Abstract
Some governments do not consider metadata as personal data, and so not in the scope of privacy regulations. However, often, metadata gives more relevant information than the actual content itself. Metadata can be very useful to identify, locate, understand and manage personal data, i.e., information that is eminently private in nature and under most privacy regulation should be anonymized or deleted if users have not give their consent. In voice calls, we are facing a critical situation in terms of privacy, as metadata can identify who calls to whom and the duration of the call, for example. In this work, we investigate privacy properties of voice calls metadata, in particular when using secure VoIP, giving evidence of the ability to extract sensitive information from its (“secure”) metadata. We find that ZRTP metadata is freely available to any client on the network, and that users can be re-identified by any user with access to the network. Also, we propose a solution for this problem, suitable for all the ZRTP-based implementations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
SIP is a third party server that allows the peer discovery and negotiation, in the case of ZRTP does not interact with the key negotiation.
References
Gruber, A., Ben-Gal, I.: Using targeted Bayesian network learning for suspect identification in communication networks. Int. J. Inf. Secur. 17(2), 169–181 (2018)
de Montjoye, Y.-A., et al.: openPDS: protecting the privacy of metadata through safeanswers. PloS One 9(7), e98790 (2014)
LinPhone Open source VOIP project (2017). http://www.linphone.org/. Accessed 29 Mar 2018
Moscaritolo, V., Belvin, G., Zimmermann, P.: Silent circle instant messaging protocol protocol specification. Online, White Paper (2012)
Silent Circle (2018). https://www.silentcircle.com/. Accessed 29 Mar 2018
Zimmermann, P., Johnston, A., Callas, J.: ZRTP: media path key agreement for unicast secure RTP. No. RFC 6189 (2011)
Greschbach, B., Kreitz, G., Buchegger, S.: The devil is in the metadata—new privacy challenges in decentralised online social networks. In: 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops). IEEE (2012)
Tesic, J.: Metadata practices for consumer photos. IEEE MultiMed. 12(3), 86–92 (2005)
Mayer, J., Mutchler, P., Mitchell, J.C.: Evaluating the privacy properties of telephone metadata. Proc. Nat. Acad. Sci. 113(20), 5536–5541 (2016)
Cole, D.: We kill people based on metadata. New York Rev. Books 10, 2014 (2014)
Furini, M., Tamanini, V.: Location privacy and public metadata in social media platforms: attitudes, behaviors and opinions. Multimed. Tools Appl. 74(21), 9795–9825 (2015)
de Montjoye, Y.-A., Radaelli, L., Singh, V.K.: Unique in the shopping mall: on the reidentifiability of credit card metadata. Science 347(6221), 536–539 (2015)
Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: IEEE Symposium on Security and Privacy, SP 2008. IEEE (2008)
Scapy: the Python-based interactive packet manipulation program and library (2015). https://github.com/secdev/scapy/
Schrmann, D., et al.: Wiretapping end-to-end encrypted VoIP calls: real-world attacks on ZRTP. Proc. Priv. Enhanc. Technol. 2017(3), 4–20 (2017)
Petraschek, M., et al.: Security and usability aspects of man-in-the-middle attacks on ZRTP. J. UCS 14(5), 673–692 (2008)
Werner Dittmann, ZRTPCPP (2018). https://github.com/wernerd/ZRTPCPP
PJSIP version, teluu. http://www.pjsip.org/
Toole, J.L., et al.: Tracking employment shocks using mobile phone data. J. Roy. Soc. Interface 12(107), 20150185 (2015)
Arai, A., et al.: Understanding user attributes from calling behavior: exploring call detail records through field observations. In: Proceedings of the 12th International Conference on Advances in Mobile Computing and Multimedia. ACM (2014)
de Montjoye, Y.-A., Quoidbach, J., Robic, F., Pentland, A.S.: Predicting personality using novel mobile phone-based metrics. In: Greenberg, A.M., Kennedy, W.G., Bos, N.D. (eds.) SBP 2013. LNCS, vol. 7812, pp. 48–55. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37210-0_6
Chittaranjan, G., Blom, J., Gatica-Perez, D.: Mining large-scale smartphone data for personality studies. Pers. Ubiquit. Comput. 17(3), 433–450 (2013)
Zhong, E., et al.: User demographics prediction based on mobile data. Pervasive Mobile Comput. 9(6), 823–837 (2013)
Alvanos, D., Limniotis, K., Stavrou, S.: On the cryptographic features of a VoIP service. Cryptography 2(1), 3 (2018)
Acknowledgements
This work is partially funded by the ERDF through the COMPETE 2020 Programme within project POCI-01-0145-FEDER-006961, and by National Funds through the FCT as part of project UID/EEA/50014/2013.
The work of João S. Resende was supported by a scholarship from the Fundação para a Ciência e Tecnologia (FCT), Portugal (scholarship number PD/BD/128149/2016).
The work of Patrícia R. Sousa and Luís Antunes was supported by Project “NanoSTIMA: Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics/NORTE-01-0145-FEDER-000016”, financed by the North Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, and through the European Regional Development Fund (ERDF).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Resende, J.S., Sousa, P.R., Antunes, L. (2018). Evaluating the Privacy Properties of Secure VoIP Metadata. In: Furnell, S., Mouratidis, H., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2018. Lecture Notes in Computer Science(), vol 11033. Springer, Cham. https://doi.org/10.1007/978-3-319-98385-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-98385-1_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98384-4
Online ISBN: 978-3-319-98385-1
eBook Packages: Computer ScienceComputer Science (R0)