Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypted VoIP Meets Traffic Analysis

Posted by CmdrTaco on from the i-only-speak-in-binary dept.

Der_Yak writes "Researchers from MIT, Google, UNC Chapel Hill, and Johns Hopkins published a recent paper that presents a method for detecting spoken phrases in encrypted VoIP traffic that has been encoded using variable bitrate codecs. They claim an average accuracy of 50% and as high as 90% for specific phrases."

10 of 98 comments (clear)

  1. Re:Bleh by Anthony+Mouse · · Score: 5, Informative

    I'm pretty sure that identifying a specific word with 50% accuracy is better than random chance. There are more than two words in the English language.

  2. So...obvious solution then? by Anthony+Mouse · · Score: 4, Interesting

    Use fixed-bitrate encoding for VoIP.

    1. Re:So...obvious solution then? by bsquizzato · · Score: 3, Interesting

      Not so obvious --- now you have a much less efficient use of bandwidth to deal with.

      The article describes the method used to detect phrases ...

      At a high level, the success of our technique stems from exploiting the corre-lation between the most basic building blocks of speech—namely, phonemes—and the length of the packets that a VoIP codec outputs when presented with these phonemes. Intuitively, to search for a word or phrase, we first build a model by decomposing the target phrase into its most likely constituent phonemes, and then further decomposing those phonemes into the most likely packet lengths. Next, given a series of packet lengths that correspond to an encrypted VoIP conversation, we simply examine the output stream for a sub-sequence of packet lengths that match our model.

      Essentially, you gather enough information about how a VBR codec could encode a speech phrase you are looking for, then predict where it was spoken by looking at the "data bursts" being sent in the media stream. We'll need to research a way to "scramble" this predictability that's more efficient than using fixed bitrates, which eats up un-needed bandwidth.

    2. Re:So...obvious solution then? by Anonymous Coward · · Score: 5, Informative

      OpenSSH had a similar problem, it would leak information about your login password by the timing/size of the packets:

      http://www.ece.cmu.edu/~dawnsong/papers/ssh-timing.pdf

      I believe their solution was to introduce random NOP packets into the stream. This approach could work here too.

    3. Re:So...obvious solution then? by Cthefuture · · Score: 4, Interesting

      Actually most people are using G.711 these days which is in fact a fixed bitrate (it's the same protocol used on your normal "hard" voice line).

      But most VoIP providers do not offer SRTP or any encryption whatsoever so this whole thing is not even a question. More than likely anyone can listen in on your VoIP calls. We need to put more pressure on VoIP providers to offer encryption.

      --
      The ratio of people to cake is too big
  3. Re:Bleh by batquux · · Score: 4, Funny

    Come on, 50% is better than most unencrypted voice recognition!

  4. Re:Bleh by bennomatic · · Score: 4, Interesting

    This reminds me of the guy Colbert interviewed regarding the Large Hadron Collider who thought there was a 50% chance that it would destroy the universe. When questioned as to how he got those odds, he said, "Well, there's two options... either it will happen or it won't happen. 50%."

    --
    The CB App. What's your 20?
  5. Re:Bleh by zill · · Score: 4, Funny

    A'LA'IH

  6. Re:Bleh by Chrisq · · Score: 5, Funny

    Once they discover a method to wire trap encrypted video calls, that would open a new era in porn scene.

    ...

    I'm pretty sure that identifying a specific word with 50% accuracy is better than random chance. There are more than two words in the English language.

    Maybe he's talking about the porn film.90% seem to be "oh" or "yes" (or so i am told)

  7. Re:Bleh by ciderbrew · · Score: 4, Funny

    The pitch is the main thing in the art form.
    A low German voice - "ooohhh yaaaaa", over and over. then you have the high pitched Japanese squeak sound - "ii, ii, ii, kimochi". Which really gets annoying these days. It took a few years; but it IS annoying.