An empirical approach towards characterization of encrypted and unencrypted VoIP traffic

VoIP traffic classification plays a major role towards network policy enforcements. Characterization of VoIP media traffic is based on codec behaviour. With the introduction of variable bit rate codecs, coding, compression and encryption present different complexities with respect to the classification of VoIP traffic. The randomness tests do not extend directly to classification of compressed and encrypted VoIP traffic. The paper examines the applicability of randomness tests to encrypted and unencrypted VoIP traffic with constant bit rate and variable bit rate codecs. A novel method Construction-by-Selection that constructs a test sequence from partial payload data of VoIP media session is proposed in this paper. The results based on experimentations on this method show that such construction exhibit randomness and hence allows differentiation of encrypted VoIP media traffic from unencrypted VoIP media traffic even in the case of variable bit rate codecs.

[1]  Maode Ma,et al.  A VoIP Traffic Identification Scheme Based on Host and Flow Behavior Analysis , 2010, Journal of Network and Systems Management.

[2]  Ronaldo M. Salles,et al.  Detecting VoIP calls hidden in web traffic , 2008, IEEE Transactions on Network and Service Management.

[3]  Shahryar Rahnamayan,et al.  Majority voting for discrete population-based optimization algorithms , 2018, Soft Computing.

[4]  Sukumar Nandi,et al.  Analysis of VBR coded VoIP for traffic classification , 2013, 2013 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[5]  Elaine B. Barker,et al.  A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications , 2000 .

[6]  Timothy B. Terriberry,et al.  Definition of the Opus Audio Codec , 2012, RFC.

[7]  Shingo Ata,et al.  Towards real-time processing for application identification of encrypted traffic , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[8]  Jean-Marc Valin,et al.  RTP Payload Format for the Speex Codec , 2009, RFC.

[9]  Nick Feamster,et al.  Detecting Compressed Cleartext Traffic from Consumer Internet of Things Devices , 2018, ArXiv.

[10]  Kim-Kwang Raymond Choo,et al.  HEDGE: Efficient Traffic Classification of Encrypted and Compressed Packets , 2019, IEEE Transactions on Information Forensics and Security.

[11]  Riyad Alshammari,et al.  Identification of VoIP encrypted traffic using a machine learning approach , 2015, J. King Saud Univ. Comput. Inf. Sci..

[12]  Manuela Pereira,et al.  Identification of Peer-to-Peer VoIP Sessions Using Entropy and Codec Properties , 2013, IEEE Transactions on Parallel and Distributed Systems.

[13]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[14]  Andrzej Duda,et al.  Markov chain fingerprinting to classify encrypted traffic , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[15]  Mahdi Jafari Siavoshani,et al.  Deep packet: a novel approach for encrypted traffic classification using deep learning , 2017, Soft Computing.

[17]  Juan Soto Randomness Testing of the Advanced Encryption Standard Candidate Algorithms , 1999 .

[18]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[19]  Paul Jones,et al.  RTP Payload Format for the iSAC Codec , 2013 .

[20]  Salvatore Loreto,et al.  Real-Time Communications in the Web: Issues, Achievements, and Ongoing Standardization Efforts , 2012, IEEE Internet Computing.

[21]  W. Bastiaan Kleijn,et al.  Internet Low Bit Rate Codec (iLBC) , 2004, RFC.

[22]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[23]  Walter J. Hayden Locating Encrypted Data Hidden among Non-Encrypted Data Using Statistical Tools , 2012 .

[24]  Paras Malhotra Detection of encrypted streams for egress monitoring , 2007 .

[25]  Liehuang Zhu,et al.  Classification of Encrypted Traffic With Second-Order Markov Chains and Application Attribute Bigrams , 2017, IEEE Transactions on Information Forensics and Security.

[26]  Fotini-Niovi Pavlidou,et al.  VoIP: A comprehensive survey on a promising technology , 2009, Comput. Networks.

[27]  K. Marton,et al.  Randomness in Digital Cryptography : A Survey , 2011 .

[28]  Richard W. Hamming,et al.  Error detecting and error correcting codes , 1950 .

[29]  Petros Mouchtaris,et al.  Voice over IP signaling: H.323 and beyond , 2000 .

[30]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[31]  Jean-Marc Valin,et al.  Speex: A Free Codec For Free Speech , 2016, ArXiv.

[32]  Pavel Celeda,et al.  A survey of methods for encrypted traffic classification and analysis , 2015, Int. J. Netw. Manag..

[33]  Binxing Fang,et al.  Randomness Testing of Compressed Data , 2010, ArXiv.

[34]  Peter Dorfinger,et al.  Entropy Estimation for Real-Time Encrypted Traffic Identification (Short Paper) , 2011, TMA.

[35]  Is-Haka Mkwawa,et al.  Guide to Voice and Video over IP , 2013, Computer Communications and Networks.

[36]  William J. Buchanan,et al.  Approaches to the classification of high entropy file fragments , 2013, Digit. Investig..

[37]  Jan Skoglund,et al.  iLBC - a linear predictive coder with robustness to packet losses , 2002, Speech Coding, 2002, IEEE Workshop Proceedings..

[38]  Bo Zhao,et al.  Evaluation of Encrypted Data Identification Methods Based on Randomness Test , 2011, 2011 IEEE/ACM International Conference on Green Computing and Communications.