PinDr0p: using single-ended audio features to determine call provenance

The recent diversification of telephony infrastructure allows users to communicate through landlines, mobile phones and VoIP phones. However, call metadata such as Caller-ID is either not transferred or transferred without verification across these networks, allowing attackers to maliciously alter it. In this paper, we develop PinDr0p, a mechanism to assist users in determining call provenance - the source and the path taken by a call. Our techniques detect and measure single-ended audio features to identify all of the applied voice codecs, calculate packet loss and noise profiles, while remaining agnostic to characteristics of the speaker's voice (as this may legitimately change when interacting with a large organization). In the absence of verifiable call metadata, these features in combination with machine learning allow us to determine the traversal of a call through as many as three different providers (e.g., cellular, then VoIP, then PSTN and all combinations and subsets thereof) with 91.6% accuracy. Moreover, we show that once we identify and characterize the networks traversed, we can create detailed fingerprints for a call source. Using these fingerprints we show that we are able to distinguish between calls made using specific PSTN, cellular, Vonage, Skype and other hard and soft phones from locations across the world with over 90% accuracy. In so doing, we provide a first step in accurately determining the provenance of a call.

[1]  Lawrence R. Rabiner,et al.  A model for synthesizing speech by rule , 1969 .

[2]  Paul T. Groth,et al.  The requirements of recording and using provenance in e- Science experiments , 2005 .

[3]  Micah Sherr,et al.  Signaling vulnerabilities in wiretapping systems , 2005, IEEE Security & Privacy Magazine.

[4]  Grigorios Tsoumakas,et al.  Multi-Label Classification: An Overview , 2007, Int. J. Data Warehous. Min..

[5]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[6]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[7]  S. R. Broom,et al.  VoIP Quality Assessment: Taking Account of the Edge-Device , 2006, IEEE Transactions on Audio, Speech, and Language Processing.

[8]  Andries P. Hekstra,et al.  Perceptual evaluation of speech quality (PESQ)-a new method for speech quality assessment of telephone networks and codecs , 2001, 2001 IEEE International Conference on Acoustics, Speech, and Signal Processing. Proceedings (Cat. No.01CH37221).

[9]  Jaana Kekäläinen,et al.  Binary and graded relevance in IR evaluations--Comparison of the effects on ranking of IR systems , 2005, Inf. Process. Manag..

[10]  Zheng Chen,et al.  Effective multi-label active learning for text classification , 2009, KDD.

[11]  Srinivasan Seshan,et al.  802.11 user fingerprinting , 2007, MobiCom '07.

[12]  Jill Slay,et al.  Voice over IP forensics , 2008, e-Forensics '08.

[13]  IEEE Recommended Practice for Speech Quality Measurements , 1969, IEEE Transactions on Audio and Electroacoustics.

[14]  George Kesidis,et al.  A taxonomy of internet traceback , 2006, Int. J. Secur. Networks.

[15]  Juliana Freire,et al.  Provenance and scientific workflows: challenges and opportunities , 2008, SIGMOD Conference.

[16]  Nikita Borisov,et al.  Multi-flow Attacks Against Network Flow Watermarking Schemes , 2008, USENIX Security Symposium.

[17]  Sang Lyul Min,et al.  Caller ID System in the Internet Environment , 1993, USENIX Security Symposium.

[18]  Sanjeev Khanna,et al.  Why and Where: A Characterization of Data Provenance , 2001, ICDT.

[19]  J. Berger,et al.  P.563—The ITU-T Standard for Single-Ended Speech Quality Assessment , 2006, IEEE Transactions on Audio, Speech, and Language Processing.

[20]  Yong Zhao,et al.  Chimera: a virtual data system for representing, querying, and automating data derivation , 2002, Proceedings 14th International Conference on Scientific and Statistical Database Management.

[21]  Sushil Jajodia,et al.  Tracking anonymous peer-to-peer VoIP calls on the internet , 2005, CCS '05.

[22]  Charles V. Wright,et al.  Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[23]  Grigorios Tsoumakas,et al.  Random k -Labelsets: An Ensemble Method for Multilabel Classification , 2007, ECML.

[24]  Nick Feamster,et al.  Packets with Provenance , 2008 .

[25]  Michael Stonebraker,et al.  Supporting fine-grained data lineage in a database visualization environment , 1997, Proceedings 13th International Conference on Data Engineering.

[26]  Jennifer Widom,et al.  Practical lineage tracing in data warehouses , 2000, Proceedings of 16th International Conference on Data Engineering (Cat. No.00CB37073).

[27]  Ayman Radwan,et al.  Non-intrusive single-ended speech quality assessment in VoIP , 2007, Speech Commun..

[28]  Boon Thau Loo,et al.  Provenance-aware secure networks , 2008, 2008 IEEE 24th International Conference on Data Engineering Workshop.

[29]  Jennifer Widom,et al.  ULDBs: databases with uncertainty and lineage , 2006, VLDB.

[30]  Nikita Borisov,et al.  RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows , 2009, NDSS.

[31]  Wanlei Zhou,et al.  On the Effectiveness of Flexible Deterministic Packet Marking for DDoS Defense , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).

[32]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[33]  Sang Lyul Min,et al.  Caller Identification System in the Internet Environment , 1993 .

[34]  Michael Luck,et al.  Formalising a protocol for recording provenance in Grids , 2004 .

[35]  V. Paxson End-to-end routing behavior in the internet , 2006, CCRV.

[36]  Trent Jaeger,et al.  Scalable Web Content Attestation , 2012, IEEE Transactions on Computers.

[37]  Damon McCoy,et al.  Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting , 2006, USENIX Security Symposium.

[38]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[39]  Charles V. Wright,et al.  Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? , 2007, USENIX Security Symposium.