This Article 
 Bibliographic References 
 Add to: 
Privacy in VoIP Networks: Flow Analysis Attacks and Defense
April 2011 (vol. 22 no. 4)
pp. 621-633
Mudhakar Srivatsa, IBM T.J. Watson Research Center, Hawthorne
Arun Iyengar, IBM T.J. Watson Research Center, Hawthorne
Ling Liu, Georgia Institute of Technology, Atlanta
Hongbo Jiang, Huazhong University of Science and Technology, Wuhan
(A short version of this paper appears in IEEE INFOCOM 2009: Peer-to-peer VoIP (voice over IP) networks, exemplified by Skype [5], are becoming increasingly popular due to their significant cost advantage and richer call forwarding features than traditional public switched telephone networks. One of the most important features of a VoIP network is privacy (for VoIP clients). Unfortunately, most peer-to-peer VoIP networks neither provide personalization nor guarantee a quantifiable privacy level. In this paper, we propose novel flow analysis attacks that demonstrate the vulnerabilities of peer-to-peer VoIP networks to privacy attacks. We then address two important challenges in designing privacy-aware VoIP networks: Can we provide personalized privacy guarantees for VoIP clients that allow them to select privacy requirements on a per-call basis? How to design VoIP protocols to support customizable privacy guarantee? This paper proposes practical solutions to address these challenges using a quantifiable k-anonymity metric and a privacy-aware VoIP route setup and route maintenance protocols. We present detailed experimental evaluation that demonstrates the performance and scalability of our protocol, while meeting customizable privacy guarantees.

[1] "GT-ITM: Georgia, Tech Internetwork Topology Models,", 2010.
[2] "The Network Simulator NS-2,", 2010.
[3] "The Network Simulator NS-2: Topology Generation," , 2010.
[4] "Phex Client," http:/, 2010.
[5] "Skype—The Global Internet Telephone Company," http:/, 2010.
[6] "Telegeography Research," http:/, 2010.
[7] A. Back, I. Goldberg, and A. Shostack, "Freedom 2.1 Security Issues and Analysis," Zero Knowledge Systems, Inc., White Paper, 2001.
[8] A. Blum, D. Song, and S. Venkataraman, "Detection of Interactive Stepping Stones: Algorithms and Confidence bounds," Proc. Seventh Symp. Recent Advances in Intrusion Detection (RAID), 2004.
[9] D. Chaum, "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms," Comm. ACM, vol. 24, no. 2, pp. 84-88, 1981.
[10] R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Second Generation Onion Router," Proc. 13th USENIX Security Symp., 2000.
[11] D.L. Donoho, A.G. Flesia, U. Shankar, V. Paxson, J. Coit, and S. Staniford, "Multiscale Stepping Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay," Proc. Fifth Symp. Recent Advances in Intrusion Detection (RAID), 2002.
[12] "Eclipse. Aspectj Compiler," http://eclipse.orgaspectj, 2010.
[13] "FBI. Letter to FCC," , 2009.
[14] B. Fortz and M. Thorup, "Optimizing OSPF/IS-IS Weights in a Changing World," IEEE J. Selected Areas in Comm., vol. 20, no. 4, pp. 756-767, May 2002.
[15] M.J. Freedman and R. Morris, "Tarzan: A Peer-to-Peer Anonymizing Network Layer," Proc. Ninth ACM Conf. Computer and Comm. Security (CCS), 2002.
[16] D. Goldschlag, M. Reed, and P. Syverson, "Onion Routing for Anonymous and Private Internet Connections," Comm. ACM, vol. 42, no. 2, 1999.
[17] K. Gummadi, R. Gummadi, S. Gribble, S. Ratnasamy, S. Shenker, and I. Stoica, "The Impact of DHT Routing Geometry on Resilience and Proximity," Proc. ACM SIGCOMM, 2003.
[18] J.Y. Hui, Switching and Traffic Theory for Integrated Broadband Networks. Springer, 1990.
[19] G. Perng, M.K. Reiter, and C. Wang, "M2: Multicasting Mixes for Efficient and Anonymous Communication," Proc. IEEE Int'l Conf. Distributed Computing Systems (ICDCS), 2006.
[20] A. Pfitzmann, B. Pfitzmann, and M. Waidner, "ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead," Proc. GI/ITG Conf. Comm. in Distributed Systems, 1991.
[21] A. Pfitzmann and M. Waidner, "Networks without User Observability," Computers and Security, vol. 6, no. 2, pp. 158-166, 1987.
[22] L. Qiu, V.N. Padmanabhan, and G.M. Voelker, "On the Placement of Web Server Replicas," Proc. IEEE INFOCOM, 2001.
[23] S. Saroiu, P.K. Gummadi, and S.D. Gribble, "A Measurement Study of Peer-to-Peer File Sharing Systems," Proc. Multimedia Computing and Networks (MMCN) Conf., 2002.
[24] C. Shields and B.N. Levine, "A Protocol for Anonymous Communication over the Internet," Proc. ACM Conf. Computer and Comm. Security (CCS), 2000.
[25] V. Shmatikov and M.H. Wang, "Timing Analysis in Low Latency Mix Networks: Attacks and Defenses," Proc. 11th European Symp. Research in Computer Security (ESORICS), 2006.
[26] G.I. Sound, "VoIP: Better than PSTN?" http://www.globalip , 2010.
[27] M. Srivatsa, A. Iyengar, and L. Liu, "Privacy in VOIP Networks: A k-Anonymity Approach," Technical Report IBM Research RC24625, 2008.
[28] P. Syverson, G. Tsudik, M. Reed, and C. Landwehr, "Towards an Analysis of Onion Routing Security," Proc. Workshop Design Issues in Anonymity and Unobservability, 2000.
[29] C.J. Van-Rijsbergen, Information Retrieval, second ed. Butterworths, 1979.
[30] X. Wang, S. Chen, and S. Jajodia, "Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet," Proc. 12th ACM Conf. Computer and Comm. Security (CCS), 2005.
[31] X. Wang and D. Reeves, "Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Manipulation of Interpacket Delays," Proc. 10th ACM Conf. Computer and Comm. Security (CCS), 2003.
[32] X. Wang, D. Reeves, and S. Wu, "Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones," Proc. Seventh European Symp. Research in Computer Security (ESORICS), 2002.
[33] X.Y. Wang and D.S. Reeves, "Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Manipulation of Interpacket Delays," Proc. ACM Conf. Computer and Comm. Security (CCS), 2003.
[34] K. Yoda and H. Etoh, "Finding a Connection Chain for Tracing Intruders," Proc. Sixth European Symp. Research in Computer Security (ESORICS), 2000.
[35] E.W. Zegura, K. Calvert, and S. Bhattacharjee, "How to Model an Internetwork?" Proc. IEEE INFOCOM, 1996.
[36] Y. Zhang and V. Paxon, "Detecting Stepping Stones," Proc. Ninth USENIX Security Symp., 2000.

Index Terms:
VoIP networks, privacy, k-anonymity, mix networks, flow analysis attacks.
Mudhakar Srivatsa, Arun Iyengar, Ling Liu, Hongbo Jiang, "Privacy in VoIP Networks: Flow Analysis Attacks and Defense," IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 4, pp. 621-633, April 2011, doi:10.1109/TPDS.2010.122
Usage of this product signifies your acceptance of the Terms of Use.