Information Leakage in Ubiquitous Voice-over-IP Communications
In VoIP, proxies are used by end-devices to perform a number of tasks including call setup and routing. Setup and routing is achieved through the exchange of call control messages which are forwarded among all involved proxies as well as the communicating end-devices. This paper will explore the information exchanged in Voice-over-IP (VoIP) call control messages and any possible implications this has on personal privacy. We assess the explicit and implicit deductions that can be made from handling messages in transit and evaluate these with a conceptual anonymity model. We aim to show that profiling is a threat in current VoIP implementations and that this threat becomes increasingly relevant with the growing adoption of VoIP. We consider these facts in light of possible future scenarios whereby VoIP has the potential to become a truly ubiquitous technology.
KeywordsSession Initiation Protocol Privacy Concern Information Leakage User Privacy Ubiquitous Technology
Unable to display preview. Download preview PDF.
- 2.Weiser, M.: The Computer for the 21st Century. Scientific American Ubicomp. 3, 94–104 (1991)Google Scholar
- 3.Peterson, J., Jennings, C.: Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP), RFC 3323 (2003)Google Scholar
- 4.Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol, RFC 3261 (2002)Google Scholar
- 5.Peterson, J.: A Privacy Mechanism for the Session Initiation Protocol (SIP), RFC 3323 (2002)Google Scholar
- 7.Schulzrinne, H., Rosenberg, J.: The Session Initiation Protocol: Internet-centric signaling, vol. 38, pp. 134–141. IEEE, Los Alamitos (2000)Google Scholar
- 8.Zugenmaier, A., Kreuzer, M., Müller, G.: The freiburg privacy diamond: An attacker model for a mobile computing environment. In: KiVS Kurzbeiträge, pp. 131–141 (2003)Google Scholar
- 9.Fraley, D.L.: Voice Over IP Communications Must Be Secured. Gartner, Inc. (G00124016) 5 of 6 (2004)Google Scholar
- 10.Faltstrom, P.: E.164 number and DNS. RFC 2916 (1998)Google Scholar
- 14.Zugenmaier, A.: The Freiburg Privacy Diamond - A Conceptual Model for Mobility in Anonymity Systems. In: Proceedings of Globecom 2003. (2003)Google Scholar
- 16.Neumann, T., Olivier, M.S.: Enhancements to SIP to prevent abuse of Voice-over-IP services. In: Proceedings of Southern African Telecommunication Networks and Applications Conference (SATNAC) (2005)Google Scholar