Skip to main content
Springer Nature Link
Log in

An empirical approach towards characterization of encrypted and unencrypted VoIP traffic

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

VoIP traffic classification plays a major role towards network policy enforcements. Characterization of VoIP media traffic is based on codec behaviour. With the introduction of variable bit rate codecs, coding, compression and encryption present different complexities with respect to the classification of VoIP traffic. The randomness tests do not extend directly to classification of compressed and encrypted VoIP traffic. The paper examines the applicability of randomness tests to encrypted and unencrypted VoIP traffic with constant bit rate and variable bit rate codecs. A novel method Construction-by-Selection that constructs a test sequence from partial payload data of VoIP media session is proposed in this paper. The results based on experimentations on this method show that such construction exhibit randomness and hence allows differentiation of encrypted VoIP media traffic from unencrypted VoIP media traffic even in the case of variable bit rate codecs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

References

  1. Alshammari R, Zincir-Heywood AN (2015) Identification of VoIP encrypted traffic using a machine learning approach. Journal of King Saud University – Computer and Information Sciences 27(1):77–92

    Article  Google Scholar 

  2. Andersen S, Duric A, Astrom H, Hagen R, Kleijn W and Linden J (2004) Internet Low Bit Rate Codec (iLBC). RFC 3951

  3. Andersen S, Kleijn W, Hagen R, Linden J, Murthi M, Skoglund J (2002) iLBC-a linear predictive coder with robustness to packet losses. In Proceedings of IEEE Speech Coding Workshop, Ibaraki

  4. L. Bassham, A. Rukhin, J. Soto, J. Nechvatal, M. Smid, E. Barker, S. Leigh, M. Levenson, M. Vangel, D. Banks, N. Heckert and J. Dray (2010) A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. Report no. 800–22 Rev 1a. https://csrc.nist.gov/publications/detail/sp/800-22/rev-1a/final

  5. Baugher M, McGrew D, Naslund M, Carrara E, Norrman K (2004) The secure real-time transport protocol (SRTP). RFC 3711

  6. Casino F, Choo KR, Patsakis C (2019) HEDGE: Efficient Traffic Classification of Encrypted and Compressed Packets. arXiv Preprint arXiv :1905.11873v

    Article  Google Scholar 

  7. Chang W, Fang B, Yun X, Wang S, Yu X (2010) Randomness testing of compressed data. J Comput 2(1):44–52

    Google Scholar 

  8. P. Choudhury, K. R. Prasanna Kumar, Athithan G and S Nandi (2013) Analysis of VBR coded VoIP for traffic classification. In Proceedings of the International Conference on Advances in Computing, Communications and Informatics (ICACCI), Mysore, pp. 90–95

  9. Digital cellular telecommunications system (Phase 2+); Full rate speech; Processing functions GSM 06.01, version 6.0.1 Release 1997

  10. Dorfinger P, Panholzer G, John W (2011) Entropy estimation for real-time encryptrd traffic identification. International workshop on traffic monitoring and analysis, pp 164–171

  11. Freire EP, Ziviani A, Salles RM (2008) Detecting VoIP Calls Hidden in Web Traffic. IEEE Trans Netw Serv Manag 5(4):204–214

    Article  Google Scholar 

  12. Gomes J, Inacio P, Pereira M, Freire M, Monteiro P (2012) Identification of Peer-to-Peer VoIP Sessions Using Entropy and Codec Properties. IEEE Transaction on Parallel and Distributed Systems PP(99)

  13. Hahn D, Apthorpe N, Feamster N (2018) Detecting Compressed Cleartext Traffic from Consumer Internet of Things Devices arXiv preprint arXiv:1805.02722

  14. Hamming RW (1950) Error detecting and error correcting codes. Bell Syst Tech J 29(2):147–160

    Article  MathSciNet  Google Scholar 

  15. Hayden J (2007) Locating Encrypted Data Hidden Among Non-Encrypted Data Using Statistical Tools. Master Thesis

  16. Herlein G, Valin J, Heggestad A, Moizard A (2009) RTP Payload Format for the Speex Codec”, rfc 5574

  17. ITU-T (1996). Coding of Speech at 8 kbit/s Using Conjugate-Structure Algebraic-Code-Excited Linear-Prediction (CS-ACELP), Technical Report G.729, International Telecommunications Union, Geneva

  18. ITU-T Recommendation G.711 (1988) Pulse Code Modulation (PCM) of Voice Frequencies. Available: https://www.itu.int/rec/T-REC-G.711-198811-I/en

  19. Karapantazis S, Pavlidou FN (2009) VoIP: a comprehensive survey on a promising technology. Journal of Computer Networks 53(12):2050–2090

    Article  Google Scholar 

  20. Knuth DE (1969) The art of Comuper Programming, Vol. 2: Seminumerical Algorithms. Addison-Wesley, Menlo Park

    MATH  Google Scholar 

  21. Korczynski M, Duda A (2014) Markov chain fingerprinting to classify encrypted traffic. Proceedings of IEEE INFOCOM, Toronto, pp 781–789

    Google Scholar 

  22. Kumano Y, Ata S, Nakamura N, Nakahira Y, Oka I (2014) Towards real-time processing for application identification of encrypted traffic. In International conference on computing networking and communications (ICNC), Honolulu:136–140

  23. LeGrand T, Jones P, Huart P, Shabestary T, Alvestrand H (2013) RTP payload Format for iSAC Codec. draft-ietf-avt-rtp-isac-04

  24. Li B, Ma M, Jin Z (2011) A VoIP Traffic Identification Scheme Based on Host and Flow Behavior Analysis. J Netw Syst Manag 19(1):111–129

    Article  Google Scholar 

  25. Liu H, Mouchtaris P (2000) Voice over IP Signaling: H. 323 and Beyond. IEEE Commun Mag 38(10):142–148

    Article  Google Scholar 

  26. Loreto S, Romano SP (2012) Real-Time Communications in the Web: Issues, Achievements, and Ongoing Standardization Efforts. IEEE Internet Comput 16(5):68–73

    Article  Google Scholar 

  27. Lotfollahi M, Siavoshani MJ, Zade RSH, Saberian M (2019) Deep packet: A novel approach for encrypted traffic classification using deep learning. Journal of Soft Computing 23:1–14

    Article  Google Scholar 

  28. P. Malhotra (2007) Detection of encrypted streams for egress monitoring. Masters Thesis, Iowa State University

  29. Marton K, Suciu A, Ignat I (2010) Randomness in Digital Cryptography: A Survey. Romanian J Inf Sci Technol 13(3):219–240

    Google Scholar 

  30. Ouaissa K, Khalfaoui M, Bellanger M (1996) Combining speech coders and entropy coders to reduce the bit rate in the compression of speech. Journal of Ann Telecommun 51(11–12):595–601

    Google Scholar 

  31. Parsons C (2013) Deep Packet Inspection and its Predecessors”, Technology, Thoughts, and Trinkets. Available: https://www.christopher-parsons.com/Main/wp-content/uploads/2013/02/DPI-and-Its-Predecessors-3.5.pdf

  32. Penrose P, Macfarlane R, Buchanan WJ (2013) Approaches to the classification of high entropy file fragments. Journal Digital Investigation 10:372–384

    Article  Google Scholar 

  33. Rosenberg J, Schulzrinne H, Camarillo G, Johston A, Peterson J, Sparks R, Handley M, Schooler E (2002) SIP: Session Initiation Protocol. RFC 3261

  34. H. Schulzrinne and S. Casner (2003) RTP Profile for Audio and Video Conference with Minimal Control. RFC 3551

  35. Schulzrinne H, Casner S, Frederick R, Jacobson V (2003) RTP: A Transport Protocol for Real-Time Applications. RFC 3550

  36. Shannon CE (1949) Communication theory of secrecy systems. Bell Syst Tech J 28:656–715

    Article  MathSciNet  Google Scholar 

  37. Shen M, Wei M, Zhu L, Wang M (2017) Classification of encrypted traffic with second-order markov chains and application attribute bigrams. IEEE Transactions on Information Forensics and Security 12(8):1830–1843

    Article  Google Scholar 

  38. Skype SILK Data Sheet. https://web.archive.org/web/20111123141335/http://developer.skype.com/resources/SILKDataSheet.pdf

  39. Soto J (1999) Randomness Testing of the Advanced Encryption Standard Candidate Algorithms. NIST IR 6390

  40. Sun L, Mkwawa IH, Jammeh E, Ifeachor E (2013) Guide to Voice and Video over IP. Computer Communications and Networks, 10.1007/978-1-4471-4905-7_2, © Springer-Verlag London

  41. Valin JM (2006) Speex: A free codec for free speech. In Proceedings Linux Conference, Australia

  42. Valin JM, Vos K, Terriberry T (2012) Definition of the Opus Audio Codec. RFC 6716

  43. Velan P, Cermak M, Celeda P, Drasar M (2015) A survey of methods for encrypted traffic classification and analysis. Int J Netw Manag 25(5):355–374

    Article  Google Scholar 

  44. Vos K, Jensen S, Soerensen K (2010) SILK Speech Codec. draft-vos-silk-02

  45. Walker J. Pseudorandom Number Sequence Test Program. [Online] Fourmilab.ch. Available at: https://www.fourmilab.ch/random/ [Accessed 12 Feb. 2019].

  46. Zhao B, Liu Q, Liu X (2011) Evaluation of Encrypted Data Identification Methods Based on Randomness Test. IEEE/ACM International Conference on Green Computing and Communications, Sichan

Download references

Acknowledgements

The authors would like to thank The Director, Centre for Artificial Intelligence and Robotics for her encouragement and support in carrying out the work reported in the paper.

Author information

Authors and Affiliations

  1. CAIR, DRDO, Bangalore, India

    Paromita Choudhury & K. R. Prasanna Kumar

  2. Department of CSE, IIT-Guwahati, Guwahati, India

    Sukumar Nandi

  3. DRDO HQ, Delhi, India

    G. Athithan

Authors
  1. Paromita Choudhury
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. K. R. Prasanna Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sukumar Nandi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. G. Athithan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Paromita Choudhury.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Choudhury, P., Kumar, K.R.P., Nandi, S. et al. An empirical approach towards characterization of encrypted and unencrypted VoIP traffic. Multimed Tools Appl 79, 603–631 (2020). https://doi.org/10.1007/s11042-019-08088-w

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-019-08088-w

Keywords