On Privacy of Encrypted Speech Communications

Silence suppression, an essential feature of speech communications over the Internet, saves bandwidth by disabling voice packet transmissions when silence is detected. However, silence suppression enables an adversary to recover talk patterns from packet timing. In this paper, we investigate privacy leakage through the silence suppression feature. More specifically, we propose a new class of traffic analysis attacks to encrypted speech communications with the goal of detecting speakers of encrypted speech communications. These attacks are based on packet timing information only and the attacks can detect speakers of speech communications made with different codecs. We evaluate the proposed attacks with extensive experiments over different type of networks including commercial anonymity networks and campus networks. The experiments show that the proposed traffic analysis attacks can detect speakers of encrypted speech communications with high accuracy based on traces of 15 minutes long on average.

[1]  Sushil Jajodia,et al.  Tracking anonymous peer-to-peer VoIP calls on the internet , 2005, CCS '05.

[2]  Lili Qiu,et al.  Statistical identification of encrypted Web browsing traffic , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[3]  Riccardo Bettati,et al.  Correlation-Based Traffic Analysis Attacks on Anonymity Networks , 2010, IEEE Transactions on Parallel and Distributed Systems.

[4]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[5]  George Danezis,et al.  Statistical Disclosure or Intersection Attacks on Anonymity Systems , 2004, Information Hiding.

[6]  Charles V. Wright,et al.  Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[7]  Paul T. Brady,et al.  A technique for investigating on-off patterns of speech , 1965 .

[8]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[9]  Michael Backes,et al.  Speaker Recognition in Encrypted Voice Streams , 2010, ESORICS.

[10]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[11]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[12]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[13]  Wing H. Wong,et al.  Timing attacks on RSA: revealing your secrets through the fourth dimension , 2005, CROS.

[14]  Mun Choon Chan,et al.  Website Fingerprinting and Identification Using Ordered Feature Sequences , 2010, ESORICS.

[15]  Christina Hattingh,et al.  End-to-End QoS Network Design: Quality of Service in LANs, WANs, and VPNs , 2004 .

[16]  Oliver Berthold,et al.  Dummy Traffic against Long Term Intersection Attacks , 2002, Privacy Enhancing Technologies.

[17]  Stephen E. Deering,et al.  First IETF internet audiocast , 1992, CCRV.

[18]  Charles V. Wright,et al.  Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? , 2007, USENIX Security Symposium.

[19]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[20]  Marc-Peter Schambach Determination of the number of writing variants with an HMM based cursive word recognition system , 2003, Seventh International Conference on Document Analysis and Recognition, 2003. Proceedings..

[21]  Jiangwen Deng,et al.  An HMM-based approach for gesture segmentation and recognition , 2000, Proceedings 15th International Conference on Pattern Recognition. ICPR-2000.

[22]  Henning Schulzrinne,et al.  Voice Communication Across the Internet: A Network Voice Terminal , 1992 .

[23]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[24]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[25]  Charles V. Wright,et al.  Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.

[26]  Christina Hattingh,et al.  End-to-End QoS Network Design: Quality of Service in LANs, WANs, and VPNs (Networking Technology) , 2004 .

[27]  Riccardo Bettati,et al.  Compromising anonymous communication systems using blind source separation , 2009, TSEC.

[28]  Rathinavelu Chengalvarayan,et al.  HMM-based speech recognition using state-dependent, linear transforms on Mel-warped DFT features , 1996, 1996 IEEE International Conference on Acoustics, Speech, and Signal Processing Conference Proceedings.

[29]  Hannes Federrath,et al.  Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier , 2009, CCSW '09.

[30]  Peng Ning,et al.  Tracing Traffic through Intermediate Hosts that Repacketize Flows , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[31]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[32]  R. Bakis Continuous speech recognition via centisecond acoustic states , 1976 .

[33]  Andreas Pfitzmann,et al.  The Disadvantages of Free MIX Routes and how to Overcome Them , 2000, Workshop on Design Issues in Anonymity and Unobservability.