Hiding data in SIP session

Steganography is method of hiding data inside of existing channels of communications. SIP is one of the key protocols used to implement Voice over IP. It is used for establishing, managing and termination of the communication session. During the call, SIP is used for changing parameters of the session as well as for the transfer of DTMF or instant messages. We analyzed scenario where two users (Alice and Bob) want to exchange hidden message via SIP protocol. Their call is established over Kamailio, SIP Proxy server. We were interested in a number of SIP messages that are exchanged during the call with an average duration of 60 seconds. Then we used SNORT IDS with hard coded rules and AD.SNORT (Anomaly Detection) for detecting irregularities while we increased the number of SIP messages. Finally, we calculated the available steganographic bandwidth, amount of hidden data that can be transferred in these messages. The results obtained from the experiments show that it is possible to create a covert channel over SIP with bandwidth of several kbps.