An Analysis for Anonymity and Unlinkability for a VoIP Conversation

With the growth of its popularity, VoIP is increasingly popular nowadays. Similarly to other Internet applications, VoIP users may desire to be unlinkable with their participated VoIP session records for privacy issues. In this paper, we explore the Items of Interests (IOIs) from anonymisation aspects based on a simplified VoIP model and analyse the potential links between them. We address possible methods to break the links. Finally, we also discuss requirements for a VoIP anonymisation Service (VAS) in terms of functionality, performance and usability. Based on this, we discuss the fundamental design requirements for a VAS which we intend to subsequently implement.

[1]  Ingemar Johansson,et al.  Support for Reduced-Size Real-Time Transport Control Protocol (RTCP): Opportunities and Consequences , 2009, RFC.

[2]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[3]  Matthew K. Wright,et al.  Timing Attacks in Low-Latency Mix Systems (Extended Abstract) , 2004, Financial Cryptography.

[4]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[5]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[6]  Hannes Federrath,et al.  Performance Comparison of Low-Latency Anonymisation Services from a User Perspective , 2007, Privacy Enhancing Technologies.

[7]  Charles V. Wright,et al.  Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[8]  Robert N. M. Watson,et al.  Metrics for Security and Performance in Low-Latency Anonymity Systems , 2008, Privacy Enhancing Technologies.

[9]  Ken Harrenstien,et al.  Nicname/whois , 1982, RFC.

[10]  Baugher,et al.  The Secure Real-Time Transport Protocol , 2003 .

[11]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[12]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[13]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[14]  Jari Arkko,et al.  MIKEY: Multimedia Internet KEYing , 2004, RFC.

[15]  Micah Sherr,et al.  Towards Application-Aware Anonymous Routing , 2007, HotSec.

[16]  Henning Schulzrinne,et al.  A VoIP Privacy Mechanism and its Application in VoIP Peering for Voice Service Provider Topology and Identity Hiding , 2008, ArXiv.

[17]  Roger Dingledine,et al.  Performance Improvements on Tor or, Why Tor is slow and what we're going to do about it , 2009 .

[18]  Fotini-Niovi Pavlidou,et al.  VoIP: A comprehensive survey on a promising technology , 2009, Comput. Networks.

[19]  Mark Handley,et al.  SDP: Session Description Protocol , 1998, RFC.

[20]  Robert Zopf Real-time Transport Protocol (RTP) Payload for Comfort Noise (CN) , 2002, RFC.

[21]  Charles V. Wright,et al.  Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? , 2007, USENIX Security Symposium.

[22]  Sushil Jajodia,et al.  Tracking anonymous peer-to-peer VoIP calls on the internet , 2005, CCS '05.

[23]  Nikita Borisov,et al.  A Tune-up for Tor: Improving Security and Performance in the Tor Network , 2008, NDSS.

[24]  Jon Peterson,et al.  A Privacy Mechanism for the Session Initiation Protocol (SIP) , 2002, RFC.

[25]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[26]  Mark Handley,et al.  SDP: Session Description Protocol , 1998, RFC.

[27]  Philip S. Yu,et al.  Online pairing of VoIP conversations , 2007, The VLDB Journal.