Preserving Caller Anonymity in Voice-over-IP Networks

Preserving Caller Anonymity in

Voice-over-IP NetworksMudhakar Srivatsa, Ling Liu and Arun Iyengar

Presented by Mounica Atluri

Voice-over-IP Attacks Proposed solution Experimental Evaluation Conclusion

Agenda

Data transmission through Public switched telephone network

Uses Circuit switched networks

Expensive

Voice and data communication

We see people talking through Skype, Vonage, instant messengers

Technology behind is called VoIP Transmission of voice traffic over  IP-based

networks Sounds are recorded and compressed Benefit of VoIP: Very economical

What is VoIP ?

Caller anonymity and QoS

Existing approaches use Mix networks

Mix networks route traffic through nodes with random delays and random routes

For example, Onion routing

VoIP Requirements

Other examples are Tor, Freedom and Tarzan

Mix networks cannot accommodate the QoS requirement

Low latency apps are vulnerable to timing attacks

VoIP Requirements

Uses RTP for data transmission

Route Set Up protocol for call set up and termination

Protocols in VoIP

Operates in four steps1. initSearch: initiates a route set up request2. processSearch: processes a route set up request3. processResult: processes the results of a route set

up request4. finSearch: concludes the route set up procedure

Route set up protocol

src initiates a request by broadcasting

initSearch

src

dst

If p receives a request from q, it checks if the sipurl is the url of the client connected to p.

processSearch

src

dst

p

If p receives result (searchId, q), it searches for <searchId, sipurl, prev>, adds <sipurl, q> and forwards result to prev

processResult

src

dst p

If src receives result, it adds <dst, q> to its routing table

finSearch

src

dst

q

Encryption with shared symmetric key Exposes dst (through dst.sipurl) dst adds a random delay src or dst can be inferred if all of their

neighboring nodes are malicious

Security features of Route setup protocol

Triangulation based timing attacks

3 steps in triangulation based timing attacks• Candidate caller detection: malicious nodes

deduce a list of potential callers

• Candidate caller ranking: malicious nodes associate a score with every potential caller

• Triangulation: Colluding malicious nodes combine their sets to obtain more accurate list of callers.

Caller Identification attacks

Deterministic triangulation attack Statistical triangulation attack Differential triangulation attack

Three timing attacks

2 assumptions• Link latencies are deterministic• All nodes are synchronized

2 properties of route setup protocol• Protocol establishes shortest route between the src and dst

• Node p that receives route set up request originated from src can estimate dist(src, p)

Deterministic triangulation attack

Candidate caller detection• Compute S(p) for all s ∈ S(p),

Deterministic triangulation attack

Candidate caller ranking• Compute the score

Triangulation• Compute the final score

Deterministic triangulation attack

Deterministic triangulation attack

Link latencies are independently distributed Length of a path P is given by

In candidate caller detection, p computes a set of Pareto-optimal distances to all nodes v

A set of path lengths d1, d2.. dm is Pareto-optimal if for all other path lengths d,

Statistical triangulation attack

A node v is marked as a candidate caller if

If link latencies follow Gaussian, the path latencies follow Gaussian too

Score of v can be computed as

For other any other distribution, use Chebyshev’s inequality to compute

Statistical triangulation attack

In Triangulation step, the aggregate score for a candidate caller v is computed

Statistical triangulation attack

Eliminates time stamp ts from the route set up request

Malicious nodes can estimate the difference

In candidate caller detection, malicious node p computes statistical shortest distances to every other node v as

Differential triangulation attack

Statistical distance distpq[v] is given by distp[v] – distq[v]

v is a candidate caller if

If the link latency distribution is Gaussian, the score of v is given by

Finally, the average score for v is computed

Differential triangulation attack

Network topology should be known for Timing attacks

Achieved by ping and pong messages

Topology Discovery

x yping(x,all)

pong(y, x)

y´pong(y´,x)

Experimental set up• A synthetic network with 1024 nodes • Topology was constructed using NS-2 topology

generator• Node-to-node round trip times varies from 24ms-

150ms with a mean of 74ms

Evaluation of the Threat models

Deterministic Triangulation• Number of suspects varies with number of

malicious nodes• Epsilon should not be too small or large

Statistical Triangulation• More effective than deterministic when there are

uncertainties in link latencies

Differential Triangulation• Statistical attack performs better if the clocks are

synchronized• Differential triangulation can achieve a top-10

probability of 0.78 with only 10 malicious nodes

Topology Discovery• With m=20 and ttl=2, about 75% of the topology

is discovered

Latency perturbation• each node adds random delay

Random Walk Search Algorithm• Resilient to timing attacks but generates

suboptimal routes

Hybrid route set up• Trade off anonymity with QoS

Countering timing attacks

Sends a search request to a randomly chosen neighbor

Two key properties• Markovian property• Random walker does not traverse the shortest

path between any two nodes

Random Walk Search Algorithm

Controlled Random Walk• Combination of two protocols• γ limits the length of random walk• Starts with random walk search• Switches to broadcast search with probability 1-γ

Hybrid route setup protocols

q

Multi-Agent Random Walk• Similar to random walk• Src sends ω random walkers (ω >1)• Route is established when the first random walker

reaches dst• Higher ω results in optimal route latency• Vulnerable to triangulation based timing attack if src sends out random walkers at time t=0

Hybrid route setup protocols

Performed on 1024-node synthetic VoIP network topology using NS-2

Algorithms implemented using Phex: an open source Java based implementation of peer-to-peer broadcast based route set up protocol

Experimental evaluation

Performance• Characterized by cost of messaging

QoS guarantees• Routes with latency<250ms satisfy QoS

requirements• Larger route set up latency does not affect the

quality of voice conversation

Optimal parameter settings

Attack resilience• 99% optimal parameter settings

Topology discovery• Only fraction of topology has been discovered• Top-10 probability for marw was 42% less, crw was

33% less and broadcast was only 9% less • Random walk protocols are more sensitive to

topology

VoIP in becoming popular due to its advantages in cost and convenience

It is a major concern to provide anonymity to the clients

Threat models targeting callers’ anonymity are efficient

Even if a small fraction of network is malicious, the caller can be inferred accurately

It is difficult to trade QoS with anonymity

Conclusion

QUESTIONS??