preserving caller anonymity in voice-over-ip networks mudhakar srivatsa, ling liu and arun iyengar...
TRANSCRIPT
![Page 1: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/1.jpg)
Preserving Caller Anonymity in
Voice-over-IP Networks
Mudhakar Srivatsa, Ling Liu and Arun Iyengar
Presenter: Bo Wu
![Page 2: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/2.jpg)
Agenda
Voice-over-IP Caller Anonymity Threat Models Defending Methods Experimental Evaluation Conclusion
![Page 3: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/3.jpg)
Phone. The history…
![Page 4: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/4.jpg)
PSTNPSTN
PSTN- stands for PSTN- stands for Public Switched Public Switched Telephone Telephone NetworkNetwork
Circuit-based Circuit-based means reserving means reserving resources for resources for each usereach user
Kind of expensiveKind of expensive
![Page 5: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/5.jpg)
Voice-over-IP: another choice Voice over Internet ProtocolVoice over Internet Protocol
““A method for taking analog audio signals, A method for taking analog audio signals, like the kind you hear when you talk on like the kind you hear when you talk on the phone, and turning them into digital the phone, and turning them into digital data that can be transmitted over the data that can be transmitted over the Internet. “Internet. “
Also known as:Also known as:• Voice over Packet (VoP)Voice over Packet (VoP)• IP Telephony (IPT)IP Telephony (IPT)
![Page 6: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/6.jpg)
Benefits
#1. SAVING MONEY!#1. SAVING MONEY!•Routing phone calls over
existing data networks to avoid the need for separate voice and data networks.
•VOIP offer features and services for free (or at little cost)
![Page 7: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/7.jpg)
Benefits
Increased AgilityIncreased Agility Tactical AdvantagesTactical Advantages Integrate things like: emails, phone, Integrate things like: emails, phone,
instant messages, etc.instant messages, etc.
![Page 8: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/8.jpg)
VoIP is popular
![Page 9: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/9.jpg)
Characteristics of VoIP network
P2P topology
InternetInternetpeerpeer
peerpeer
peerpeer
peerpeer
peerpeer
![Page 10: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/10.jpg)
Characteristics of VoIP network
Additional QoS requirement•ITU (International Telecommunication
Union) recommends up to 250ms one-way latency for interactive voice communication.
People go mad due to bad quality
![Page 11: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/11.jpg)
Anonymity in VoIP networks
What is anonymity?•NO leakage of
information about identity
Why is it important?•Human rights
•Sensitive applications
![Page 12: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/12.jpg)
Where is the caller?
Source privacy Hot topic in many
kinds of networks: Ad hoc, Sensor networks, Mesh networks, ……
Papers published in: Infocom, ICDCS, CCS, Securecomm, S&P…
![Page 13: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/13.jpg)
What’s the difficulties?
Strong ability of attackers•Content analysis
•Timing analysis Fully distributed Link latency ……
![Page 14: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/14.jpg)
How VoIP works?
Establish routes:•Unstable topology
•Routes across different ASPs Sending messages
•Comply to different application protocols
Confidentiality•Hop-by-hop encryption
•End-to-end encryption
![Page 15: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/15.jpg)
Establishing routes
InitSearch:
Bo
Zhenhua
<SearchID, dest ID, start time>
![Page 16: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/16.jpg)
How does it work?
ProcessSearch
Bo
Zhenhua
![Page 17: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/17.jpg)
How does it work?
FinSearch
Bo
Zhenhua
![Page 18: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/18.jpg)
Zhenhua
What’s the problem?
Bad guys are there…
Bo
Bad guy: Mr. X
Bad guy: Mr. Y
![Page 19: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/19.jpg)
Zhenhua
What’s the problem?
Bad guys are there…
Bo
Bad guy: Mr. X
Bad guy: Mr. Y
![Page 20: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/20.jpg)
Zhenhua
What’s the problem?
What if Zhenhua is surrounded by bad guys?
Bo
Bad guy: Mr. X
Bad guy: Mr. Y
Bad guy: Mr. W
Bad guy: Mr. Z
![Page 21: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/21.jpg)
Threat model
Composed by assumptions and formulations
Three threat models:•Deterministic Triangulation Attack
•Statistical Triangulation Attack
•Differential Triangulation Attack
![Page 22: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/22.jpg)
Deterministic Triangulation Attack
“Deterministic” means fixed latency for each link
Exploit two properties of the route set up protocol:•1. It establishes the shortest route between the
two nodes src and dst.
•2. Any node can estimate its distance from src
=> Each bad guy has the knowledge of its distance from any other node in the network
![Page 23: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/23.jpg)
Deterministic Triangulation Attack
BoMr. Y
Mr. X
![Page 24: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/24.jpg)
Deterministic Triangulation Attack
![Page 25: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/25.jpg)
Deterministic Triangulation Attack
For each bad guy pi in network
•If
•
Calculate the final score:
![Page 26: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/26.jpg)
Statistical Triangulation Attack
“Statistical” means link latency follows some probabilistic distribution, say Gaussian distribution
Exploit one nice property of Gaussian distribution•X, Y follow Gaussian distribution
• If Z = X + Y THEN E(Z) = E(X)+E(Y) When calculating scores, use mean value
![Page 27: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/27.jpg)
Differential Triangulation Attack
The mentioned two attacks relies on the time stamp in search packet to make the first estimation.
What if the source remove time stamp?•The attackers can still cooperate……
![Page 28: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/28.jpg)
Differential Triangulation Attack
Bo
Mr. Y
Mr. Y
Zhenhua
Dist(Bo, X)-Dist(Bo,Y) < Dist(Zhenhua, X)-Dist(Zhenhua, Y)
![Page 29: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/29.jpg)
Topology discovery All of the three threat
models require global information like topology and link latency
Malicious nodes can collude to collect such information• Send ping messages
with small TTL
• Infer local topology and link latency through pong messages
![Page 30: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/30.jpg)
Attack efficiency
Deterministic Triangulation
Statistical Triangulation
![Page 31: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/31.jpg)
Attack efficiency
Differential Triangulation
![Page 32: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/32.jpg)
Defending algorithms
General idea: break the tight correlation of timing and distance
Random walk Search Algorithm•Best anonymity, worst QOS
Hybrid route set up•Tradeoff between anonymity and QOS
![Page 33: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/33.jpg)
Random walk search algorithm
Basic idea:•Randomly select a neighbor to forward
search request instead of broadcasting(Random walk is used in tens of papers to defend against traffic analysis.)
Why it works?•According to random walk theory:
![Page 34: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/34.jpg)
Hybrid Route set up protocol
Controlled random walk•Two phases
•Random walk search phase•Search dest node by random walk
•Broadcast search phase•Search dest node by broadcast
•One kind of probabilistic routing:•Start at random walk search phase
•Remain in this phase with probability of p
•Transfer to Braodcast search phase with probability of 1-p
![Page 35: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/35.jpg)
Hybrid Route set up protocol
Multi-Agent Random Walk•Send out w search messages instead of one
•Every search message performs random walk
•Route established when the first search message arrives at dest node
•Tradeoff when setting w•Bigger w means smaller latency
•Bigger w also increases attacking efficiency
![Page 36: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/36.jpg)
Simulation results
Latency study:
![Page 37: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/37.jpg)
Simulation results
Anonymity study:
![Page 38: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/38.jpg)
Comments
Brilliant Threat models•Capture key properties of broadcast
•A small percentage of nodes can attack very accurately
Not quite novel defending methods•Random walk has been used by tens of
(if not hundreds of) papers
•No deep analysis of the performance
![Page 39: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/39.jpg)
Conclusion
VoIP is gaining more and more popularity
Three threat models directly target at caller’s anonymity
Introduce randomness to defend against timing attack
Lesson: challenging problem to protect privacy as well as providing QoS
![Page 40: Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu](https://reader036.vdocuments.net/reader036/viewer/2022062423/56649ecb5503460f94bd97ac/html5/thumbnails/40.jpg)
Questions?