Tracking anonymous peer-to-peer VoIP calls on the internet

Peer-to-peer VoIP calls are becoming increasingly popular due to their advantages in cost and convenience. When these calls are encrypted from end to end and anonymized by low latency anonymizing network, they are considered by many people to be both secure and anonymous.In this paper, we present a watermark technique that could be used for effectively identifying and correlating encrypted, peer-to-peer VoIP calls even if they are anonymized by low latency anonymizing networks. This result is in contrast to many people's perception. The key idea is to embed a unique watermark into the encrypted VoIP flow by slightly adjusting the timing of selected packets. Our analysis shows that it only takes several milliseconds time adjustment to make normal VoIP flows highly unique and the embedded watermark could be preserved across the low latency anonymizing network if appropriate redundancy is applied. Our analytical results are backed up by the real-time experiments performed on leading peer-to-peer VoIP client and on a commercially deployed anonymizing network. Our results demonstrate that (1) tracking anonymous peer-to-peer VoIP calls on the Internet is feasible and (2) low latency anonymizing networks are susceptible to timing attacks.

[1]  Robert Tappan Morris,et al.  Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[2]  Dawn Xiaodong Song,et al.  Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds , 2004, RAID.

[3]  Matthew K. Wright,et al.  Timing Attacks in Low-Latency Mix Systems (Extended Abstract) , 2004, Financial Cryptography.

[4]  Edward W. Felten,et al.  Timing attacks on Web privacy , 2000, CCS.

[5]  Douglas S. Reeves,et al.  Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays , 2003, CCS '03.

[6]  Hiroaki Etoh,et al.  Finding a Connection Chain for Tracing Intruders , 2000, ESORICS.

[7]  Henning Schulzrinne,et al.  An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol , 2004, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[8]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[9]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[10]  Lee W. McKnight,et al.  Internet Telephony , 2001 .

[11]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[12]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[13]  Michael T. Goodrich,et al.  Efficient packet marking for large-scale IP traceback , 2002, CCS '02.

[15]  Stuart Staniford-Chen,et al.  Holding intruders accountable on the Internet , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[16]  Henning Schulzrinne,et al.  Signaling for Internet telephony , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[17]  Vern Paxson,et al.  Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay , 2002, RAID.

[18]  Henning Schulzrinne,et al.  A Comparison of SIP and H.323 for Internet Telephony , 1998 .

[19]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[20]  Birgit Pfitzmann,et al.  ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead , 1991, Kommunikation in Verteilten Systemen.

[21]  Alex C. Snoeren,et al.  Hash-based IP traceback , 2001, SIGCOMM '01.

[22]  Douglas S. Reeves,et al.  Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones , 2002, ESORICS.

[23]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[24]  Henning Schulzrinne Internet Telephony , 2004, The Practical Handbook of Internet Computing.

[25]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[26]  Jun Li,et al.  Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[27]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[28]  Christian Huitema,et al.  Media Gateway Control Protocol (MGCP) Version 1.0 , 1999, RFC.