Elsevier

Computers & Security

Volume 30, Issue 8, November 2011, Pages 815-829
Computers & Security

E2VoIP2: Energy efficient voice over IP privacy

https://doi.org/10.1016/j.cose.2011.07.002Get rights and content

Abstract

Due to the convergence of telecommunication technologies and pervasive computing, voice is increasingly being transmitted over IP networks, in what is commonly known as Voice over IP (VoIP). Despite many advantages offered by this technology, VoIP applications inherit many challenging characteristics from the underlying IP network related to quality of service and security concerns. Traditional ways to secure data over IP networks have negative effects on real-time applications and on power consumption, which is scarce in power-constrained handheld devices. In this work, a new codec-independent Energy Efficient Voice over IP Privacy (E2VoIP2) algorithm is devised to limit the overhead of the encryption process, without compromising the end-to-end confidentiality of the conversation. The design takes advantage of VoIP stream characteristics to encrypt selected packets using a secure algorithm, while relaxing the encryption procedure in-between these packets. We evaluated experimentally the difficulty of conducting known plaintext attacks on VoIP by demonstrating that a sound recorded simultaneously by different sources results in apparently random encoded files. Regarding E2VoIP2, experimental and simulation results show a substantial improvement in terms of the number of CPU cycles which results in a reduction of latency and a reduction in consumed power with respect to that of the SRTP. In addition, the proposed method is flexible in terms of the balance between security and power consumption.

Introduction

Voice has always been an incontestable way for individuals to communicate. In addition, when we are spoken to, the voice we hear confirms the authenticity of the person speaking. Ever since the invention of the Public Switched Telephone Network (PSTN) to transmit the human voice in a relatively recognizable form (Andrew, 2003), technology has been evolving and giving rise to more opportunities and challenges.

Voice over Internet Protocol (VoIP) is gaining ground, not only because of the cheap call rates it provides but also due to the convergence of telecommunication technologies, pervasive computing and the internet (e.g. WiMax, Long Term Evolution,…) (Steven, 2008). New applications that integrate telephony, computing and ubiquity became viable with VoIP: rich media service, phone portability, and user control interface.

A very detailed survey is presented by Karapantazis and Pavlidou regarding emerging Voice over IP services and protocols. VoIP is compared to PSTN in terms of advantages, disadvantages and the offered services. VoIP services are typically based on monthly fixed costs or are completely free (Karapantazis and Pavlidou, 2009). However, VoIP applications inherit many challenging characteristics from the underlying IP network related to quality of service (QoS) limitations and security threats. The degradation of QoS in VoIP applications is mainly due to the latency and jitter that voice packets are subjected to. Since voice applications are real-time and interactive applications, a delay that exceeds 150 ms from end-to-end is not tolerated by humans (Patrick, 2008, Glen et al., 2006). As for security threats, they can be categorized into threats against availability, confidentiality, social context, integrity or threats caused by vulnerable components (Patrick, 2008). Threats can also be classified into passive and active, such as denial of service, man in the middle, replay and cut-and-paste attacks, theft of service, eavesdropping, impersonation, poisoning attacks, credential and identity theft, redirection/hijacking and session disruption (Alan and David, 2006).

Traditional ways to secure digital data come at a price when applied to voice traffic. The literature discusses the effects of traditional security protocols that can be used in a VoIP system such as: IPSec, Internet Key Exchange, TLS and Datagram Transport Layer Security (DTLS), Secure Shell, PGP and DNSSec, SRTP, and ZRTP (Alan and David, 2006). Although VoIP uses codecs to digitize voice, the digital output contains much lower information density than text data as discussed in Section 3 (Chung-Ping and Kuo, 2005, Talevski et al., 2007). Encrypting a large number of packets will increase the processing overhead and delay thus affecting the quality of voice. In a mobile wireless context, using handheld devices, this effect is more pronounced. The added processing overhead not only affects the delay but also has direct implications on the power exhaustion in already power-constrained handheld devices.

Secure Real-Time Transport Protocol (SRTP) is one of the most popular security mechanisms used to secure media streams in VoIP applications. SRTP has a very low overhead and it is the secure version of the traditional RTP/RTCP protocol which is mainly used for the real-time transmission of multimedia over IP. SRTP provides confidentiality, integrity, authentication and replay protection for RTP and RTCP traffic. However, evaluating SRTP performance in both protecting the RTCP traffic and cryptographic functions other than the encryption is out of the scope of this paper. In SRTP, AES in counter or f8 mode and HMAC-SHA-1 are the predefined algorithms for encryption and authentication, respectively (Baugher et al., 2004).

This paper proposes an encoder-independent reduced processing encryption method when compared to other VoIP securing methods, such as SRTP. This reduction in processing has a positive impact on the voice encryption latency and on the power consumption in handheld devices, while guaranteeing an end-to-end confidentiality.

The rest of the paper is organized as follow: Section 2 discusses the literature that covers VoIP security and multimedia networking-friendly cryptographic methods. Section 3 presents the proposed design, Energy Efficient Voice over IP Privacy (E2VoIP2), and the analyses of its strengths and weaknesses. Section 4 describes the implementation of E2VoIP2 and analyzes the experimental results. Finally, Section 5 concludes with a summary of the paper.

Section snippets

Related work

In this section we cover two aspects of previous work: (1) VoIP security and (2) multimedia networking-friendly security approaches.

Design and analysis of E2VoIP2

The motivation for the proposed design of E2VoIP2 stems from two properties of VoIP and its encoders: the first property is the large number of voice packets and the second property is the low density of information. Voice codecs encode the voice information at the transmitter with a certain encoding scheme and then decodes it back at the receiver side. Each codec varies in its requirements and compression mechanisms, but the frame released out of most of the codecs is relatively small in size

Simulation, implementation and experimental results

E2VoIP2 is implemented within an open-source application, PJSIP, which supports both Windows XP and Windows Mobile. The experimental setup represents a typical simple VoIP end-to-end call scenario, in which, handheld devices are used to achieve the conversation. Similar results were obtained by connecting the devices through a wireless LAN network or in an ad hoc fashion. In this experimental configuration, all stages in a conventional VoIP communication are accounted for (encoding,

Conclusion

In this paper, E2VoIP2 was presented and analyzed. E2VoIP2 takes advantage of the voice traffic pattern in IP networks to efficiently encrypt voice packets while minimizing time and power processing overhead. Each voice packet transports a short transient of audible information, to which, the human ear is hardly sensitive. This fact was exploited to divide the voice stream into groups of packets, where only the first packet in each group is encrypted with a secure algorithm while the remaining

Acknowledgment

Research funded by the American University of Beirut University Research Board.

Elias Abou Charanek received his Diploma in Electrical and Electronic Engineering from the Lebanese University in 2004, and his ME in Electrical and Computer Engineering from the American University of Beirut in 2009. Currently he is with OPNET Technologies, Inc. His research interests include security, multimedia and networking.

References (41)

  • M. Baugher et al.

    The secure real-time transport protocol (SRTP)

    RFC

    (March 2004)
  • D. Butcher et al.

    Security challenge and defense in VoIP infrastructures

    IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews

    (Nov. 2007)
  • A.H. Cheetham et al.

    Binary (presence–absence) similarity coefficients

    Journal of Paleontology

    (1969)
  • Euijin Choo et al.

    SRMT: a lightweight encryption scheme for secure real-time multimedia transmission

    Multimedia and Ubiquitous Engineering

    (April 2007)
  • Wu Chung-Ping et al.

    Design of integrated multimedia compression and encryption systems

    IEEE Transactions on Multimedia

    (Oct. 2005)
  • Ding L, Goubran RA. Assessment of effects of packet loss on speech quality in VoIP. IEEE international workshop on...
  • J.D. Gibson et al.

    Selective encryption and scalable speech coding for voice communications over multi-hop wireless links

    IEEE Military Communications Conference

    (31 Oct.–3 Nov. 2004)
  • Brownridge Glen et al.

    Protecting VoIP and multimedia communications from growing security threats

    Nortel Technical Journal

    (February 2006)
  • Gupta P, Shmatikov V, VMWare I, Alto P. Security analysis of voice-over-IP protocols. 20th IEEE computer security...
  • Jung Kyu Han, Hye-Young Chang, Seongje Cho, Minkyu Park. EMCEM: an efficient multimedia content encryption scheme for...
  • Cited by (1)

    Elias Abou Charanek received his Diploma in Electrical and Electronic Engineering from the Lebanese University in 2004, and his ME in Electrical and Computer Engineering from the American University of Beirut in 2009. Currently he is with OPNET Technologies, Inc. His research interests include security, multimedia and networking.

    Hoseb Dermanilian received the BE degree with high distinction in Electric and Computer Engineering from Aleppo University in 2009. He is currently a graduate student at the Department of Electrical and Computer Engineering at the American University of Beirut, where he is doing research in the field of computer and communications networks with emphasis on communications security, VoIP security, and energy efficient security.

    Imad H. Elhajj received his Bachelor of Engineering in Computer and Communications Engineering, with distinction, from the American University of Beirut in 1997 and the M.S. and Ph.D. degrees in Electrical Engineering from Michigan State University in 1999 and 2002, respectively. He is currently an Assistant Professor with the Department of Electrical and Computer Engineering. Dr. Elhajj is the secretary of IEEE Lebanon Section, senior member of IEEE and a member of ACM. His research interests include instrumentation and robotics, cyber security, sensor and computer networks, and multimedia networking. Imad received the Most Outstanding Graduate Student Award from the Department of Electrical and Computer Engineering at Michigan State University in April 2001, the Best Paper award at the IEEE Electro Information Technology Conference in June 2003, and the Best Paper Award at the International Conference on Information Society in the 21st Century in November 2000. Dr. Elhajj is recipient of the Teaching Excellence Award at the American University of Beirut, June 2011.

    Ayman Kayssi was born in Lebanon. He studied electrical engineering and received the BE degree, with distinction, in 1987 from the American University of Beirut (AUB), and the MSE and PhD degrees from the University of Michigan, Ann Arbor, in 1989 and 1993, respectively. He received the Academic Excellence Award of the AUB Alumni Association in 1987. In 1993, he joined the Department of Electrical and Computer Engineering (ECE) at AUB, where he is currently a full professor. In 1999-2000, he took a leave of absence and joined Transmog Inc. as chief technology officer. From 2004 to 2007, he served as chairman of the ECE Department at AUB. He teaches courses in electronics and in networking, and has received AUB's Teaching Excellence Award in 2003. His research interests are in information security and in integrated circuit design and test. He has published around 125 articles in the areas of VLSI, networking, security, and engineering education. He is a senior member of IEEE and a member of ACM.

    Ali Chehab received his Bachelor degree in Electrical Engineering from the American University of Beirut in 1987, the Master's degree in EE from Syracuse University in 1989, and the PhD degree in ECE from the University of North Carolina at Charlotte, in 2002. From 1989 to 1998, he was a lecturer in the ECE Department at AUB. He rejoined the ECE Department at AUB as an assistant professor in 2002 and became an Associate Professor in 2008. He received the teaching excellence award in 2007. His research interests include Information Security and Trust and VLSI Testing. Dr. Chehab teaches courses in cryptography, programming, digital design and digital testing and conducts research in Cloud Computing security, Multimedia Security and Wireless Communication Security. He has about 90 publications. He is a senior member of IEEE and a member of ACM.

    View full text