Date Added: Jul 2009
In 2005, an extensive taxonomy of threats for VoIP was published by a prominent industry group. Strangely, this taxonomy does not identify stegocommunication as a threat, even though many steganographic channels have been identified in VoIP protocols. To avoid such security gaps in the future, the authors' argue that stegocommunication should be added to the traditional list of network threats: interruption, interception, modification, fabrication. The stegocommunication threat arises when the communication channel is purchased, provided, or supervised by anyone other than the communicating parties. The paper illustrates a stegocommunication threat to a business owner Charles. If Charles purchases a VoIP service for business-related communications by an employee Alice, then he faces the risk that Alice may undetectably communicate a business secret to an outside party Bob.