construction method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311468920.1A CN117614851A (en) | 2023-11-07 | 2023-11-07 | VoIP hidden channel construction method, system and medium based on data packet length |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311468920.1A CN117614851A (en) | 2023-11-07 | 2023-11-07 | VoIP hidden channel construction method, system and medium based on data packet length |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117614851A true CN117614851A (en) | 2024-02-27 |
Family
ID=89947188
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311468920.1A Pending CN117614851A (en) | 2023-11-07 | 2023-11-07 | VoIP hidden channel construction method, system and medium based on data packet length |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117614851A (en) |
-
2023
- 2023-11-07 CN CN202311468920.1A patent/CN117614851A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101584829B1 (en) | Recovery of transmission errors | |
| JP4321284B2 (en) | Streaming data transmission apparatus and information distribution system | |
| JP6523249B2 (en) | Method and apparatus for compressing packet header | |
| KR101611630B1 (en) | Recovery of transmission errors | |
| CN110324115B (en) | Data transmission method and device, storage medium and terminal equipment | |
| JP5392102B2 (en) | Apparatus and method for reducing overhead in a wireless network | |
| JP2002027023A (en) | Device and method for wireless data transmitting/ receiving | |
| CN108631792B (en) | Method and device for encoding and decoding polarization code | |
| CN104703176A (en) | Configuration method of wireless network, intelligent terminal and wireless network equipment | |
| WO2016015222A1 (en) | Data encryption and transmission method and device | |
| US10630426B2 (en) | Redundancy information for a packet data portion | |
| CN114710558B (en) | Asynchronous secure transmission channel construction method based on cloud storage | |
| Nain et al. | A reliable covert channel over IEEE 802.15. 4 using steganography | |
| WO2018214070A1 (en) | Decoding method and device | |
| JP2003188854A (en) | Method of blind transport format detection | |
| CN113301051A (en) | Data transmission method and device, computer storage medium and processor | |
| KR20080057201A (en) | Method and apparatus for recovering protocol error in a wireless communications system | |
| US8615051B2 (en) | System and method for effectively transferring electronic information | |
| CN117614851A (en) | VoIP hidden channel construction method, system and medium based on data packet length | |
| CN101426005B (en) | IP data packet packaging, sending and receiving method for wireless broadcast system | |
| CN106664155B (en) | Method and apparatus for transmitting and receiving packet in communication system | |
| JPWO2018109906A1 (en) | Message authentication system, apparatus, and message verification method | |
| KR20160123562A (en) | Receiver for processing data packet and data packet processing method of receiver | |
| CN109842548B (en) | Method and system for carrying multiple data streams on QQ network telephone | |
| CN114978603B (en) | Data merging and transmitting method with receiving and judging capability and system thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |