Privacy in VoIP Networks: Flow Analysis Attacks and Defense

Mudhakar Srivatsa; Hongbo Jiang; Arun Iyengar; Ling Liu

doi:10.1109/TPDS.2010.122

Publication
2011
Issue No. 4 - April
Abstract - Privacy in VoIP Networks: Flow Analysis Attacks and Defense

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Mudhakar Srivatsa Articles by Arun Iyengar Articles by Ling Liu Articles by Hongbo Jiang

Privacy in VoIP Networks: Flow Analysis Attacks and Defense

April 2011 (vol. 22 no. 4)

pp. 621-633

	ASCII Text	x
	Mudhakar Srivatsa, Arun Iyengar, Ling Liu, Hongbo Jiang, "Privacy in VoIP Networks: Flow Analysis Attacks and Defense," IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 4, pp. 621-633, April, 2011.

	BibTex	x
	@article{ 10.1109/TPDS.2010.122, author = {Mudhakar Srivatsa and Arun Iyengar and Ling Liu and Hongbo Jiang}, title = {Privacy in VoIP Networks: Flow Analysis Attacks and Defense}, journal ={IEEE Transactions on Parallel and Distributed Systems}, volume = {22}, number = {4}, issn = {1045-9219}, year = {2011}, pages = {621-633}, doi = {http://doi.ieeecomputersociety.org/10.1109/TPDS.2010.122}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Parallel and Distributed Systems TI - Privacy in VoIP Networks: Flow Analysis Attacks and Defense IS - 4 SN - 1045-9219 SP621 EP633 EPD - 621-633 A1 - Mudhakar Srivatsa, A1 - Arun Iyengar, A1 - Ling Liu, A1 - Hongbo Jiang, PY - 2011 KW - VoIP networks KW - privacy KW - k-anonymity KW - mix networks KW - flow analysis attacks. VL - 22 JA - IEEE Transactions on Parallel and Distributed Systems ER -

Mudhakar Srivatsa, IBM T.J. Watson Research Center, Hawthorne

Arun Iyengar, IBM T.J. Watson Research Center, Hawthorne

Ling Liu, Georgia Institute of Technology, Atlanta

Hongbo Jiang, Huazhong University of Science and Technology, Wuhan

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TPDS.2010.122

(A short version of this paper appears in IEEE INFOCOM 2009: http://www.research.ibm.com/people/i/iyengar/INFOCOM2009-kanon.pdf.) Peer-to-peer VoIP (voice over IP) networks, exemplified by Skype [5], are becoming increasingly popular due to their significant cost advantage and richer call forwarding features than traditional public switched telephone networks. One of the most important features of a VoIP network is privacy (for VoIP clients). Unfortunately, most peer-to-peer VoIP networks neither provide personalization nor guarantee a quantifiable privacy level. In this paper, we propose novel flow analysis attacks that demonstrate the vulnerabilities of peer-to-peer VoIP networks to privacy attacks. We then address two important challenges in designing privacy-aware VoIP networks: Can we provide personalized privacy guarantees for VoIP clients that allow them to select privacy requirements on a per-call basis? How to design VoIP protocols to support customizable privacy guarantee? This paper proposes practical solutions to address these challenges using a quantifiable k-anonymity metric and a privacy-aware VoIP route setup and route maintenance protocols. We present detailed experimental evaluation that demonstrates the performance and scalability of our protocol, while meeting customizable privacy guarantees.

[1] "GT-ITM: Georgia, Tech Internetwork Topology Models," http://www.cc.gatech.edu/projectsgtitm/, 2010.
[2] "The Network Simulator NS-2," http://www.isi.edu/nsnamns/, 2010.
[3] "The Network Simulator NS-2: Topology Generation," http://www.isi.edu/nsnam/nsns-topogen.html , 2010.
[4] "Phex Client," http:/www.phex.org, 2010.
[5] "Skype—The Global Internet Telephone Company," http:/www.skype.com, 2010.
[6] "Telegeography Research," http:/www.telegeography.com, 2010.
[7] A. Back, I. Goldberg, and A. Shostack, "Freedom 2.1 Security Issues and Analysis," Zero Knowledge Systems, Inc., White Paper, 2001.
[8] A. Blum, D. Song, and S. Venkataraman, "Detection of Interactive Stepping Stones: Algorithms and Confidence bounds," Proc. Seventh Symp. Recent Advances in Intrusion Detection (RAID), 2004.
[9] D. Chaum, "Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms," Comm. ACM, vol. 24, no. 2, pp. 84-88, 1981.
[10] R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Second Generation Onion Router," Proc. 13th USENIX Security Symp., 2000.
[11] D.L. Donoho, A.G. Flesia, U. Shankar, V. Paxson, J. Coit, and S. Staniford, "Multiscale Stepping Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay," Proc. Fifth Symp. Recent Advances in Intrusion Detection (RAID), 2002.
[12] "Eclipse. Aspectj Compiler," http://eclipse.orgaspectj, 2010.
[13] "FBI. Letter to FCC," http://www.askcalea.com/docs20040128.jper.letter.pdf , 2009.
[14] B. Fortz and M. Thorup, "Optimizing OSPF/IS-IS Weights in a Changing World," IEEE J. Selected Areas in Comm., vol. 20, no. 4, pp. 756-767, May 2002.
[15] M.J. Freedman and R. Morris, "Tarzan: A Peer-to-Peer Anonymizing Network Layer," Proc. Ninth ACM Conf. Computer and Comm. Security (CCS), 2002.
[16] D. Goldschlag, M. Reed, and P. Syverson, "Onion Routing for Anonymous and Private Internet Connections," Comm. ACM, vol. 42, no. 2, 1999.
[17] K. Gummadi, R. Gummadi, S. Gribble, S. Ratnasamy, S. Shenker, and I. Stoica, "The Impact of DHT Routing Geometry on Resilience and Proximity," Proc. ACM SIGCOMM, 2003.
[18] J.Y. Hui, Switching and Traffic Theory for Integrated Broadband Networks. Springer, 1990.
[19] G. Perng, M.K. Reiter, and C. Wang, "M2: Multicasting Mixes for Efficient and Anonymous Communication," Proc. IEEE Int'l Conf. Distributed Computing Systems (ICDCS), 2006.
[20] A. Pfitzmann, B. Pfitzmann, and M. Waidner, "ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead," Proc. GI/ITG Conf. Comm. in Distributed Systems, 1991.
[21] A. Pfitzmann and M. Waidner, "Networks without User Observability," Computers and Security, vol. 6, no. 2, pp. 158-166, 1987.
[22] L. Qiu, V.N. Padmanabhan, and G.M. Voelker, "On the Placement of Web Server Replicas," Proc. IEEE INFOCOM, 2001.
[23] S. Saroiu, P.K. Gummadi, and S.D. Gribble, "A Measurement Study of Peer-to-Peer File Sharing Systems," Proc. Multimedia Computing and Networks (MMCN) Conf., 2002.
[24] C. Shields and B.N. Levine, "A Protocol for Anonymous Communication over the Internet," Proc. ACM Conf. Computer and Comm. Security (CCS), 2000.
[25] V. Shmatikov and M.H. Wang, "Timing Analysis in Low Latency Mix Networks: Attacks and Defenses," Proc. 11th European Symp. Research in Computer Security (ESORICS), 2006.
[26] G.I. Sound, "VoIP: Better than PSTN?" http://www.globalip sound.com/demotutorial.php , 2010.
[27] M. Srivatsa, A. Iyengar, and L. Liu, "Privacy in VOIP Networks: A k-Anonymity Approach," Technical Report IBM Research RC24625, 2008.
[28] P. Syverson, G. Tsudik, M. Reed, and C. Landwehr, "Towards an Analysis of Onion Routing Security," Proc. Workshop Design Issues in Anonymity and Unobservability, 2000.
[29] C.J. Van-Rijsbergen, Information Retrieval, second ed. Butterworths, 1979.
[30] X. Wang, S. Chen, and S. Jajodia, "Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet," Proc. 12th ACM Conf. Computer and Comm. Security (CCS), 2005.
[31] X. Wang and D. Reeves, "Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Manipulation of Interpacket Delays," Proc. 10th ACM Conf. Computer and Comm. Security (CCS), 2003.
[32] X. Wang, D. Reeves, and S. Wu, "Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones," Proc. Seventh European Symp. Research in Computer Security (ESORICS), 2002.
[33] X.Y. Wang and D.S. Reeves, "Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Manipulation of Interpacket Delays," Proc. ACM Conf. Computer and Comm. Security (CCS), 2003.
[34] K. Yoda and H. Etoh, "Finding a Connection Chain for Tracing Intruders," Proc. Sixth European Symp. Research in Computer Security (ESORICS), 2000.
[35] E.W. Zegura, K. Calvert, and S. Bhattacharjee, "How to Model an Internetwork?" Proc. IEEE INFOCOM, 1996.
[36] Y. Zhang and V. Paxon, "Detecting Stepping Stones," Proc. Ninth USENIX Security Symp., 2000.

Index Terms:

VoIP networks, privacy, k-anonymity, mix networks, flow analysis attacks.

Citation:

Mudhakar Srivatsa, Arun Iyengar, Ling Liu, Hongbo Jiang, "Privacy in VoIP Networks: Flow Analysis Attacks and Defense," IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 4, pp. 621-633, April 2011, doi:10.1109/TPDS.2010.122

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.