Stegozoa: Enhancing WebRTC Covert Channels with Video Steganography for Internet Censorship Circumvention

Stegozoa: Enhancing WebRTC Covert Channels with Video Steganography for Internet Censorship Circumvention

연구 분야: Strategies

학회: ASIA CCS '22: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

Several totalitarian states around the world deploy sophisticated censorship apparatuses to prevent citizens from freely accessing the Internet. To counter these restrictions, some censorship-circumven-tion tools establish covert channels through the media streams of popular conferencing applications. A recent tool named Protozoa allows for establishing high-performing, peer-to-peer covert channels over WebRTC media streams. However, Protozoa is vulnerable to potential man-in-the-middle attacks. This may occur in cases where WebRTC applications rely on WebRTC gateways to mediate users' connections. In such cases, an adversary that controls the WebRTC gateway can inspect the content of the media streams and trivially detect the transmission of covert payload. This work proposes Stegozoa, a new censorship-circumvention tool that aims to foil the ability of adversaries in control of WebRTC gateways to detect covert data transmissions. Specifically, Stegozoa steganographically embeds covert data into the WebRTC video signal, preventing the detection of the covert payload through direct video content inspection. To this end, Stegozoa leverages state-of-the-art steganography techniques, applying them deep within WebRTC's video coding pipeline and fine-tuning them to efficiently use the available covert channel capacity while ensuring undetectability. We have fully implemented Stegozoa based on an instrumented Chromium codebase. Our evaluation reveals that Stegozoa can create secure WebRTC covert channels that are highly resistant to steganalysis and traffic analysis attacks. Despite the expected reduction in performance that was traded for stronger security, Stegozoa can deliver a reasonable throughput, allowing its users to run low-bandwidth message exchanging tasks.