Information Leakage in Ubiquitous Voice-over-IP Communications

  • Thorsten Neumann
  • Heiko Tillwick
  • Martin S. Olivier
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4083)

Abstract

In VoIP, proxies are used by end-devices to perform a number of tasks including call setup and routing. Setup and routing is achieved through the exchange of call control messages which are forwarded among all involved proxies as well as the communicating end-devices. This paper will explore the information exchanged in Voice-over-IP (VoIP) call control messages and any possible implications this has on personal privacy. We assess the explicit and implicit deductions that can be made from handling messages in transit and evaluate these with a conceptual anonymity model. We aim to show that profiling is a threat in current VoIP implementations and that this threat becomes increasingly relevant with the growing adoption of VoIP. We consider these facts in light of possible future scenarios whereby VoIP has the potential to become a truly ubiquitous technology.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Sherburne, P., Fitzgerald, C.: You Don’t Know Jack About VoIP. Queue 2(6), 30–38 (2004)CrossRefGoogle Scholar
  2. 2.
    Weiser, M.: The Computer for the 21st Century. Scientific American Ubicomp. 3, 94–104 (1991)Google Scholar
  3. 3.
    Peterson, J., Jennings, C.: Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP), RFC 3323 (2003)Google Scholar
  4. 4.
    Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol, RFC 3261 (2002)Google Scholar
  5. 5.
    Peterson, J.: A Privacy Mechanism for the Session Initiation Protocol (SIP), RFC 3323 (2002)Google Scholar
  6. 6.
    Varshney, U., Snow, A., McGivern, M., Howard, C.: Voice over IP. Commun. ACM 45(1), 89–96 (2002)CrossRefGoogle Scholar
  7. 7.
    Schulzrinne, H., Rosenberg, J.: The Session Initiation Protocol: Internet-centric signaling, vol. 38, pp. 134–141. IEEE, Los Alamitos (2000)Google Scholar
  8. 8.
    Zugenmaier, A., Kreuzer, M., Müller, G.: The freiburg privacy diamond: An attacker model for a mobile computing environment. In: KiVS Kurzbeiträge, pp. 131–141 (2003)Google Scholar
  9. 9.
    Fraley, D.L.: Voice Over IP Communications Must Be Secured. Gartner, Inc. (G00124016) 5 of 6 (2004)Google Scholar
  10. 10.
    Faltstrom, P.: E.164 number and DNS. RFC 2916 (1998)Google Scholar
  11. 11.
    Palen, L., Salzman, M., Youngs, E.: Going wireless: behavior & practice of new mobile phone users. In: CSCW 2000: Proceedings of the 2000 ACM Conference on Computer Supported Cooperative Work, USA, pp. 201–210. ACM Press, New York (2000)CrossRefGoogle Scholar
  12. 12.
    Hindus, D., Schmandt, C.: Ubiquitous audio: capturing spontaneous collaboration. In: CSCW 1992: Proceedings of the 1992 ACM Conference on Computer-Supported Cooperative Work, pp. 210–217. ACM Press, New York (1992)CrossRefGoogle Scholar
  13. 13.
    Isaacs, E., Walendowski, A., Whittaker, S., Schiano, D.J., Kamm, C.: The character, functions, and styles of instant messaging in the workplace. In: CSCW 2002: Proceedings of the 2002 ACM Conference on Computer Supported Cooperative Work, pp. 11–20. ACM Press, New York (2002)CrossRefGoogle Scholar
  14. 14.
    Zugenmaier, A.: The Freiburg Privacy Diamond - A Conceptual Model for Mobility in Anonymity Systems. In: Proceedings of Globecom 2003. (2003)Google Scholar
  15. 15.
    Alfonsi, B.: Alliance addresses VoIP security. IEEE Security & Privacy 3(4), 8 (2005)CrossRefMathSciNetGoogle Scholar
  16. 16.
    Neumann, T., Olivier, M.S.: Enhancements to SIP to prevent abuse of Voice-over-IP services. In: Proceedings of Southern African Telecommunication Networks and Applications Conference (SATNAC) (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Thorsten Neumann
    • 1
  • Heiko Tillwick
    • 1
  • Martin S. Olivier
    • 1
  1. 1.Information and Computer Security Architectures (ICSA) Research Group, Department of Computer ScienceUniversity of PretoriaSouth Africa

Personalised recommendations