Download presentation
Presentation is loading. Please wait.
Published byCody Ethelbert Moore Modified over 9 years ago
1
Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presented by Mounica Atluri
2
Voice-over-IP Attacks Proposed solution Experimental Evaluation Conclusion
3
Data transmission through Public switched telephone network Uses Circuit switched networks Expensive
4
We see people talking through Skype, Vonage, instant messengers Technology behind is called VoIP Transmission of voice traffic over IP-based networks Sounds are recorded and compressed Benefit of VoIP: Very economical
5
Caller anonymity and QoS Existing approaches use Mix networks Mix networks route traffic through nodes with random delays and random routes For example, Onion routing
6
Other examples are Tor, Freedom and Tarzan Mix networks cannot accommodate the QoS requirement Low latency apps are vulnerable to timing attacks
7
Uses RTP for data transmission Route Set Up protocol for call set up and termination
8
Operates in four steps 1.initSearch: initiates a route set up request 2.processSearch: processes a route set up request 3.processResult: processes the results of a route set up request 4.finSearch: concludes the route set up procedure
9
src initiates a request by broadcasting
10
If p receives a request from q, it checks if the sipurl is the url of the client connected to p.
11
If p receives result (searchId, q), it searches for, adds and forwards result to prev
12
If src receives result, it adds to its routing table
13
Encryption with shared symmetric key Exposes dst (through dst.sipurl ) dst adds a random delay src or dst can be inferred if all of their neighboring nodes are malicious
14
Triangulation based timing attacks 3 steps in triangulation based timing attacks Candidate caller detection: malicious nodes deduce a list of potential callers Candidate caller ranking: malicious nodes associate a score with every potential caller Triangulation: Colluding malicious nodes combine their sets to obtain more accurate list of callers.
15
Deterministic triangulation attack Statistical triangulation attack Differential triangulation attack
16
2 assumptions Link latencies are deterministic All nodes are synchronized 2 properties of route setup protocol Protocol establishes shortest route between the src and dst Node p that receives route set up request originated from src can estimate dist(src, p)
17
Candidate caller detection Compute S(p) for all s ∈ S(p),
18
Candidate caller ranking Compute the score Triangulation Compute the final score
20
Link latencies are independently distributed Length of a path P is given by In candidate caller detection, p computes a set of Pareto-optimal distances to all nodes v A set of path lengths d 1, d 2.. d m is Pareto- optimal if for all other path lengths d,
21
A node v is marked as a candidate caller if If link latencies follow Gaussian, the path latencies follow Gaussian too Score of v can be computed as For other any other distribution, use Chebyshev’s inequality to compute
22
In Triangulation step, the aggregate score for a candidate caller v is computed
23
Eliminates time stamp ts from the route set up request Malicious nodes can estimate the difference In candidate caller detection, malicious node p computes statistical shortest distances to every other node v as
24
Statistical distance dist pq [v] is given by dist p [v] – dist q [v] v is a candidate caller if If the link latency distribution is Gaussian, the score of v is given by Finally, the average score for v is computed
25
Network topology should be known for Timing attacks Achieved by ping and pong messages xy ping(x,all) pong(y, x) y´y´ pong(y ´,x)
26
Experimental set up A synthetic network with 1024 nodes Topology was constructed using NS-2 topology generator Node-to-node round trip times varies from 24ms- 150ms with a mean of 74ms
27
Deterministic Triangulation Number of suspects varies with number of malicious nodes Epsilon should not be too small or large
28
Statistical Triangulation More effective than deterministic when there are uncertainties in link latencies
29
Differential Triangulation Statistical attack performs better if the clocks are synchronized Differential triangulation can achieve a top-10 probability of 0.78 with only 10 malicious nodes
30
Topology Discovery With m =20 and ttl =2, about 75% of the topology is discovered
31
Latency perturbation each node adds random delay Random Walk Search Algorithm Resilient to timing attacks but generates suboptimal routes Hybrid route set up Trade off anonymity with QoS
32
Sends a search request to a randomly chosen neighbor Two key properties Markovian property Random walker does not traverse the shortest path between any two nodes
33
Controlled Random Walk Combination of two protocols γ limits the length of random walk Starts with random walk search Switches to broadcast search with probability 1- γ
34
Multi-Agent Random Walk Similar to random walk Src sends ω random walkers (ω >1) Route is established when the first random walker reaches dst Higher ω results in optimal route latency Vulnerable to triangulation based timing attack if src sends out random walkers at time t=0
35
Performed on 1024-node synthetic VoIP network topology using NS-2 Algorithms implemented using Phex: an open source Java based implementation of peer- to-peer broadcast based route set up protocol
36
Performance Characterized by cost of messaging QoS guarantees Routes with latency<250ms satisfy QoS requirements Larger route set up latency does not affect the quality of voice conversation
37
Optimal parameter settings Attack resilience 99% optimal parameter settings
38
Topology discovery Only fraction of topology has been discovered Top-10 probability for marw was 42% less, crw was 33% less and broadcast was only 9% less Random walk protocols are more sensitive to topology
39
VoIP in becoming popular due to its advantages in cost and convenience It is a major concern to provide anonymity to the clients Threat models targeting callers’ anonymity are efficient Even if a small fraction of network is malicious, the caller can be inferred accurately It is difficult to trade QoS with anonymity
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.