A survey on anonymous voice over IP communication: attacks and defenses

Anonymous voice over IP (VoIP) communication is important for many users, in particular, journalists, human rights workers and the military. Recent research work has shown an increasing interest in methods of anonymous VoIP communication. This survey starts by introducing and identifying the major concepts and challenges in this field. Then we review anonymity attacks on VoIP and the existing work done to design defending strategies. We also propose a taxonomy of attacks and defenses. Finally, we discuss possible future work.

[1]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[2]  Francesco Buccafurri,et al.  Implementing disposable credit card numbers by mobile phones , 2011, Electron. Commer. Res..

[3]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[4]  Julien Iguchi-Cartigny,et al.  Closed-Circuit Unobservable Voice over IP , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[5]  Roy T. Fielding,et al.  Uniform Resource Identifiers (URI): Generic Syntax , 1998, RFC.

[6]  Henning Schulzrinne,et al.  RTP Payload for DTMF Digits, Telephony Tones, and Telephony Signals , 2000, RFC.

[7]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[8]  Mirko D'Onofrio,et al.  Technical feasibility and first results of 64-row MDCT perfusion in differentiating pancreatic adenocarcinoma from normal parenchyma , 2010 .

[9]  Mark Handley,et al.  SDP: Session Description Protocol , 1998, RFC.

[10]  Charles V. Wright,et al.  Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? , 2007, USENIX Security Symposium.

[11]  Birgit Pfitzmann,et al.  ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead , 1991, Kommunikation in Verteilten Systemen.

[12]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[13]  Dogan Kesdogan,et al.  Measuring Anonymity: The Disclosure Attack , 2003, IEEE Secur. Priv..

[14]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[15]  Nasir D. Memon,et al.  Tracking encrypted VoIP calls via robust hashing of network flows , 2010, 2010 IEEE International Conference on Acoustics, Speech and Signal Processing.

[16]  Jon Peterson,et al.  A Privacy Mechanism for the Session Initiation Protocol (SIP) , 2002, RFC.

[17]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[18]  Sushil Jajodia,et al.  Tracking Skype VoIP Calls Over The Internet , 2010, 2010 Proceedings IEEE INFOCOM.

[19]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[20]  Mudhakar Srivatsa,et al.  Preserving Caller Anonymity in Voice-over-IP Networks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[21]  Sean Turner,et al.  Secure/Multipurpose Internet Mail Extensions , 2010, IEEE Internet Computing.

[22]  Amr M. Youssef,et al.  Speaker recognition from encrypted VoIP communications , 2010, Digit. Investig..

[23]  Ge Zhang,et al.  Peer-to-Peer VoIP Communications Using Anonymisation Overlay Networks , 2010, Communications and Multimedia Security.

[24]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[25]  George Danezis,et al.  Statistical Disclosure Attacks , 2003, SEC.

[26]  Huirong Fu,et al.  Traffic analysis attacks on Skype VoIP calls , 2011, Comput. Commun..

[27]  Carmela Troncoso,et al.  Drac: An Architecture for Anonymous Low-Volume Communications , 2010, Privacy Enhancing Technologies.

[28]  Jeremy Clark,et al.  Usability of anonymous web browsing: an examination of Tor interfaces and deployability , 2007, SOUPS '07.

[29]  Hongbo Jiang,et al.  Privacy in VoIP Networks: Flow Analysis Attacks and Defense , 2011, IEEE Transactions on Parallel and Distributed Systems.

[30]  Ye Zhu On Privacy Leakage through Silence Suppression , 2010, ISC.

[31]  Sushil Jajodia,et al.  On the anonymity and traceability of peer-to-peer VoIP calls , 2006, IEEE Network.

[32]  David G. Taylor,et al.  Privacy concern and online personalization: The moderating effects of information control and compensation , 2009, Electron. Commer. Res..

[33]  Yuanchao Lu,et al.  Correlation-Based Traffic Analysis on Encrypted VoIP Traffic , 2010, 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing.

[34]  Hangbae Chang The security service rating design for IT convergence services , 2013, Electron. Commer. Res..

[35]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[36]  Mudhakar Srivatsa,et al.  Privacy in VoIP Networks: A k-Anonymity Approach , 2009, IEEE INFOCOM 2009.

[37]  Jonathan D. Rosenberg,et al.  Obtaining and Using Globally Routable User Agent URIs (GRUUs) in the Session Initiation Protocol (SIP) , 2009, RFC.

[38]  Georgios Kambourakis,et al.  A framework for identity privacy in SIP , 2010, J. Netw. Comput. Appl..

[39]  Charles V. Wright,et al.  Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.

[40]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[41]  Bernhard Plattner,et al.  Towards Pseudonymous e-Commerce , 2004, Electron. Commer. Res..

[42]  Matthew K. Wright,et al.  Timing Attacks in Low-Latency Mix Systems (Extended Abstract) , 2004, Financial Cryptography.

[43]  Henning Schulzrinne,et al.  A VoIP Privacy Mechanism and its Application in VoIP Peering for Voice Service Provider Topology and Identity Hiding , 2008, ArXiv.

[44]  Xi Chen,et al.  Factors affecting privacy disclosure on social network sites: an integrated model , 2010, Electronic Commerce Research.

[45]  Georgios Kambourakis,et al.  PrivaSIP: Ad-hoc identity privacy in SIP , 2011, Comput. Stand. Interfaces.

[46]  Sushil Jajodia,et al.  Tracking anonymous peer-to-peer VoIP calls on the internet , 2005, CCS '05.

[47]  Takumi Ohba,et al.  User-Agent-Driven Privacy Mechanism for SIP , 2010, RFC.

[48]  Michael Backes,et al.  Speaker Recognition in Encrypted Voice Streams , 2010, ESORICS.

[49]  Philip S. Yu,et al.  Finding "Who Is Talking to Whom" in VoIP Networks via Progressive Stream Clustering , 2006, Sixth International Conference on Data Mining (ICDM'06).

[50]  Robert Zopf Real-time Transport Protocol (RTP) Payload for Comfort Noise (CN) , 2002, RFC.

[51]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[52]  Matthew K. Wright,et al.  Empirical tests of anonymous voice over IP , 2011, J. Netw. Comput. Appl..

[53]  Ge Zhang,et al.  Hidden VoIP calling records from networking intermediaries , 2010, IPTComm.

[54]  Ge Zhang An Analysis for Anonymity and Unlinkability for a VoIP Conversation , 2009, PrimeLife.