This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
On Privacy of Encrypted Speech Communications
July-Aug. 2012 (vol. 9 no. 4)
pp. 470-481
Ye Zhu, Cleveland State University, Cleveland
Yuanchao Lu, Cleveland State University, Cleveland
Anil Vikram, Cleveland State University, Cleveland
Silence suppression, an essential feature of speech communications over the Internet, saves bandwidth by disabling voice packet transmissions when silence is detected. However, silence suppression enables an adversary to recover talk patterns from packet timing. In this paper, we investigate privacy leakage through the silence suppression feature. More specifically, we propose a new class of traffic analysis attacks to encrypted speech communications with the goal of detecting speakers of encrypted speech communications. These attacks are based on packet timing information only and the attacks can detect speakers of speech communications made with different codecs. We evaluate the proposed attacks with extensive experiments over different type of networks including commercial anonymity networks and campus networks. The experiments show that the proposed traffic analysis attacks can detect speakers of encrypted speech communications with high accuracy based on traces of 15 minutes long on average.

[1] S. Casner and S. Deering, “First ietf Internet Audiocast,” SIGCOMM Computer Comm. Rev., vol. 22, pp. 92-97, http://doi.acm.org/10.1145142267.142338, July 1992.
[2] P. Zimmermann, A. Johnston, and J. Callas, “Zrtp: Media Path Key Agreement for Secure rtp Draft-Zimmermann-Avt-Zrtp-11,” RFC, United States, 2008.
[3] M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman, “The Secure Real-Time Transport Protocol (srtp),” 2004.
[4] R. Dingledine, N. Mathewson, and P. Syverson, “Tor: The Second-Generation Onion Router,” Proc. 13th USENIX Security Symp., pp. 303-320, Aug. 2004.
[5] O. Berthold, H. Federrath, and S. Köpsell, “Web MIXes: A System for Anonymous and Unobservable Internet Access,” Proc. Designing Privacy Enhancing Technologies: Workshop Design Issues in Anonymity and Unobservability, H. Federrath, ed., pp. 115-129, July 2000.
[6] J.M. Valin, “Speex: A Free Codec for Free Speech,” Proc. Australian Nat'l Linux Conf., 2006.
[7] P.T. Brady, “A Technique for Investigating on-off Patterns of Speech,” The Bell System Technical J., vol. 44, pp. 1-22, 1968.
[8] speex.org, “The Speex Projectpage,” http:/www.speex.org, 2005.
[9] S. Henning, “Voice Communication Across the Internet: A Network Voice Terminal,” COINS technical report, Dept. of Computer and Information Science, Univ. of Massachusetts at Amherst, 1992.
[10] ITU-T Study Group 15, Coding of Speech at 8kbit/s Using Conjugate-Structure Algebraic-Code-Excited Linear-Prediction Annex b: A Silence Compression Scheme for g.729 Optimized for Terminals Conforming to Recommendation v.70.Recommendation g.729b Telecomm. Standardization Sector of itu, Int'l Telecomm. Union Std., 1996.
[11] cnn.com, “Police Reveal the Identity of Shooting Suspect,” http://www.cnn.com/2006/US/09/29/school.shooting index.html, 2011.
[12] “X-Lite 3.0 Free Softphone,” http://www.xten.comindex.php? menu= Products&smenu=xlite , 2011.
[13] B.N. Levine, M.K. Reiter, C. Wang, and M.K. Wright, “Timing Attacks in Low-Latency Mix-Based Systems,” Proc. Eighth Int'l Financial Cryptography (FC '04) Conf., pp. 251-265, Feb. 2004.
[14] S.J. Murdoch and G. Danezis, “Low-Cost Traffic Analysis of Tor,” Proc. IEEE Symp. Security and Privacy. May 2005.
[15] Y. Zhu, X. Fu, B. Graham, R. Bettati, and W. Zhao, “Correlation-Based Traffic Analysis Attacks on Anonymity Networks,” IEEE Trans. Parallel and Distributed Systems, vol. 21, no. 7,pp. 954 -967, July 2010.
[16] Y. Zhu and R. Bettati, “Compromising Anonymous Communication Systems Using Blind Source Separation,” ACM Trans. Information and System Security, vol. 13, pp. 8:1-8:31, http://doi.acm.org/10.11451609956.1609964 , Nov. 2009.
[17] X. Wang, S. Chen, and S. Jajodia, “Tracking Anonymous Peer-to-Peer Voip Calls on the Internet,” Proc. ACM Conf. Computer and Comm. Security, pp. 81-91, Nov. 2005.
[18] Y.J. Pyun, Y.H. Park, X. Wang, D.S. Reeves, and P. Ning, “Tracing Traffic through Intermediate Hosts that Repacketize Flows,” Proc. IEEE INFOCOM '07, May 2007.
[19] C. Rathinavelu and L. Deng, “Hmm-Based Speech Recognition Using State-Dependent, Linear Transforms on Mel-Warped dft Features,” Proc. IEEE Int'l Conf. Acoustics, Speech, and Signal Processing (ICASSP '96), pp. 9-12, 1996.
[20] M.-P. Schambach, “Determination of the Number of Writing Variants with an HMM Based Cursive Word Recognition System,” Proc. Seventh Int'l Conf. Document Analysis and Recognition (ICDAR '03), p. 119, 2003.
[21] J.W. Deng and H.T. Tsui, “An HMM-Based Approach for Gesture Segmentation and Recognition,” Proc. Int'l Conf. Pattern Recognition (ICPR '00), pp. 679-682, 2000.
[22] L.R. Rabiner, “A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition,” Proc. IEEE, vol. 77, no. 2, pp. 267-296, Feb. 1990.
[23] R. Bakis, “Continuous Speech Recognition via Centisecond Acousticstates,” J. the Acoustical Soc. of Am., vol. 59, p. S97, 1976.
[24] O. Berthold, A. Pfitzmann, and R. Standtke, “The Disadvantages of Free MIX Routes and How to Overcome Them,” Proc. Designing Privacy Enhancing Technologies Workshop Design Issues in Anonymity and Unobservability, pp. 30-45, July 2000.
[25] G. Danezis and A. Serjantov, “Statistical Disclosure or Intersection Attacks on Anonymity Systems,” Proc. Sixth Information Hiding Workshop (IH '04), pp. 293-308, May 2004.
[26] O. Berthold and H. Langos, “Dummy Traffic Against Long Term Intersection Attacks,” Proc. Privacy Enhancing Technologies Workshop (PET '02), pp. 110-128, Apr. 2002.
[27] X. Wang, S. Chen, and S. Jajodia, “Tracking Anonymous Peer-to-Peer Voip Calls on the Internet,” Proc. 12th ACM Conf. Computer and Comm. Security (CCS '05), pp. 81-91, 2005.
[28] FindnotProxyList, http://www.findnot.comservers.html, 2011.
[29] ResearchChannels, http:/www.researchchannel.org, 2011.
[30] “Audio Signals Used for Experiments,” http://academic.csuohio. edu/zhu_y/isc2010 instruction.txt, 2011.
[31] T. Szigeti and C. Hattingh, End-to-End Qos Network Design: Quality of Service in Lans, Wans, and vpns (Networking Technology). Cisco Press, 2005.
[32] D.X. Song, D. Wagner, and X. Tian, “Timing Analysis of Keystrokes and Timing Attacks on ssh,” Proc. 10th Conf. USENIX Security Symp. (SSYM '01), pp. 25-25, 2001.
[33] Q. Sun, D.R. Simon, Y.-M. Wang, W. Russell, V.N. Padmanabhan, and L. Qiu, “Statistical Identification of Encrypted Web Browsing Traffic,” Proc. IEEE Symp. Security and Privacy (SP '02), pp. 19-30, 2002.
[34] D. Herrmann, R. Wendolsky, and H. Federrath, “Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier,” Proc. ACM Workshop Cloud Computing Security (CCSW '09), pp. 31-42, 2009.
[35] L. Lu, E.-C. Chang, and M. Chan, “Website Fingerprinting and Identification Using Ordered Feature Sequences,” Proc. 15th European Conf. Research in Computer Security (ESORICS), D. Gritzalis, B. Preneel, and M. Theoharidou, eds. pp. 199-214. 2010.
[36] C.V. Wright, L. Ballard, S.E. Coull, F. Monrose, and G.M. Masson, “Spot Me if You Can: Uncovering Spoken Phrases in Encrypted Voip Conversations,” Proc. IEEE Symp. Security and Privacy (SP '08), pp. 35-49, 2008.
[37] C.V. Wright, L. Ballard, F. Monrose, and G.M. Masson, “Language Identification of Encrypted Voip Traffic: Alejandra y Roberto or Alice and Bob?,” Proc. 16th USENIX Security Symp. USENIX Security Symp., pp. 4:1-4:12, http://portal.acm.orgcitation. cfm?id=1362903.1362907 , 2007.
[38] C. Wright, S. Coull, and F. Monrose, “Traffic Morphing: An Efficient Defense against Statistical Traffic Analysis,” Proc. Network and Distributed Security Symp. (NDSS '09), Feb. 2009.
[39] M. Backes, G. Doychev, M. Dürmuth, and B. Köpf, “Speaker Recognition in Encrypted Voice Streams,” Proc. 15th European Symp. Research in Computer Security (ESORICS '10), pp. 508-523, Sept. 2010.
[40] P.C. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, rsa, dss, and Other Systems,” Proc. 16th Ann. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '96) pp. 104-113, http://portal.acm.orgcitation.cfm?id=646761.706156 , 1996.
[41] J.-F. Dhem, F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater, and J.-L. Willems, “A Practical Implementation of the Timing Attack,” Proc. Int'l Conf. Smart Card Research and Applications, pp. 167-182, http://portal.acm.orgcitation.cfm?id=646692.703439 , 2000.
[42] W.H. Wong, “Timing Attacks on Rsa: Revealing Your Secrets through the Fourth Dimension,” Crossroads, vol. 11, p. 5, http://doi.acm.org/10.11451144396.1144401 , May 2005.
[43] D. Brumley and D. Boneh, “Remote Timing Attacks are Practical,” Computer Networks, vol. 48, pp. 701-716, http://portal.acm.orgcitation.cfm?id=1090583.1090585 , Aug. 2005.

Index Terms:
Traffic analysis, speaker detection, RTP.
Citation:
Ye Zhu, Yuanchao Lu, Anil Vikram, "On Privacy of Encrypted Speech Communications," IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 4, pp. 470-481, July-Aug. 2012, doi:10.1109/TDSC.2011.56
Usage of this product signifies your acceptance of the Terms of Use.