1 / 40

Preserving Caller Anonymity in Voice-over-IP Networks

Preserving Caller Anonymity in Voice-over-IP Networks. Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu. Agenda. Voice-over-IP Caller Anonymity Threat Models Defending Methods Experimental Evaluation Conclusion. Phone. The history…. PSTN.

yakov
Download Presentation

Preserving Caller Anonymity in Voice-over-IP Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Preserving Caller Anonymity inVoice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu

  2. Agenda • Voice-over-IP • Caller Anonymity • Threat Models • Defending Methods • Experimental Evaluation • Conclusion

  3. Phone. The history…

  4. PSTN • PSTN- stands for Public Switched Telephone Network • Circuit-based means reserving resources for each user • Kind of expensive

  5. Voice-over-IP: another choice • Voice over Internet Protocol • “A method for taking analog audio signals, like the kind you hear when you talk on the phone, and turning them into digital data that can be transmitted over the Internet. “ • Also known as: • Voice over Packet (VoP) • IP Telephony (IPT)

  6. Benefits • #1. SAVING MONEY! • Routing phone calls over existing data networks to avoid the need for separate voice and data networks. • VOIP offer features and services for free (or at little cost)

  7. Benefits • Increased Agility • Tactical Advantages • Integrate things like: emails, phone, instant messages, etc.

  8. VoIP is popular

  9. Characteristics of VoIP network • P2P topology peer Internet peer peer peer peer

  10. Characteristics of VoIP network • Additional QoS requirement • ITU (International Telecommunication Union) recommends up to 250ms one-way latency for interactive voice communication. People go mad due to bad quality

  11. Anonymity in VoIP networks • What is anonymity? • NO leakage of information about identity • Why is it important? • Human rights • Sensitive applications

  12. Where is the caller? • Source privacy • Hot topic in many kinds of networks: Ad hoc, Sensor networks, Mesh networks, …… • Papers published in: Infocom, ICDCS, CCS, Securecomm, S&P…

  13. What’s the difficulties? • Strong ability of attackers • Content analysis • Timing analysis • Fully distributed • Link latency • ……

  14. How VoIP works? • Establish routes: • Unstable topology • Routes across different ASPs • Sending messages • Comply to different application protocols • Confidentiality • Hop-by-hop encryption • End-to-end encryption

  15. Establishing routes InitSearch: Zhenhua <SearchID, dest ID, start time> Bo

  16. How does it work? • ProcessSearch Zhenhua Bo

  17. How does it work? • FinSearch Zhenhua Bo

  18. What’s the problem? Bad guys are there… Zhenhua Bad guy: Mr. Y Bad guy: Mr. X Bo

  19. What’s the problem? Bad guys are there… Zhenhua Bad guy: Mr. Y Bad guy: Mr. X Bo

  20. What’s the problem? What if Zhenhua is surrounded by bad guys? Bad guy: Mr. W Zhenhua Bad guy: Mr. Y Bad guy: Mr. Z Bad guy: Mr. X Bo

  21. Threat model • Composed by assumptions and formulations • Three threat models: • Deterministic Triangulation Attack • Statistical Triangulation Attack • Differential Triangulation Attack

  22. Deterministic Triangulation Attack • “Deterministic” means fixed latency for each link • Exploit two properties of the route set up protocol: • 1. It establishes the shortest route between the two nodes src and dst. • 2. Any node can estimate its distance from src => Each bad guy has the knowledge of its distance from any other node in the network

  23. Deterministic Triangulation Attack Mr. Y Bo Mr. X

  24. Deterministic Triangulation Attack

  25. Deterministic Triangulation Attack • For each bad guy pi in network • If • Calculate the final score:

  26. Statistical Triangulation Attack • “Statistical” means link latency follows some probabilistic distribution, say Gaussian distribution • Exploit one nice property of Gaussian distribution • X, Y follow Gaussian distribution • If Z = X + Y THEN E(Z) = E(X)+E(Y) • When calculating scores, use mean value

  27. Differential Triangulation Attack • The mentioned two attacks relies on the time stamp in search packet to make the first estimation. • What if the source remove time stamp? • The attackers can still cooperate……

  28. Differential Triangulation Attack Zhenhua Mr. Y Mr. Y Bo Dist(Bo, X)-Dist(Bo,Y) < Dist(Zhenhua, X)-Dist(Zhenhua, Y)

  29. Topology discovery • All of the three threat models require global information like topology and link latency • Malicious nodes can collude to collect such information • Send ping messages with small TTL • Infer local topology and link latency through pong messages

  30. Attack efficiency Deterministic Triangulation Statistical Triangulation

  31. Attack efficiency Differential Triangulation

  32. Defending algorithms • General idea: break the tight correlation of timing and distance • Random walk Search Algorithm • Best anonymity, worst QOS • Hybrid route set up • Tradeoff between anonymity and QOS

  33. Random walk search algorithm • Basic idea: • Randomly select a neighbor to forward search request instead of broadcasting (Random walk is used in tens of papers to defend against traffic analysis.) • Why it works? • According to random walk theory:

  34. Hybrid Route set up protocol • Controlled random walk • Two phases • Random walk search phase • Search dest node by random walk • Broadcast search phase • Search dest node by broadcast • One kind of probabilistic routing: • Start at random walk search phase • Remain in this phase with probability of p • Transfer to Braodcast search phase with probability of 1-p

  35. Hybrid Route set up protocol • Multi-Agent Random Walk • Send out w search messages instead of one • Every search message performs random walk • Route established when the first search message arrives at dest node • Tradeoff when setting w • Bigger w means smaller latency • Bigger w also increases attacking efficiency

  36. Simulation results Latency study:

  37. Simulation results Anonymity study:

  38. Comments • Brilliant Threat models • Capture key properties of broadcast • A small percentage of nodes can attack very accurately • Not quite novel defending methods • Random walk has been used by tens of (if not hundreds of) papers • No deep analysis of the performance

  39. Conclusion • VoIP is gaining more and more popularity • Three threat models directly target at caller’s anonymity • Introduce randomness to defend against timing attack • Lesson: challenging problem to protect privacy as well as providing QoS

  40. Questions?

More Related