E2VoIP2: Energy efficient voice over IP privacy
Introduction
Voice has always been an incontestable way for individuals to communicate. In addition, when we are spoken to, the voice we hear confirms the authenticity of the person speaking. Ever since the invention of the Public Switched Telephone Network (PSTN) to transmit the human voice in a relatively recognizable form (Andrew, 2003), technology has been evolving and giving rise to more opportunities and challenges.
Voice over Internet Protocol (VoIP) is gaining ground, not only because of the cheap call rates it provides but also due to the convergence of telecommunication technologies, pervasive computing and the internet (e.g. WiMax, Long Term Evolution,…) (Steven, 2008). New applications that integrate telephony, computing and ubiquity became viable with VoIP: rich media service, phone portability, and user control interface.
A very detailed survey is presented by Karapantazis and Pavlidou regarding emerging Voice over IP services and protocols. VoIP is compared to PSTN in terms of advantages, disadvantages and the offered services. VoIP services are typically based on monthly fixed costs or are completely free (Karapantazis and Pavlidou, 2009). However, VoIP applications inherit many challenging characteristics from the underlying IP network related to quality of service (QoS) limitations and security threats. The degradation of QoS in VoIP applications is mainly due to the latency and jitter that voice packets are subjected to. Since voice applications are real-time and interactive applications, a delay that exceeds 150 ms from end-to-end is not tolerated by humans (Patrick, 2008, Glen et al., 2006). As for security threats, they can be categorized into threats against availability, confidentiality, social context, integrity or threats caused by vulnerable components (Patrick, 2008). Threats can also be classified into passive and active, such as denial of service, man in the middle, replay and cut-and-paste attacks, theft of service, eavesdropping, impersonation, poisoning attacks, credential and identity theft, redirection/hijacking and session disruption (Alan and David, 2006).
Traditional ways to secure digital data come at a price when applied to voice traffic. The literature discusses the effects of traditional security protocols that can be used in a VoIP system such as: IPSec, Internet Key Exchange, TLS and Datagram Transport Layer Security (DTLS), Secure Shell, PGP and DNSSec, SRTP, and ZRTP (Alan and David, 2006). Although VoIP uses codecs to digitize voice, the digital output contains much lower information density than text data as discussed in Section 3 (Chung-Ping and Kuo, 2005, Talevski et al., 2007). Encrypting a large number of packets will increase the processing overhead and delay thus affecting the quality of voice. In a mobile wireless context, using handheld devices, this effect is more pronounced. The added processing overhead not only affects the delay but also has direct implications on the power exhaustion in already power-constrained handheld devices.
Secure Real-Time Transport Protocol (SRTP) is one of the most popular security mechanisms used to secure media streams in VoIP applications. SRTP has a very low overhead and it is the secure version of the traditional RTP/RTCP protocol which is mainly used for the real-time transmission of multimedia over IP. SRTP provides confidentiality, integrity, authentication and replay protection for RTP and RTCP traffic. However, evaluating SRTP performance in both protecting the RTCP traffic and cryptographic functions other than the encryption is out of the scope of this paper. In SRTP, AES in counter or f8 mode and HMAC-SHA-1 are the predefined algorithms for encryption and authentication, respectively (Baugher et al., 2004).
This paper proposes an encoder-independent reduced processing encryption method when compared to other VoIP securing methods, such as SRTP. This reduction in processing has a positive impact on the voice encryption latency and on the power consumption in handheld devices, while guaranteeing an end-to-end confidentiality.
The rest of the paper is organized as follow: Section 2 discusses the literature that covers VoIP security and multimedia networking-friendly cryptographic methods. Section 3 presents the proposed design, Energy Efficient Voice over IP Privacy (E2VoIP2), and the analyses of its strengths and weaknesses. Section 4 describes the implementation of E2VoIP2 and analyzes the experimental results. Finally, Section 5 concludes with a summary of the paper.
Section snippets
Related work
In this section we cover two aspects of previous work: (1) VoIP security and (2) multimedia networking-friendly security approaches.
Design and analysis of E2VoIP2
The motivation for the proposed design of E2VoIP2 stems from two properties of VoIP and its encoders: the first property is the large number of voice packets and the second property is the low density of information. Voice codecs encode the voice information at the transmitter with a certain encoding scheme and then decodes it back at the receiver side. Each codec varies in its requirements and compression mechanisms, but the frame released out of most of the codecs is relatively small in size
Simulation, implementation and experimental results
E2VoIP2 is implemented within an open-source application, PJSIP, which supports both Windows XP and Windows Mobile. The experimental setup represents a typical simple VoIP end-to-end call scenario, in which, handheld devices are used to achieve the conversation. Similar results were obtained by connecting the devices through a wireless LAN network or in an ad hoc fashion. In this experimental configuration, all stages in a conventional VoIP communication are accounted for (encoding,
Conclusion
In this paper, E2VoIP2 was presented and analyzed. E2VoIP2 takes advantage of the voice traffic pattern in IP networks to efficiently encrypt voice packets while minimizing time and power processing overhead. Each voice packet transports a short transient of audible information, to which, the human ear is hardly sensitive. This fact was exploited to divide the voice stream into groups of packets, where only the first packet in each group is encrypted with a secure algorithm while the remaining
Acknowledgment
Research funded by the American University of Beirut University Research Board.
Elias Abou Charanek received his Diploma in Electrical and Electronic Engineering from the Lebanese University in 2004, and his ME in Electrical and Computer Engineering from the American University of Beirut in 2009. Currently he is with OPNET Technologies, Inc. His research interests include security, multimedia and networking.
References (41)
- et al.
Issues and challenges in securing VoIP
Computers and Security
(2009) - et al.
Survey of network security systems to counter SIP-based denial-of-service attacks
Computers and Security
(2010) - et al.
VoIP: A comprehensive survey on a promising technology
Computer Networks
(2009) - et al.
Providing true end-to-end security in converged voice over IP infrastructures
Computers and Security
(2009) - et al.
Understanding voice over IP security
(2006) - Alexander AL, Wijesinha AL, Karne R. An evaluation of secure real-time transport protocol (SRTP) performance for VoIP....
- et al.
Stream or block cipher for securing VoIP?
International Journal of Network Security
(Sept. 2007) - Barbieri, BR. Voice over IPsec analysis and solutions. Proceeding of IEEE 18th annual computer security applications...
The secure real-time transport protocol (SRTP)
RFC
Security challenge and defense in VoIP infrastructures
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Binary (presence–absence) similarity coefficients
Journal of Paleontology
SRMT: a lightweight encryption scheme for secure real-time multimedia transmission
Multimedia and Ubiquitous Engineering
Design of integrated multimedia compression and encryption systems
IEEE Transactions on Multimedia
Selective encryption and scalable speech coding for voice communications over multi-hop wireless links
IEEE Military Communications Conference
Protecting VoIP and multimedia communications from growing security threats
Nortel Technical Journal
Cited by (1)
Energy-efficient security for voice over IP
2015, International Journal of Network Security
Elias Abou Charanek received his Diploma in Electrical and Electronic Engineering from the Lebanese University in 2004, and his ME in Electrical and Computer Engineering from the American University of Beirut in 2009. Currently he is with OPNET Technologies, Inc. His research interests include security, multimedia and networking.
Hoseb Dermanilian received the BE degree with high distinction in Electric and Computer Engineering from Aleppo University in 2009. He is currently a graduate student at the Department of Electrical and Computer Engineering at the American University of Beirut, where he is doing research in the field of computer and communications networks with emphasis on communications security, VoIP security, and energy efficient security.
Imad H. Elhajj received his Bachelor of Engineering in Computer and Communications Engineering, with distinction, from the American University of Beirut in 1997 and the M.S. and Ph.D. degrees in Electrical Engineering from Michigan State University in 1999 and 2002, respectively. He is currently an Assistant Professor with the Department of Electrical and Computer Engineering. Dr. Elhajj is the secretary of IEEE Lebanon Section, senior member of IEEE and a member of ACM. His research interests include instrumentation and robotics, cyber security, sensor and computer networks, and multimedia networking. Imad received the Most Outstanding Graduate Student Award from the Department of Electrical and Computer Engineering at Michigan State University in April 2001, the Best Paper award at the IEEE Electro Information Technology Conference in June 2003, and the Best Paper Award at the International Conference on Information Society in the 21st Century in November 2000. Dr. Elhajj is recipient of the Teaching Excellence Award at the American University of Beirut, June 2011.
Ayman Kayssi was born in Lebanon. He studied electrical engineering and received the BE degree, with distinction, in 1987 from the American University of Beirut (AUB), and the MSE and PhD degrees from the University of Michigan, Ann Arbor, in 1989 and 1993, respectively. He received the Academic Excellence Award of the AUB Alumni Association in 1987. In 1993, he joined the Department of Electrical and Computer Engineering (ECE) at AUB, where he is currently a full professor. In 1999-2000, he took a leave of absence and joined Transmog Inc. as chief technology officer. From 2004 to 2007, he served as chairman of the ECE Department at AUB. He teaches courses in electronics and in networking, and has received AUB's Teaching Excellence Award in 2003. His research interests are in information security and in integrated circuit design and test. He has published around 125 articles in the areas of VLSI, networking, security, and engineering education. He is a senior member of IEEE and a member of ACM.
Ali Chehab received his Bachelor degree in Electrical Engineering from the American University of Beirut in 1987, the Master's degree in EE from Syracuse University in 1989, and the PhD degree in ECE from the University of North Carolina at Charlotte, in 2002. From 1989 to 1998, he was a lecturer in the ECE Department at AUB. He rejoined the ECE Department at AUB as an assistant professor in 2002 and became an Associate Professor in 2008. He received the teaching excellence award in 2007. His research interests include Information Security and Trust and VLSI Testing. Dr. Chehab teaches courses in cryptography, programming, digital design and digital testing and conducts research in Cloud Computing security, Multimedia Security and Wireless Communication Security. He has about 90 publications. He is a senior member of IEEE and a member of ACM.