Skip to main content
SpringerLink
Log in

A survey on anonymous voice over IP communication: attacks and defenses

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

Anonymous voice over IP (VoIP) communication is important for many users, in particular, journalists, human rights workers and themilitary. Recent research work has shown an increasing interest in methods of anonymous VoIP communication. This survey starts by introducing and identifying the major concepts and challenges in this field. Then we review anonymity attacks on VoIP and the existing work done to design defending strategies. We also propose a taxonomy of attacks and defenses. Finally, we discuss possible future work.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Agrawal, D., Kesdogan, D.: Measuring anonymity: The disclosure attack. IEEE Security and Privacy 1, 27–34 (2003)

    Article  Google Scholar 

  2. Backes, M., Doychev, G., Dürmuth, M., & Köpf, B. (2010). Speaker recognition in encrypted voice streams. ESORICS '10: Proceedings of the 15th European Symposium on Research in Computer Security, LNCS. New York: Springer

  3. Baugher, M., McGrew, D., Naslund, M., Carrara, E., & Norrman, K. (2004). The Secure Real-Time Transport Protocol (SRTP). RFC 3711

  4. Berners-Lee, T., Fielding, R., & Masinter, L. (2005). Uniform Resource Identifier (URI): Generic Syntax. RFC 3986

  5. Berthold, O., Federrath, H., Köpsell, S.: Web mixes: A system for anonymous and unobservable internet access. International Workshop on Designing Privacy Enhancing Technologies, pp. 115–129. Springer, New York, NY (2001)

    Chapter  Google Scholar 

  6. Buccafurri, F., Lax, G.: Implementing disposable credit card numbers by mobile phones. Electronic Commerce Research 11, 271–296 (2011)

    Article  Google Scholar 

  7. Chang, H.: The security service rating design for it convergence services. Electronic Commerce Research 1, 1–12 (2013)

    Google Scholar 

  8. Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24, 84–90 (1981)

    Article  Google Scholar 

  9. Chen, S., Wang, X., Jajodia, S.: On the anonymity and traceability of peer-to-peer voip calls. IEEE Network 20, 32–37 (2006)

    Article  Google Scholar 

  10. Clark, J., van Oorschot, P., & Adams,C. (2007). Usability of anonymous web browsing: an examination of tor interfaces and deployability. In Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS '07 (pp. 41–51). New York, NY: ACM

  11. Coskun, B., & Memon, N. (2010). Tracking encrypted voip calls via robust hashing of network flows. In ICASSP '10: Proceedings of the IEEE 2010 International Conference on Acoustics, Speech, and Signal Processing (pp. 1818–1821). IEEE

  12. Danezis, G. (2003). Statistical disclosure attacks. In Proceedings of the IFIP TC11 18th International Conference on Information Security (SEC '03) (pp. 421-426). Athens: Kluwer

  13. Danezis, G., Diaz, C., Troncoso, C., & Laurie, B. (2010). Drac: An architecture for anonymous low volume communications. In PETS '10: Proceedings of the 10th international conference on Privacy enhancing technologies (pp. 202–219). Berlin: Springer

  14. Danezis, G., Dingledine, R., & Mathewson, N. (2003). Mixminion: Design of a type III anonymous remailer protocol. In SP '03: Proceedings of the 2003 IEEE Symposium on Security and Privacy (p. 2). Washington, DC: IEEE Computer Society

  15. Dierks, T., & Rescorla, E. (2008). The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246

  16. Dingledine, R., Mathewson, N., & Syverson, P. (2004). Tor: The second-generation onion router. In SSYM'04: Proceedings of the 13th Conference on USENIX Security Symposium (pp. 21-21). Berkeley, CA: USENIX Association

  17. European Commission. (2012). Proposal for a Regulation of the European Parliament and of the Council on the Protection of Indivuduals with regard to the Processinf of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation). COM(2012) 11 final, Brussels

  18. Google, Facebook, Dropbox, Yahoo, Microsoft, Paltalk, AOL And Apple Deny Participation In NSA PRISM Surveillance Program. (2013). Retrived at 18 June 2013 from http://techcrunch.com/2013/06/06/google-facebook-apple-deny-participation-in-nsa-prism-program/

  19. Handley, M., & Jacobson, V. (1998). SDP: Session description protocol. RFC 2327

  20. Karopoulos, G., Kambourakis, G., Gritzalis, S.: PrivaSIP: Ad-hoc identity privacy in SIP. Computer Standards & Interfaces 33, 301–314 (2011)

    Article  Google Scholar 

  21. Karopoulos, G., Kambourakis, G., Gritzalis, S., Konstantinou, E.: A framework for identity privacy in SIP. Journal of Network and Computer Applications 33, 16–28 (2010)

    Article  Google Scholar 

  22. Kent, S., & Seo, K. (2005). Security architecture for the internet protocol. RFC 4301

  23. Khan, L., Baig, M., Youssef, A.M.: Speaker recognition from encrypted voip communications. Digital Investigation 7, 65–73 (2010)

    Article  Google Scholar 

  24. Levine, B. N., Reiter, M. K., Wang, C., & Wright, M. (2004). Timing attacks in low-latency mix systems (extended abstract). In FC '04: Proceedings of the 8th International Conference on Financial Cryptography (pp. 251–265). Berlin: Springer

  25. Liberatore, M., Gurung, B., Levine, B.N., Wright, M.: Empirical tests of anonymous voice over IP. Journal of Network and Computer Applications 34, 341–350 (2011)

    Article  Google Scholar 

  26. Lu, Y., & Zhu, Y. (2010). Correlation-based traffic analysis on encrypted voip traffic. In NSWCTC '10: Proceedings of the 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing (pp. 45–48). Washington, DC: IEEE Computer Society

  27. Mahy, R., Matthews, P., Rosenberg, J. (2010). Traversal using relays around nat (turn): Relay extensions to session traversal utilities for nat (stun). RFC 5766

  28. Melchor, C. A., Deswarte, Y., & Iguchi-Cartigny, J. (2007). Closed-circuit unobservable voice over IP. In ACSAC '07: Proceedings of the 23rd Computer Security Applications Conference (pp. 119–128). IEEE

  29. Munakata, M., Schubert, S., & Ohba, T. (2010). User-agent-driven privacy mechanism for sip. RFC 5767

  30. Steiner, P. (1993). On the Internet, nobody knows you're a dog., The New Yorker (p. 61)

  31. Peterson, J. (2002). A privacy mechanism for the session initiation protocol (SIP). RFC 3323

  32. Pfitzmann, A., & Hansen, M. (2010). A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf, v0.34

  33. Pfitzmann, A., Pfitzmann, B., & Waidner, M. (1991). ISDN-MIXes: Untraceable communication with small bandwidth overhead. Kommunikation in Verteilten Systemen, Grundlagen, Anwendungen, Betrieb, GI/ITG-Fachtagung, pp. 451-463. London: Springer

  34. Ramsdell, B., & Turner, S. (2010). Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification. RFC 5751

  35. Recommendation G.114: One-way Transmission Time. (2013). Retrived at 21 July, 2013 from http://www.itu.int/itudoc/itu-t/aap/sg12aap/history/g.114/index.html

  36. Rennhard, M., Rafaeli, S., Mathy, L., Plattner, B., Hutchison, D.: Towards pseudonymous e-commerce. Electronic Commerce Research 4, 83–111 (2004)

    Article  Google Scholar 

  37. Rosenberg, J. (2009). Obtaining and using globally routable user agent uris (gruus) in the session initiation protocol (sip). RFC 5627

  38. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., & Schooler, E. (2002). SIP: Session initiation protocol. RFC 3261

  39. Schulzrinne, H., Casner, S., Frederick, R., & Jacobson, V. (2003). RTP: A transport protocol for realtime applications. RFC 3550

  40. Schulzrinne, H., & Taylor, T. (2006). RTP payload for DTMF digits, telephony tones, and telephony signals. RFC 4733

  41. Sengar, H., Ren, Z., Wang, H., Wijesekera, D., & Jajodia, S. (2010). Tracking skype voip calls over the internet. In INFOCOM '10: Proceedings of the 30th IEEE Conference on Computer Communications (pp. 1–5). Washington, DC: IEEE Computer Society

  42. Shen, C., Schulzrinne, H.: A VoIP privacy mechanism and its application in VoIP peering for voice service provider topology and identity hiding. ICC 57, 3844–3849 (2006)

    Google Scholar 

  43. Skype. (2013). Retrived at 11 June, 2013 from http://www.Skype.com

  44. Skype Security, Skype Homepage. (2013). Retrived 21 July, 2013 from https://support.skype.com/en-us/faq/FA31/Does-Skype-use-encryption

  45. Srivatsa, M., Iyengar, A., Liu, L., Jiang, H.: Privacy in voip networks: Flow analysis attacks and defense. IEEE Transactions on Parallel and Distributed Systems 22, 621–633 (2011)

    Article  Google Scholar 

  46. Srivatsa, M., Liu, L., & Iyengar, A. (2008). Preserving caller anonymity in voice-over-ip networks. In SP '08: Proceedings of the 29th IEEE Symposium on Security and Privacy (pp. 50–63). Washington, DC: IEEE Computer Society

  47. Srivatsa, M., Liu, L., & Iyengar, A. (2009). Privacy in voip networks: A k-anonymity approach. In INFOCOM'09: Proceedings of the 29th IEEEConference on Computer Communications. Washington, DC: IEEE Computer Society

  48. Sweeney, L.: k-Anonymity: A model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 5, 557–570 (2002)

    Article  Google Scholar 

  49. Taylor, D., Davis, D., Jillapalli, R.: Privacy concern and online personalization: The moderating effects of information control and compensation. Electronic Commerce Research 9, 203–223 (2009)

    Article  Google Scholar 

  50. TORFone. (2013). Retrivd 18 June, 2013 http://torfone.org/

  51. US: No Plans to End Broad Surveillance Program. (2013). Retrived at 18 June, 2013 from http://thedailyreview.com/news/us-no-plans-to-end-broad-surveillance-program-1.1503405

  52. Verscheure, O., Vlachos, M., Anagnostopoulos, A., Frossard, P., Bouillet, E., & Yu, P. S. (2006). Finding ``who is talking to whom" in voip networks via progressive stream clustering. In ICDM '06: Proceedings of the 6th International Conference on Data Mining (pp. 667–677). Washington, DC: IEEE Computer Society

  53. Wang, X., Chen, S., & Jajodia, S. (2005). Tracking anonymous peer-to-peer voip calls on the internet. In CCS '05: Proceedings of the 12th ACM Conference on Computer and Communications Security (pp. 81–91). New York, NY: ACM

  54. Wright, C. V., Ballard, L.,Monrose, F., & Masson, G. M. (2007). Language identification of encrypted voip traffic: Alejandra y roberto or alice and bob? In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, SS'07 (pp. 1–12). Berkeley, CA: USENIX Association

  55. Wright, C. V., Coull, S. E., & Monrose, F. (2009). Traffic morphing: An efficient defense against statistical traffic analysis. In Proceedings of the 16th Annual Network & Distributed System Security Symposium, NDSS '09, ISOC

  56. Xu, F., Michael, K., Chen, X.: Factors affecting privacy disclosure on social network sites: An integrated model. Electronic Commerce Research 13, 151–168 (2013)

    Article  Google Scholar 

  57. Zhang, G.: An analysis for anonymity and unlinkability for a voip conversation. Proceings of the 5th IFIP Privacy and Identity Summer School, pp. 198–212. Springer, Berlin (2010)

    Google Scholar 

  58. Zhang, G. (2011). Analyzing keystroke patterns of pin code input for recognizing voip users. In: IFIP Future Challenges in Security and Privacy for Academia and Industry, SEC '11. New York, NY: Springer IFIP

  59. Zhang, G., Berthold, S.: Hidden voip calling records from networking intermediaries. Principles, Systems and Applications of IP Telecommunications, IPTComm '10, pp. 12–21. ACM, New York, NY (2010)

    Chapter  Google Scholar 

  60. Zhang, G., & Fischer-Hübner, S. (2010). Peer-to-peer VoIP communications using anonymisation overlay networks. In Proceedings of the 11th IFIP TC6, TC11 International Conference on Communications and Multimedia Security, CMS '10 (pp. 130–141). LNCS 6109. New York: Springer

  61. Zhu,Y. (2010). On privacy leakage through silence suppression. In Proceedings of the 13th Information Security Conference, ISC '10 (pp. 276–282). New York: Springer LNCS

  62. Zhu, Y., H, Fu. Traffic analysis attacks on skype VoIP calls. Computer Communications 34(10), 1202–1212 (2011)

    Article  Google Scholar 

  63. Zopf, R. (2002). Real-time transport protocol (RTP) payload for comfort noise (CN). RFC 3389

Download references

Author information

Authors and Affiliations

  1. Karlstad University, Karlstad, Sweden

    Ge Zhang & Simone Fischer-Hübner

Authors
  1. Ge Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Simone Fischer-Hübner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ge Zhang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, G., Fischer-Hübner, S. A survey on anonymous voice over IP communication: attacks and defenses. Electron Commer Res 19, 655–687 (2019). https://doi.org/10.1007/s10660-019-09369-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-019-09369-0

Keywords

Search

Navigation