Академический Документы
Профессиональный Документы
Культура Документы
Low rate data exchange (e.g., chat) using audio steganography, ensuring privacy, anonymity and cybersecurity
Introduction
With increasing levels of online data surveillance, user activity tracking and user profiling, threats to online data security and user
privacy continues to worry most of "us", normal users. But, can we do anything to protect our privacy when even the most
widespread tools seem to fail this goal? The answer is "yes". The following video inspired me in trying to contribute:
After some months of hard work, the result is the Android App shown below, a solution which actually works!
..and to be honest, it works really well ! ..for almost no money, besides a few bucks needed for cables and adapters:
AC4PGC (Audio Chat for Pretty Good Concealing) - "SECRET Audio Chatting"
While Videoconferencing!
https://www.codeproject.com/Articles/5161775/Audio-Chat-for-Pretty-Good-Concealing-AC4PGC-Part?display=Print 1/11
22/07/2019 Audio Chat for Pretty Good Concealing (AC4PGC) - Part I - CodeProject
AC4PGC (Audio Chat for Pretty Good Concealing) - Screenshot of Loop Test
https://www.codeproject.com/Articles/5161775/Audio-Chat-for-Pretty-Good-Concealing-AC4PGC-Part?display=Print 2/11
22/07/2019 Audio Chat for Pretty Good Concealing (AC4PGC) - Part I - CodeProject
Steganography, a "game changer" in this context has not yet spread out. The practice of steganography (data hiding in an
innocuous carrier-medium) has lots of potential to contribute in a meaningful way towards mitigating some of these concerns. The
https://www.codeproject.com/Articles/5161775/Audio-Chat-for-Pretty-Good-Concealing-AC4PGC-Part?display=Print 3/11
22/07/2019 Audio Chat for Pretty Good Concealing (AC4PGC) - Part I - CodeProject
present idea embodies audio steganography methods for embedding a covert message within a digital audio signal transmitted
over an analog channel used as a data-diode. Two devices, A and B, are only connected e.g., over their speaker and microphone
interfaces (speaker1 --> mic2, mic1 <-- speaker2), resulting in two separate physical channels, each allowing controlled
unidirectional data transmission, behaving like a data-diode; thus providing the basis for independent transmission and reception
channels which will not allow any infection or leakage of data.
Warning: Connecting audio interfaces as shown in Figure 1 may damage your device! Although I experienced no
problems when doing all sorts of things with several different devices, care shall be taken considering the allowed input
levels of the microphone/line-in interfaces. Modern devices adapt their impedance automatically depending on the
detected audio signal level, so in the general case no problems will occur.
Devices B and C, possibly separated by a long distance, communicate with each other transmitting bidirectional audio information
over an open network (over a public switched telephone network (PSTN), the internet, or any other network) and using standard
communication protocols like VoIP. Devices B and C could be two laptops making a videoconference or teleconference using
https://www.codeproject.com/Articles/5161775/Audio-Chat-for-Pretty-Good-Concealing-AC4PGC-Part?display=Print 4/11
22/07/2019 Audio Chat for Pretty Good Concealing (AC4PGC) - Part I - CodeProject
Skype, or even better, using qTox. Devices B and C could also be mobile phones or landline-telephones. Devices A and D could be
two smartphones. The main assumption is that all these devices make use of standard interfaces and technologies and are
vulnerable to exploits of all sorts. Concealed communication between devices A and D is achieved by “plugging” them between the
audio peripherals (e.g. speaker and microphone) and devices B and C, as shown in Figure 2, thus being able to use the audio carrier
as a transmission media for secret messages. In addition, the secret messages can be encrypted. Devices A and D have each a
display to show the secret messages and an input interface to enter them (e.g. a smartphone touch-screen combining both). Before
connection establishment, devices A and D shall be put offline in order to prevent any information leakage. This can be done, e.g.,
by turning off the following interfaces if available:
WLAN
LAN
Bluetooth
USB
While offline, devices A and D offer “almost” Air-Gap conditions increasing security. These devices are connected only via analog
audio interfaces to B and C, thus implementing two data-diodes which prevent any attacks from outside or leakage of information.
That is, during session establishment, the generated or typed keys cannot be sent to an attacker. This is a kind of “enhanced”-end-
to-end encryption which is one of the major advantages of this method.
Further Features
Alternatively, assuming the possibility to connect other “trusted networks or devices”, devices A and D can be used to receive and
send the message from/to other sources, offering for example the following services:
https://www.codeproject.com/Articles/5161775/Audio-Chat-for-Pretty-Good-Concealing-AC4PGC-Part?display=Print 5/11
22/07/2019 Audio Chat for Pretty Good Concealing (AC4PGC) - Part I - CodeProject
In the example presented in Figure 3, the stego-device D offers services (repeater, gateway, tunnel, adapter) to device E located in a
trusted network. Depending on the service used, the “enhanced” end-to-end encryption is realized between devices A and E or
between devices A and D. In this example, the source and recipient of secret messages are devices A and E, or the “users” working
on these devices.
In AC4PGC, the "Gateway Mode" is already implemented, allowing to forward messages received over sockets and vice
versa. That is, the following connections are supported:
Communication Protocol
Due to possible loss, corruption or repetition of data during transmission and reception, as well as the need to exchange a public
key in each session, a simple communication protocol is required. Besides the data field, the telegrams of the stego-protocol consist
at least of the following fields:
sequence-number
CRC
telegram type (types: key-exchange, chat, acknowledge,..)
When required, the chat information will be retransmitted. In idle-mode, when no data is transmitted, the protocol transmits instead
dummy-telegrams with pseudo-random bits as a countermeasure against steganalysis. On correct reception of data, the receiver
will reply with a positive acknowledge. On timeout of a retransmission timer or reception of a “negative” acknowledge, the sender
will retransmit the last telegram. The complete communication protocol is transmitted as embedded steganographic data, hidden in
the carrier. In order to increase the defense against steganalysis, the telegram bits can be “scrambled” every time according to a
pseudo-random generator, which is initialized with the session key calculated after exchanging the public key at startup. This
feature will keep the statistical distribution of the audio signal at “normal” levels. The public cryptographic keys can be exchanged
during connection establishment using Diffie-Hellman. The session key is the same on each side obtained as a function of the
public key and the own private key: K = g^ab mod(p) = g^ba mod(p) Everything is based on the previous agreement on a prime
(p) and a generator (g) upon which the private keys are generated and the public keys are calculated.
Message Embedding
The following diagram shows the details of message embedding:
https://www.codeproject.com/Articles/5161775/Audio-Chat-for-Pretty-Good-Concealing-AC4PGC-Part?display=Print 6/11
22/07/2019 Audio Chat for Pretty Good Concealing (AC4PGC) - Part I - CodeProject
In Figure 4, a rough overview of the stego-embedding and encryption is presented. The input message mA is entered with a
keyboard or touch-screen and then immediately encrypted with the encryption key (Key 4). The result is mAe. The encrypted
message mAe is then encoded applying the channel/stego-algorithm which uses Key 3. Key 3 consists of the specific “settings”
used for stego-embedding (like threshold values). The values of Key 3 and Key 4 may be derived from the session key exchanged
during connection establishment. A simple steganographic algorithm based on multiple-FSK (Frequency Shift Keying) converts
each of the bits in the input message (mAe) to different frequencies within the bandwidth of the carrier signal. In order to avoid
distortions introduced by the carrier signal a “dedicated/exclusive” and sufficiently small frequency range can be used which does
not overlap to the frequencies used by the voice. Because the bandwidth used by the voice is completely used, this requires that the
carrier signal gets the embedding-frequency-range removed/filtered with a band-stop filter FcA. Advanced embedding-techniques
may take the carrier signal cA in consideration in the process of embedding. That is, the embedding process may depend on the
current value of the carrier signal. The correction factor SA (Stego-Amplitude) is selected according to the expected or measured
channel conditions, especially depending on the Signal-to-Noise ratio (SNR):
https://www.codeproject.com/Articles/5161775/Audio-Chat-for-Pretty-Good-Concealing-AC4PGC-Part?display=Print 7/11
22/07/2019 Audio Chat for Pretty Good Concealing (AC4PGC) - Part I - CodeProject
The SA value is selected so the embedded-stego-signal is close to the noise level. Depending on the technique used, the
embedded-stego-signal can even be below the noise level. Then, with help of a correlation function, the message can be recovered.
For standard applications without “a-priori” knowledge of the channel conditions, a value of SA = MAX_AMP/1000 shows good
results. That is, with this value, the embedding is not perceptible by the human ears and it can still be recovered out of the noise
present in the carrier signal. As explained before, the carrier signal cA is filtered with a “band-stop” filter FcA which removes the
frequency range used for coding the stego message. Then, it is multiplied by the factor (1-SA) which adapts the signal to such an
amplitude that, when added with the stego-signal, it can never exceed the maximum level and saturate. With this, the signal output
to the speaker interface of the device is:
XA = cAf*(1-SA) + mAeS*SA
When considering in addition some noise added in the communication channel, we have:
YA = cAf*(1-SA) + mAeS*SA + nA
It is important to note that the channel noise is an advantage and a disadvantage at the same time. If well implemented, the
steganographic modifications embedded at noise-level will survive the transmission and will be detected correctly at the recipient.
In that case, the channel noise offers a good concealment so the attacker is not able to distinguish between natural noise and
embedding noise. On the other side, the channel noise may be too high or there may be other channel disturbances, which affect
the hidden communication.
In that case, we rely on the steganographic protocol described above, which takes care to retransmit data if required. We don't have
to forget that all carrier signals will inevitably have some added noise, being the most usual the “pink-noise”.
This “indistinguishable” noise has not been explicitly shown in Figure 4 and is just considered to be part of cA. On the top of Figure
4, the inverse process (decoding and extraction) is shown which demonstrates how the message can be recovered.
The “band-pass” filter FYB-pass will give as a result YBf, which contains only the frequency-range of the input signal yB, where the
embedded information was transmitted by the other device:
YB = cBf*(1-SA) + mBeS*SA + nB
YBf = mBeS*SA + nB’
Then, YBf is multiplied by the factor 1/SA giving back mBeS’, a “very approximate” version of mBeS. mBeS’ can be then stego-
decoded and decrypted to give back the original message mB. As mentioned before, the actual implementation will not transmit mB
directly, as shown in the simplified overview, but it will instead transmit a telegram containing mB. The telegram will support error
detection and correction assuring consistency, data integrity and timeliness. On error detection, the recipient can send back a
“negative acknowledge” or simply do nothing and wait for the retransmission timeout on the sender side to expire. Finally, the
„optional“ use of filter FYB-stop will result in YB‘ ~ Voice B which is output to the speaker. Even without the filter FYB-stop, a human
user is not able to perceive the embedded-signal or the missing frequencies in the voice B.
Cybersecurity Considerations
As explained above, in the stego-devices, we shall avoid the use of standard digital interfaces like WLAN, LAN, Bluetooth and USB,
all of which are known to be vulnerable against exploits. This dramatically reduces the number of measures required when
compared with devices which are online. Ironically, in the era of "digitalization", a solution based on the "good old analog
communication" seems to overcome many of the security problems we face when dealing with digital communication. The
following figure presents the layers involved in this idea and shows some of its advantages. Layers 1 up to 7 are realized in the
stego-device, offering a multiplicity of keys. Layers 7 to 9 are in the host device, which is unaware of all layers "below". As far as it
concerns, it only transports the voice (audio carrier).
https://www.codeproject.com/Articles/5161775/Audio-Chat-for-Pretty-Good-Concealing-AC4PGC-Part?display=Print 8/11
22/07/2019 Audio Chat for Pretty Good Concealing (AC4PGC) - Part I - CodeProject
As usual, we shall assume that all protocols, even the "proprietary" stego-protocol, are open and only the “keys” are secret.
That is, security shall only depend on the keys and not on the algorithms.
Summary
In short, some of the main points of the method presented in this article are:
Additional device “plugged” between audio peripherals and “unsafe” communication device
Simple communication protocol with error detection and correction
Bits of telegrams of communication protocol scrambled as a measure against steganalysis
Stego/channel-encoding based on multi-FSK in a reduced frequency range:
The proposed embedding technique is for sure not the "strongest" against steganalysis, but it works well, providing a good
compromise between complexity, real-time behavior, audio quality and robustness.
This, and many other aspects of this idea can be improved in future.
https://www.codeproject.com/Articles/5161775/Audio-Chat-for-Pretty-Good-Concealing-AC4PGC-Part?display=Print 9/11
22/07/2019 Audio Chat for Pretty Good Concealing (AC4PGC) - Part I - CodeProject
Advantages
The following cannot be compromised during session:
Geolocation of users
IP of users
Identity of users
Quantity of communication
Message length
The fact that „this technique“ is being used
Solution based on „ubiquitous“ and cheap technologies (audio interfaces) making it accessible for everyone.
Solution can be used virtually with any communication device which has an audio interface like e.g. telephone, mobile-
phone, laptop, desktop PC, tablet.
In Germany, a large amount of unused and outdated smartphones (from a total of over 100 million) are available for use as
additional hardware. Therefore, besides the low-cost audio cable and the chat application, no investment is needed. The
user will sure be happy to give the old nice device a meaningful use.
Additional features like, e.g., Gateway functionality allow an increased flexibility and reuse of existent infrastructure and
extension of current chat applications.
Points of Interest
Borrowing some words from Andy Yen (see link above):
"What we have here is just the first step, but it shows that with improving technology privacy doesn't have to be difficult, it
doesn't have to be disruptive. Ultimately, privacy depends on each and everyone of us. And we have to protect it now
because our online data is more than just a fractions of ones and zeros. It's actually a lot more than that. It's our lives, our
personal stories, our friends, our families, and in some ways also our hopes and aspirations. So, now it's the time for us to
stand up and say: yes, we do want to live in a world with online privacy. And yes, we can work together to turn this vision
into reality!".
History
2019.07.08: Part I of article posted
License
This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)
https://www.codeproject.com/Articles/5161775/Audio-Chat-for-Pretty-Good-Concealing-AC4PGC-Part?display=Print 10/11
22/07/2019 Audio Chat for Pretty Good Concealing (AC4PGC) - Part I - CodeProject
https://www.codeproject.com/Articles/5161775/Audio-Chat-for-Pretty-Good-Concealing-AC4PGC-Part?display=Print 11/11