Optimizing Packet Scheduling and Path Selection for Anonymous Voice Calls

Onion routing is a promising approach to implement anonymous voice calls. Uniform-sized voice packets are routed via multiple relays and encrypted in layers to avoid a correlation of packet content in different parts in the network. By using pre-built circuits, onion encryption may use efficient symmetric ciphers. However, if packets are forwarded by relays as fast as possible—to minimize end-to-end latency—network flow watermarking may still de-anonymize users. A recently proposed countermeasure synchronizes the start time of many calls and batch processes voice packets with the same sequence number in relays. However, if only a single link with high latency is used, it will also negatively affect latency of all other calls. This article explores the limits of this approach by formulating a mixed integer linear program (MILP) that minimizes latency “bottlenecks” in path selection. Furthermore, we suggest a different scheduling strategy for voice packets, i.e. implementing independent de-jitter buffers for all flows. In this case, a MILP is used to minimize the average latency of selected paths. For comparison, we solve the MILPs using latency and bandwidth datasets obtained from the Tor network. Our results show that batch processing cannot reliably achieve acceptable end-to-end latency (below 400 ms) in such a scenario, where link latencies are too heterogeneous. In contrast, when using de-jitter buffers for packet scheduling, path selection benefits from low latency links without degrading anonymity. Consequently, acceptable end-to-end latency is possible for a large majority of calls.

[1]  John C. Mitchell,et al.  Evaluating the privacy properties of telephone metadata , 2016, Proceedings of the National Academy of Sciences.

[2]  Harsha V. Madhyastha,et al.  LASTor: A Low-Latency AS-Aware Tor Client , 2012, IEEE/ACM Transactions on Networking.

[3]  Carmela Troncoso,et al.  TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[4]  Andriy Panchenko,et al.  Path Selection Metrics for Performance-Improved Onion Routing , 2009, 2009 Ninth Annual International Symposium on Applications and the Internet.

[5]  Peter Druschel,et al.  Herd: A Scalable, Traffic Analysis Resistant Anonymity Network for VoIP Systems , 2015, SIGCOMM.

[6]  Nicholas Hopper,et al.  Secure latency estimation with treeple , 2010, CCS '10.

[7]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[8]  Sambuddho Chakravarty,et al.  The Road Not Taken: Re-thinking the Feasibility of Voice Calling Over Tor , 2020, Proc. Priv. Enhancing Technol..

[9]  Ulrich K. Sorger,et al.  Untraceable VoIP Communication based on DC-nets , 2016, ArXiv.

[10]  David Schatz,et al.  Large-scale Latency Measurements in the Tor Network , 2021 .

[11]  Sushil Jajodia,et al.  Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[12]  Micah Sherr,et al.  Scalable Link-Based Relay Selection for Anonymous Routing , 2009, Privacy Enhancing Technologies.

[13]  Aniket Kate,et al.  Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency - Choose Two , 2017, 2018 IEEE Symposium on Security and Privacy (SP).

[14]  Tao Wang,et al.  Congestion-Aware Path Selection for Tor , 2012, Financial Cryptography.

[15]  Nicholas Hopper,et al.  Accurate and Provably Secure Latency Estimation with Treeple , 2011, NDSS.

[16]  Stefan Savage,et al.  Herd : A Scalable , Traffic Analysis Resistant Anonymity Network for VoIP Systems , 2015 .

[17]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[18]  Martin Schmiedecker,et al.  NavigaTor: Finding Faster Paths to Anonymity , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[19]  Günter Schäfer,et al.  Reducing call blocking rates for anonymous voice over IP communications , 2017, 2017 9th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT).

[20]  Aaron Johnson,et al.  FlashFlow: A Secure Speed Test for Tor , 2020, 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS).

[21]  Younchan Jung,et al.  Burst packet loss and enhanced packet loss-based quality model for mobile voice-over Internet protocol applications , 2014, IET Commun..

[22]  Nickolai Zeldovich,et al.  Yodel: strong metadata security for voice calls , 2019, SOSP.

[23]  Günter Schäfer,et al.  Hydra: Practical Metadata Security for Contact Discovery, Messaging, and Dialing , 2021, International Conference on Information Systems Security and Privacy.

[24]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).