Evaluating the Privacy Properties of Secure VoIP Metadata

Some governments do not consider metadata as personal data, and so not in the scope of privacy regulations. However, often, metadata gives more relevant information than the actual content itself. Metadata can be very useful to identify, locate, understand and manage personal data, i.e., information that is eminently private in nature and under most privacy regulation should be anonymized or deleted if users have not give their consent. In voice calls, we are facing a critical situation in terms of privacy, as metadata can identify who calls to whom and the duration of the call, for example. In this work, we investigate privacy properties of voice calls metadata, in particular when using secure VoIP, giving evidence of the ability to extract sensitive information from its (“secure”) metadata. We find that ZRTP metadata is freely available to any client on the network, and that users can be re-identified by any user with access to the network. Also, we propose a solution for this problem, suitable for all the ZRTP-based implementations.

[1]  Irad Ben-Gal,et al.  Using targeted Bayesian network learning for suspect identification in communication networks , 2018, International Journal of Information Security.

[2]  Daniel Gatica-Perez,et al.  Mining large-scale smartphone data for personality studies , 2013, Personal and Ubiquitous Computing.

[3]  Ryosuke Shibasaki,et al.  Understanding User Attributes from Calling Behavior: Exploring Call Detail Records through Field Observations , 2014, MoMM.

[4]  Jon Callas,et al.  ZRTP: Media Path Key Agreement for Unicast Secure RTP , 2011, RFC.

[5]  David Lazer,et al.  Tracking employment shocks using mobile phone data , 2015, Journal of The Royal Society Interface.

[6]  Konstantinos Limniotis,et al.  On the Cryptographic Features of a VoIP Service , 2018, Cryptogr..

[7]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[8]  Y. de Montjoye,et al.  Unique in the shopping mall: On the reidentifiability of credit card metadata , 2015, Science.

[9]  Marco Furini,et al.  Location privacy and public metadata in social media platforms: attitudes, behaviors and opinions , 2014, Multimedia Tools and Applications.

[10]  Alex Pentland,et al.  Predicting Personality Using Novel Mobile Phone-Based Metrics , 2013, SBP.

[11]  Erez Shmueli,et al.  openPDS: Protecting the Privacy of Metadata through SafeAnswers , 2014, PloS one.

[12]  Wilfried N. Gansterer,et al.  Security and Usability Aspects of Man-in-the-Middle Attacks on ZRTP , 2008, J. Univers. Comput. Sci..

[13]  Jelena Tesic Metadata Practices for Consumer Photos , 2005, IEEE Multim..

[14]  Lars C. Wolf,et al.  Wiretapping End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP , 2017, Proc. Priv. Enhancing Technol..

[15]  John C. Mitchell,et al.  Evaluating the privacy properties of telephone metadata , 2016, Proceedings of the National Academy of Sciences.

[16]  Benjamin Greschbach,et al.  The devil is in the metadata — New privacy challenges in Decentralised Online Social Networks , 2012, 2012 IEEE International Conference on Pervasive Computing and Communications Workshops.

[17]  Qiang Yang,et al.  User demographics prediction based on mobile data , 2013, Pervasive Mob. Comput..