Article

Tracking anonymous peer-to-peer VoIP calls on the internet

Authors:

Sushil JajodiaAuthors Info & Claims

CCS '05: Proceedings of the 12th ACM conference on Computer and communications security

Pages 81 - 91

https://doi.org/10.1145/1102120.1102133

Published: 07 November 2005 Publication History

Abstract

Peer-to-peer VoIP calls are becoming increasingly popular due to their advantages in cost and convenience. When these calls are encrypted from end to end and anonymized by low latency anonymizing network, they are considered by many people to be both secure and anonymous.In this paper, we present a watermark technique that could be used for effectively identifying and correlating encrypted, peer-to-peer VoIP calls even if they are anonymized by low latency anonymizing networks. This result is in contrast to many people's perception. The key idea is to embed a unique watermark into the encrypted VoIP flow by slightly adjusting the timing of selected packets. Our analysis shows that it only takes several milliseconds time adjustment to make normal VoIP flows highly unique and the embedded watermark could be preserved across the low latency anonymizing network if appropriate redundancy is applied. Our analytical results are backed up by the real-time experiments performed on leading peer-to-peer VoIP client and on a commercially deployed anonymizing network. Our results demonstrate that (1) tracking anonymous peer-to-peer VoIP calls on the Internet is feasible and (2) low latency anonymizing networks are susceptible to timing attacks.

References

[1]

Anonymizer. http://www.anonymizer.com

[2]

M. Arango, A. Dugan, I. Elliott, C. Huitema and S. Pickett. RFC 2705: Media Gateway Control Protocol (MGCP) Version 1.0. IETF, October 1999.

Digital Library

[3]

A. Back, I. Goldberg, and A. Shostack. Freedom 2.1 Security Issues and Analysis. Zero-Knowledge Systems, Inc. white paper, May 2001

[4]

S. A. Baset and H. Schulzrinne. An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol. Columbia Technical Report CUCS-039-04, December 2004

[5]

A. Blum, D. Song, and S. Venkataraman. Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds. In Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004). Springer, October 2004.

[6]

R. Dingledine, N. Mathewson and and P. Syverson. Tor: The Second Generation Onion Router. In Proceedings of the 13th USENIX Security Symposium, August 2000.

Digital Library

[7]

D. L. Donoho, A. G. Flesia, U. Shankar, V. Paxson, J. Coit and S. Staniford. Multiscale Stepping Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002): LNCS-2516, pages 17--35. Springer, October 2002.

Digital Library

[8]

FBI. Letter to FCC http://www.askcalea.com/docs/20040128.jper.letter.pdf

[9]

Federal Communications Commission. Notice of Proposed Rulemaking (NPRM) and Declaratory Ruling RM-10865, ET Docket No. 04--295, FCC 04--187. In Federal Register at 69 Fed. Reg. 56956, August, 2004.

[10]

E. W. Felton and M. A. Schneider. Timing Attacks on Web Privacy. In Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS 2000), pages 25--32. ACM, November 2000.

Digital Library

[11]

Findnot. http://www.findnot.com

[12]

M. J. Freedman and R. Morris. Tarzan: A Peer-to-Peer Anonymizing Network Layer. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pages 193--206. ACM, November 2003.

Digital Library

[13]

D. Goldschlag, M. Reed and P. Syverson. Onion Routing for Anonymous and Private Internet Connections In Communications of ACM, volume 42(2), Febrary 1999.

Digital Library

[14]

M. T. Goodrich. Efficient Packet Marking for Large-scale IP Traceback. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pages 117--126. ACM, October 2002.

Digital Library

[15]

ITU-T Recommendation H.323v.4 Packet-based Multimedia Communications Systems. November 2000.

[16]

Kazaa. http://www.kazaa.com/

[17]

T. Kohno, A. Broido and K. Claffy. Remote Physical Device Fingerprinting. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, IEEE, 2005.

Digital Library

[18]

B. Levine, M. Reiter, C. Wang, and M. Wright. Timing Attacks in Low-Latency Mix Systems. In Proceedings of Financial Cryptography: 8th International Conference (FC 2004): LNCS-3110, 2004.

[19]

J. Li, M. Sung, J. Xu and L. Li. Large Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, IEEE, 2004.

[20]

S. J. Murdoch and G. Danezis. Low-Cost Traffic Analysis of Tor. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, IEEE, 2005.

Digital Library

[21]

A. Pfitzmann, B. Pfitzmann and M. Waidner. ISDN-MIXes" Untraceable Communication with Small Bandwidth Overhead. In Proceedings of GI/ITG Conference: Communication in Distributed Systems, Mannheim, Informatik-Fachberichte 267, pages 451--463, Springer-Verlag, 1991.

Digital Library

[22]

J. Rosenberg, H. Schulzrinne, G. Camarillo, A. R. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler. RFC 3261: SIP: Session Initiation Protocol. IETF, June 2002.

Digital Library

[23]

RTAI. http://www.rtai.org

[24]

S. Savage, D. Wetherall, A. Karlin, and T. Anderson. Practical Network Support for IP Traceback. In Proceedings of ACM SIGCOMM 2000, pages 295--306. ACM, September 2000.

Digital Library

[25]

H. Schulzrinne. Internet Telephony. In Practical Handbook of Internet Computing, CRC, 2004

[26]

H. Schulzrinne and J. Rosenberg. A Comparison of SIP and H.323 for Internet Telephony. In Proceedings of International Workshop on Network and Operating System Support for Digital Audio and Video (NOSSDAV 1998), pages 83--86, Cambridge, England, July 1998.

[27]

H. Schulzrinne and J. Rosenberg. Signaling for Internet Telephony. In Proceedings of The 6th IEEE International Conference on Network Protocols (ICNP'98), October 1998.

Digital Library

[28]

Skype - the Global Internet Telephony Company. http://www.skype.org

[29]

S. Snapp, J. Brentano, G. V. Dias, T. L. Goan, L. T. Heberlein, C. Ho, K. N. Levitt, B. Mukherjee, S. E. Smaha1, T. Grance, D. M. Teal, and D. Mansur. DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and Early Prototype. In Proceedings of the 14th National Computer Security Conference, pages 167--176, 1991.

[30]

A. Snoeren, C. Patridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent, and W. T. Strayer. Hash-based IP Traceback. In Proceedings of ACM SIGCOMM 2001, pages 3--14. ACM, September 2001.

Digital Library

[31]

S. Staniford-Chen and L. Heberlein. Holding Intruders Accountable on the Internet. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, pages 39--49. IEEE, 1995.

Digital Library

[32]

X. Wang and D. Reeves. Robust Correlation of Encrypted Attack Traffic Through Stepping Stones by Manipulation of Interpacket Delays. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), pages 20--29. ACM, October 2003.

Digital Library

[33]

X. Wang, D. Reeves, and S. Wu. Inter-packet Delay Based Correlation for Tracing Encrypted Connections Through Stepping Stones. In Proceedings of the 7th European Symposium on Research in Computer Security (ESORICS 2002), LNCS-2502, pages 244--263. Springer-Verlag, October 2002.

Digital Library

[34]

K. Yoda and H. Etoh. Finding a Connection Chain for Tracing Intruders. In Proceedings of the 6th European Symposium on Research in Computer Security (ESORICS 2000), LNCS-1895, pages 191--205. Springer-Verlag, October 2002.

Digital Library

[35]

Y. Zhang and V. Paxson. Detecting Stepping Stones. In Proceedings of the 9th USENIX Security Symposium, pages 171--184. USENIX, 2000.

Digital Library

Cited By

PAGE DProuff ERenault GRivain MO'Flynn C(2025)Timing AttacksEmbedded Cryptography 110.1002/9781394351879.ch1(1-29)Online publication date: 17-Jan-2025
https://doi.org/10.1002/9781394351879.ch1
(2024)Detecting of Flow Timing Known Attacks and Protection in VoIP NetworksREST Journal on Data Analytics and Artificial Intelligence10.46632/jdaai/1/2/61:2(41-48)Online publication date: 13-Aug-2024
https://doi.org/10.46632/jdaai/1/2/6
Carlson AHasselquist DWitwer EJohansson NCarlsson NAyday EVaidya J(2024)Understanding and Improving Video Fingerprinting Attack Accuracy under Challenging ConditionsProceedings of the 23rd Workshop on Privacy in the Electronic Society10.1145/3689943.3695045(141-154)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3689943.3695045
Show More Cited By

Index Terms

Tracking anonymous peer-to-peer VoIP calls on the internet
1. Networks
  1. Network services
    1. Network monitoring

Recommendations

Study on Privacy Protection and Anonymous Communication in Peer-to-Peer Networks
MINES '09: Proceedings of the 2009 International Conference on Multimedia Information Networking and Security - Volume 02

While encrypting communication can hide the content of the transaction, the attacker still can invade the users' privacy by flow analysis. Anonymous communication technology is an important method to protect users' privacy. By hiding the participators' ...
Information leaks in structured peer-to-peer anonymous communication systems
CCS '08: Proceedings of the 15th ACM conference on Computer and communications security

We analyze information leaks in the lookup mechanisms of structured peer-to-peer anonymous communication systems and how these leaks can be used to compromise anonymity. We show that the techniques that are used to combat active attacks on the lookup ...
Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems
Special Issue on Computer and Communications Security

We analyze information leaks in the lookup mechanisms of structured peer-to-peer (P2P) anonymous communication systems and how these leaks can be used to compromise anonymity. We show that the techniques used to combat active attacks on the lookup ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '05: Proceedings of the 12th ACM conference on Computer and communications security

November 2005

422 pages

ISBN:1595932267

DOI:10.1145/1102120

General Chair:
Vijay Atluri
Rutgers University
,
Program Chairs:
Catherine Meadows
Naval Research Laboratory
,
Ari Juels
RSA Laboratories

Copyright © 2005 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2005

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS05

Sponsor:

CCS05: 12th ACM Conference on Computer and Communications Security 2005

November 7 - 11, 2005

VA, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 1,242 of 6,940 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

149
Total Citations
View Citations
2,554
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)2

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

PAGE DProuff ERenault GRivain MO'Flynn C(2025)Timing AttacksEmbedded Cryptography 110.1002/9781394351879.ch1(1-29)Online publication date: 17-Jan-2025
https://doi.org/10.1002/9781394351879.ch1
(2024)Detecting of Flow Timing Known Attacks and Protection in VoIP NetworksREST Journal on Data Analytics and Artificial Intelligence10.46632/jdaai/1/2/61:2(41-48)Online publication date: 13-Aug-2024
https://doi.org/10.46632/jdaai/1/2/6
Carlson AHasselquist DWitwer EJohansson NCarlsson NAyday EVaidya J(2024)Understanding and Improving Video Fingerprinting Attack Accuracy under Challenging ConditionsProceedings of the 23rd Workshop on Privacy in the Electronic Society10.1145/3689943.3695045(141-154)Online publication date: 20-Nov-2024
https://dl.acm.org/doi/10.1145/3689943.3695045
Hasselquist DJohansson NCarlsson NRegazzoni FFournaris A(2023)Now is the Time: Scalable and Cloud-supported Audio Conferencing using End-to-End Homomorphic EncryptionProceedings of the 2023 on Cloud Computing Security Workshop10.1145/3605763.3625245(41-53)Online publication date: 26-Nov-2023
https://dl.acm.org/doi/10.1145/3605763.3625245
Bozorgi ABahramali ARezaei FGhafari AHoumansadr ASoltani RGoeckel DTowsley D(2023)I Still Know What You Did Last Summer: Inferring Sensitive User Activities on Messaging Applications Through Traffic AnalysisIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321819120:5(4135-4153)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3218191
Cui JHan KSha LLiu WZhang XLi G(2023)An efficient hexadecimal network flow watermark method for tracking attack trafficScientific Reports10.1038/s41598-023-48552-013:1Online publication date: 30-Nov-2023
https://doi.org/10.1038/s41598-023-48552-0
Kirci EApostolaki MMeier RSingla AVanbever L(2022)Mass surveillance of VoIP calls in the data planeProceedings of the Symposium on SDN Research10.1145/3563647.3563649(33-49)Online publication date: 19-Oct-2022
https://dl.acm.org/doi/10.1145/3563647.3563649
Schatz DRossberg MSchaefer G(2022)Hydra: Practical Metadata Security for Contact Discovery, Messaging, and Voice CallsSN Computer Science10.1007/s42979-022-01231-93:5Online publication date: 18-Jun-2022
https://doi.org/10.1007/s42979-022-01231-9
Alishavandi AFakhredanesh M(2021)MKIPS: MKI‐based protocol steganography method in SRTPETRI Journal10.4218/etrij.2018-041043:3(561-570)Online publication date: 23-Jun-2021
https://doi.org/10.4218/etrij.2018-0410
Rezaei FHoumansadr A(2021)FINN: Fingerprinting Network Flows using Neural NetworksProceedings of the 37th Annual Computer Security Applications Conference10.1145/3485832.3488010(1011-1024)Online publication date: 6-Dec-2021
https://dl.acm.org/doi/10.1145/3485832.3488010
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten