Presentation is loading. Please wait.

Presentation is loading. Please wait.

Voice over Internet Services and Privacy. Agenda Problem Description Scope Recommendations.

Published byEllen Knight Modified over 9 years ago

Similar presentations

Presentation on theme: "Voice over Internet Services and Privacy. Agenda Problem Description Scope Recommendations."— Presentation transcript:

1 Voice over Internet Services and Privacy

2 Agenda Problem Description Scope Recommendations

3 Problem Description Skype spying on users – Academic paper. Academic paper – Press article in English Press article – Press article in German Press article Weak/broken security – Blog post about WhatsApp Blog post – Cryptocat: German article / English articleGerman articleEnglish article Government surveillance – XKeyscore XKeyscore

4 Introduction to Communication Protocols Alice & Bob register with application server. Alice wants to call Bob. – Signaling message travels to server – Server does a lookup on Bob’s current IP address. – Server sends signaling msg to Bob. Alice and Bob exchange data traffic.

5 What route does data take? What data? – Voice, video, real-time text, text, data Routing: – “Directly” between the two endpoints Example: ICE use with XMPP JingleICEXMPP Jingle – Via application servers Example: Regular XMPP instance messaging – Via some other servers TURN relays, VPN overlays, Onion routing network In general, an application provider can influence data path routing.

6 Extending Basic Scenario Interconnection Common scenario for VoIP-PSTN interworking.

7 Typical Questions What technology is used by the two providers? What interconnection technology is used? How many intermediaries are along the path? What do the intermediaries get to see? (signaling only? Data as well?)

8 Outsourcing the Identity Provider WebRTC-based JavaScript APIs

9 Security & Privacy 1.Protect signaling traffic (hop-by-hop) 2.Protect data traffic (end-to-end) 3.Convey identity information (or hide it)

10 Protect Signaling Traffic Server-to-Server: – Use TLS (or IPsec) with mutual authentication between servers. End device-to-Server: – Use server-side authenticated TLS between end device and application server. – Various user authentication techniques deployed. Protects against eavesdroppers on the wire. Does not protect against application servers collecting data about user behavior.

11 Protect Data Traffic Depends on the assumptions of who to trust and the anticipated capability of the adversary. – There are also challenges in the interworking with existing technologies. Examples: – ZRTP assumes that calling parties recognize their voice. – DTLS-SRTP assumes that SIP identity protects the fingerprints. A summary of the requirements and use cases can be found in RFC 5479.RFC 5479

12 Convey or Hide Identity Information In the context of VoIP this typically means the calling party identifier (phone number or URI) + contact information. Two approaches have been developed: – Chain of Trust approach (e.g., P-Asserted-Identity)P-Asserted-Identity – Cryptographic approach (e.g., SIP Identity)SIP Identity Various problems surfaced with the chain of trust approach (which is also used in today’s telephone system) with caller-id spoofing and telephony denial of service attacks. A more detailed discussion of the topic can be found here. here

13 Recommendations (To VSPs) Transparency about the Data Collection and Use – What information is collected by whom and for what purpose? What is the retention period? User Participation – What are the controls for users to control sharing with other users and with intermediaries? e.g., identity information – Ability to review and revoke access to camera, microphone, etc. Security – Mandatory security for signaling traffic – Mandatory E2E security for data traffic? – Perfect forward secrecy to avoid future compromise? Perfect forward secrecy – Protection against unauthorized access – Regular software updates to address vulnerabilities Privacy-friendly defaults

14 Recommendations, cont. (To VSPs) Re-use open standards / open source that enjoyed wider community review (  transparency) Allow users to choose their identity provider (  competition and choice) Offer federated use and data portability (  competition and choice) Preference for cryptographic identity conveyance (  misattribution & intrusion) Offer capabilities for direct exchange of data (  data minimization)

15 Recommendations (To Users) Select application providers operating in jurisdictions you feel comfortable with (  applicable data protection laws)

16 Final Remarks Are these recommendations detailed enough? What is the likelihood that those recommendations will be considered by VSPs? Should we provide recommendations to other parties as well? (e.g., open source developers, standardization organizations) How to support innovation in the application space?

Download ppt "Voice over Internet Services and Privacy. Agenda Problem Description Scope Recommendations."

Similar presentations

1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
IPv6 Privacy Hannes Tschofenig, Tara Whalen. Agenda Privacy Threats Layering Addressing Policy Questionnaire.

IPv6 Privacy Hannes Tschofenig, Tara Whalen. Agenda Privacy Threats Layering Addressing Policy Questionnaire.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Reza hooshangi (8811253). short history  One of the last major challenges for the web is to enable human communication via voice and video: Real Time.

Reza hooshangi ( ). short history  One of the last major challenges for the web is to enable human communication via voice and video: Real Time.
1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.

1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
Remote Call/Device Control IETF82, Dispatch WG, Taipei November 15, 2011 1 Rifaat Shekh-Yusef Cullen Jennings Alan Johnston.

Remote Call/Device Control IETF82, Dispatch WG, Taipei November 15, Rifaat Shekh-Yusef Cullen Jennings Alan Johnston.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University

An Overview of SIP Security Dr. Samir Chatterjee Network Convergence Lab Claremont Graduate University
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday 26.09.2005 C. Today I³SI³HIPHI³.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
Session Initiation Protocol Winelfred G. Pasamba.

Session Initiation Protocol Winelfred G. Pasamba.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.

© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
CS 268: Future Internet Architectures Ion Stoica May 1, 2006.

CS 268: Future Internet Architectures Ion Stoica May 1, 2006.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Point-to-Point Privacy Protect the privacy of a point-to-point communication between Alice and Bob assuming that an eavesdropper (Eve) has access to the.

Point-to-Point Privacy Protect the privacy of a point-to-point communication between Alice and Bob assuming that an eavesdropper (Eve) has access to the.
CS 268: Future Internet Architectures Ion Stoica May 6, 2003.

CS 268: Future Internet Architectures Ion Stoica May 6, 2003.

Similar presentations

Ads by Google