On the anonymity and traceability of peer-to-peer VoIP calls

Voice over Internet protocol is a technology that enables people to use the Internet, rather than the traditional public switched telephone network, as the transmission medium for voice communications. VoIP is becoming increasingly popular due to its significant advantages in cost and flexible features compared with the plain old telephone system. The proliferation of VoIP calls has significant implications on the security and privacy aspects of voice calls. For example, the use of VoIP has made it much easier to achieve confidentiality and anonymity in voice communications. On the other hand, VoIP has imposed significant new challenges in providing the same call-identifying and wiretapping capabilities as those that exist in traditional circuit-switched networks. In this article we examine the privacy and security aspects of peer-to-peer (P2P) VoIP calls and show how the use of VoIP has substantially shifted the previous balance between privacy and security that exists in traditional PSTN calls. In particular, we show that the use of strong encryption and available low-latency anonymizing network at the same time does not necessarily provide the level of anonymity to VoIP that people would intuitively expect

[1]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[2]  Pete Loshin,et al.  Big book of IPsec RFCs: Internet security architecture , 1999 .

[3]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[4]  Baugher The Secure Real-Time Transport Protocol , 2003 .

[5]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[6]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[7]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[8]  Henning Schulzrinne,et al.  A Comparison of SIP and H.323 for Internet Telephony , 1998 .

[9]  Christian Huitema,et al.  Media Gateway Control Protocol (MGCP) Version 1.0 , 1999, RFC.

[10]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[11]  Hiroaki Etoh,et al.  Finding a Connection Chain for Tracing Intruders , 2000, ESORICS.

[12]  Sushil Jajodia,et al.  Tracking anonymous peer-to-peer VoIP calls on the internet , 2005, CCS '05.

[13]  Douglas S. Reeves,et al.  Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones , 2002, ESORICS.

[14]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[15]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[16]  Vern Paxson,et al.  Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay , 2002, RAID.