Two Party Covert Communication Over MSN Messenger System Using Emoticons
by Armando Pantoja
As popular as emoticons are today for conveying emotion, they also present an opportunity for covert channel communication.
A covert channel is a communications channel which allows information to be transferred in a way that was not intended by the creators of the system. An effective covert channel requires three indispensable properties: plausibility, undetectability, and indispensability.
MSN Messenger emoticons are useful for covert channel communication because they satisfy all three properties. MSN is used all over the world for communication in the workplace as well as in the home. It has constantly been one of the top three instant messenger application over the last ten years, therefore its use is extremely plausible.
Users tend to pepper each line of text with several emoticons during an average conversation, therefore a third-party listener would have no idea that a secret message was being transmitted. As a result, this system is very undetectable, with emoticons' popularity that have essentially now become a part of the alphabet and are indispensable.
The objective of this system is to covertly send data from one client to a host.
In order to send messages over the covert channel, two bits of the covert message block is transmitted per line of text, and, for simplicity's sake, only one emoticon can be sent with each line of text. Eight different emoticons were chosen and were separated into two classes, happy class and sad class. The emoticons were chosen by the particular emotion they were trying to convey and needed to closely match the other emotions in its respective class.
The channel can be represented as such:
Bit Transmittedd Happy Class Sad Class 00 :) :'( 01 :d :( 10 ;) :| 11 :p :-| This system was implemented on top of the DotMSN open-source .NET messenger library, created by Xih Solutions, and was written in Visual Basic.
There is a sender (Alice), which sends both the overt message and the covert one and a receiver (Bob) which writes the results to a text file. This system tried to avoid detection by an independent observer (Wendy) by encoding the message in a series of emoticons.
The covert message is typed in the auxiliary window of the sender (Alice), the user then clicks the button "Start Transmission," and this converts the ASCII text into binary.
Bit-by-bit; this binary representation is transmitted over the MSN network via the above emoticons along with the overt message.
For example, if the user types in :), if the :) is transmitted successfully, the other recipient will read this as a 0, if it is shifted, the recipient will read this as a 1.
Once eight bits have been transmitted, the recipient converts the binary back to ASCII and writes the result to a file. Wendy would have no idea that this was happening because she would have no idea what emoticon the sender (Alice) chose to send because similar emoticons, conveying similar emotions, were chosen to be shifted by the system.
The information rate of this channel depends on the amount of emoticons that the user uses. If we assume that the user uses emoticons in every line of text and sends an average of 12 to 16 messages per minute, the throughput of this channel is two to four bits per minute. This low throughput is acceptable given the strong covertness of the channel. This channel would be perfect for transmitting a key of an encrypted file via MSN undetected.
The low bit rate is adequate for sending very short messages and encryption keys. The advantage of this system over other methods of covert communication is that it is extremely plausible and undetectable.
A few items in this system require further work to increase and secure communication including checksums and multiple emoticon handling to make this channel truly lossless.
In principle, this system allows an unlimited amount of emoticons to be used in one line of text, increasing the rate of transmission exponentially. This system is not limited to just MSN Messenger, but could be used on any instant messaging system where emoticons are used, including AOL Instant Messenger, Yahoo! Messenger, and even cell phone SMS.