ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Tracking anonymous peer-to-peer VoIP calls on the internet
Full text PdfPdf (248 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 12th ACM conference on Computer and communications security table of contents
Alexandria, VA, USA
SESSION: Privacy and anonymity table of contents
Pages: 81 - 91  
Year of Publication: 2005
ISBN:1-59593-226-7
Authors
Xinyuan Wang  George Mason University, Fairfax, VA
Shiping Chen  George Mason University, Fairfax, VA
Sushil Jajodia  George Mason University, Fairfax, VA
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 36,   Downloads (12 Months): 298,   Citation Count: 6
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1102120.1102133
What is a DOI?

ABSTRACT

Peer-to-peer VoIP calls are becoming increasingly popular due to their advantages in cost and convenience. When these calls are encrypted from end to end and anonymized by low latency anonymizing network, they are considered by many people to be both secure and anonymous.In this paper, we present a watermark technique that could be used for effectively identifying and correlating encrypted, peer-to-peer VoIP calls even if they are anonymized by low latency anonymizing networks. This result is in contrast to many people's perception. The key idea is to embed a unique watermark into the encrypted VoIP flow by slightly adjusting the timing of selected packets. Our analysis shows that it only takes several milliseconds time adjustment to make normal VoIP flows highly unique and the embedded watermark could be preserved across the low latency anonymizing network if appropriate redundancy is applied. Our analytical results are backed up by the real-time experiments performed on leading peer-to-peer VoIP client and on a commercially deployed anonymizing network. Our results demonstrate that (1) tracking anonymous peer-to-peer VoIP calls on the Internet is feasible and (2) low latency anonymizing networks are susceptible to timing attacks.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Anonymizer.. http://www.anonymizer.com
 
2
M. Arango, A. Dugan, I. Elliott, C. Huitema and S. Pickett. RFC 2705: Media Gateway Control Protocol (MGCP) Version 1.0. IETF, October 1999.
 
3
A. Back, I. Goldberg, and A. Shostack. Freedom 2.1 Security Issues and Analysis. Zero-Knowledge Systems, Inc. white paper, May 2001
 
4
S. A. Baset and H. Schulzrinne. An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol. Columbia Technical Report CUCS-039-04, December 2004
 
5
A. Blum, D. Song, and S. Venkataraman. Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds. In Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004). Springer, October 2004.
 
6
R. Dingledine, N. Mathewson and and P. Syverson. Tor: The Second Generation Onion Router. In Proceedings of the 13th USENIX Security Symposium, August 2000.
 
7
D. L. Donoho, A. G. Flesia, U. Shankar, V. Paxson, J. Coit and S. Staniford. Multiscale Stepping Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002): LNCS-2516, pages 17--35. Springer, October 2002.
 
8
FBI. Letter to FCC http://www.askcalea.com/docs/20040128.jper.letter.pdf
 
9
Federal Communications Commission. Notice of Proposed Rulemaking (NPRM) and Declaratory Ruling RM-10865, ET Docket No. 04--295, FCC 04--187. In Federal Register at 69 Fed. Reg. 56956, August, 2004.
10
Edward W. Felten , Michael A. Schneider, Timing attacks on Web privacy, Proceedings of the 7th ACM conference on Computer and communications security, p.25-32, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352606]
 
11
Findnot.. http://www.findnot.com
12
Michael J. Freedman , Robert Morris, Tarzan: a peer-to-peer anonymizing network layer, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA  [doi>10.1145/586110.586137]
13
David Goldschlag , Michael Reed , Paul Syverson, Onion routing, Communications of the ACM, v.42 n.2, p.39-41, Feb. 1999  [doi>10.1145/293411.293443]
14
Michael T. Goodrich, Efficient packet marking for large-scale IP traceback, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA  [doi>10.1145/586110.586128]
 
15
ITU-T Recommendation H.323v.4 Packet-based Multimedia Communications Systems. November 2000.
 
16
Kazaa.. http://www.kazaa.com/
 
17
Tadayoshi Kohno , Andre Broido , K. C. Claffy, Remote Physical Device Fingerprinting, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.211-225, May 08-11, 2005  [doi>10.1109/SP.2005.18]
 
18
B. Levine, M. Reiter, C. Wang, and M. Wright. Timing Attacks in Low-Latency Mix Systems. In Proceedings of Financial Cryptography: 8th International Conference (FC 2004): LNCS-3110, 2004.
 
19
J. Li, M. Sung, J. Xu and L. Li. Large Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, IEEE, 2004.
 
20
Steven J. Murdoch , George Danezis, Low-Cost Traffic Analysis of Tor, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.183-195, May 08-11, 2005  [doi>10.1109/SP.2005.12]
 
21
Andreas Pfitzmann , Birgit Pfitzmann , Michael Waidner, ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead, Kommunikation in Verteilten Systemen, Grundlagen, Anwendungen, Betrieb, GI/ITG-Fachtagung, p.451-463, February 20-22, 1991
 
22
J. Rosenberg, H. Schulzrinne, G. Camarillo, A. R. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler. RFC 3261: SIP: Session Initiation Protocol. IETF, June 2002.
 
23
RTAI.. http://www.rtai.org
24
Stefan Savage , David Wetherall , Anna Karlin , Tom Anderson, Practical network support for IP traceback, Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, p.295-306, August 28-September 01, 2000, Stockholm, Sweden
 
25
H. Schulzrinne. Internet Telephony. In Practical Handbook of Internet Computing, CRC, 2004
 
26
H. Schulzrinne and J. Rosenberg. A Comparison of SIP and H.323 for Internet Telephony. In Proceedings of International Workshop on Network and Operating System Support for Digital Audio and Video (NOSSDAV 1998), pages 83--86, Cambridge, England, July 1998.
 
27
Signaling for Internet Telephony, Proceedings of the Sixth International Conference on Network Protocols, p.298, October 13-16, 1998
 
28
Skype - the Global Internet Telephony Company. http://www.skype.org
 
29
S. Snapp, J. Brentano, G. V. Dias, T. L. Goan, L. T. Heberlein, C. Ho, K. N. Levitt, B. Mukherjee, S. E. Smaha1, T. Grance, D. M. Teal, and D. Mansur. DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and Early Prototype. In Proceedings of the 14th National Computer Security Conference, pages 167--176, 1991.
30
Alex C. Snoeren, Hash-based IP traceback, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.3-14, August 2001, San Diego, California, United States
 
31
S. Staniford-Chen , L. T. Heberlein, Holding intruders accountable on the Internet, Proceedings of the 1995 IEEE Symposium on Security and Privacy, p.39, May 08-10, 1995
32
Xinyuan Wang , Douglas S. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948115]
 
33
Xinyuan Wang , Douglas S. Reeves , Shyhtsun Felix Wu, Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones, Proceedings of the 7th European Symposium on Research in Computer Security, p.244-263, October 14-16, 2002
 
34
Kunikazu Yoda , Hiroaki Etoh, Finding a Connection Chain for Tracing Intruders, Proceedings of the 6th European Symposium on Research in Computer Security, p.191-205, October 04-06, 2000
 
35
Y. Zhang and V. Paxson. Detecting Stepping Stones. In Proceedings of the 9th USENIX Security Symposium, pages 171--184. USENIX, 2000.

CITED BY  6
Steven Gianvecchio , Haining Wang, Detecting covert timing channels: an entropy-based approach, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
George O. M. Yee, A privacy controller approach for privacy protection in web services, Proceedings of the 2007 ACM workshop on Secure web services, November 02-02, 2007, Fairfax, Virginia, USA
Kevin Bauer , Damon McCoy , Dirk Grunwald , Tadayoshi Kohno , Douglas Sicker, Low-resource routing attacks against tor, Proceedings of the 2007 ACM workshop on Privacy in electronic society, October 29-29, 2007, Alexandria, Virginia, USA
 
Charles V. Wright , Lucas Ballard , Fabian Monrose , Gerald M. Masson, Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob?, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p.1-12, August 06-10, 2007, Boston, MA
 
M. Benini , S. Sicari, Assessing the risk of intercepting VoIP calls, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.52 n.12, p.2432-2446, August, 2008
 
Gaurav Shah , Andres Molina , Matt Blaze, Keyboards and covert channels, Proceedings of the 15th conference on USENIX Security Symposium, p.5-5, July 31-August 04, 2006, Vancouver, B.C., Canada

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.3 Network Operations
          Subjects: Network monitoring


General Terms:
Security


Keywords:
VoIP, VoIP tracing, anonymous VoIP calls, anonymous communication, peer-to-peer

Collaborative Colleagues:
Xinyuan Wang: colleagues
Shiping Chen: colleagues
Sushil Jajodia: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player