Encrypted VoIP not as secure as it sounds

May 26, 2011 by Bob Yirka report
Overall architecture of our approach for reconstructing transcripts of VoIP conversations from sequences of encrypted packet sizes. Image credit: Andrew M. White.

(PhysOrg.com) -- Linguistics researchers working with computer scientists at the University of North Carolina have shown that voice conversations over the Internet, even if they are encrypted, are not as secure as generally thought. Presenting their findings at the IEEE Symposium on Security and Privacy in Oakland California this past week, the team showed that by breaking up voice messages broadcast over the Internet, and then parsing the bits into phonemes (human speech components) they could, using linguistic rules, essentially recreate conversations; at least to some degree. The results varied, but were in general good enough to gain the essence of what was being said.

The results of the team’s efforts show that services such as Skype, even though they use both encoding (converting words to code or data) and encryption (transforming the encoded messages to a different form using an algorithms) techniques to prevent easy capture of voice conversations over the Internet, are vulnerable to eavesdropping by perpetuators bent on listening in on what are supposed to be private conversations.

The team was able to reconstruct conversations, not by beating the encryption scheme, but by measuring the data packet size of messages sent electronically across a network and then by applying known linguistic rules of to those packets to decipher individual components of speech, which when put together, resulted in conversations that were at times, able to be understood by those listening.

In the paper that accompanied their presentation, the team describes the process as similar to that used by infants when learning to communicate. They learn by associating certain words they hear over and over with known results. When an adult speaks to them, they parse out the stuff they don’t understand and instead concentrate on the words that stand out that they do know; linguists use the term “well formed” to describe terms that are understandable amongst those that are not. Infants use well formed phrases to help them deduce the meaning of other words that surround the ones they do know to try to figure out what is being said; a process the research team essentially duplicated when trying to recreate phone conversations.

Because the results varied widely, and because eavesdroppers would need a lot of time, talent and money to recreate the results the team found, current users of such services shouldn’t worry that someone is listening in, but even so, now that a vulnerability has been exposed, it’s likely that Skype and other VoIP providers will take steps to eliminate the newly discovered weakness.

Explore further: Big data may be fashion industry's next must-have accessory

More information: Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks


Abstract
In this work, we unveil new privacy threats against Voice-over-IP (VoIP) communications. Although prior work has shown that the interaction of variable bit-rate codecs and length-preserving stream ciphers leaks information, we show that the threat is more serious than previously thought. In particular, we derive approximate transcripts of encrypted VoIP conversations by segmenting an observed packet stream into subsequences representing individual phonemes and classifying those subsequences by the phonemes they encode. Drawing on insights from the computational linguistics and speech recognition communities, we apply novel techniques for unmasking parts of the conversation. We believe our ability to do so underscores the importance of designing secure (yet efficient) ways to protect the confidentiality of VoIP conversations.

Related Stories

Stop Big Brother listening in to your mobile phone conversation

Sep 27, 2004

A team of University of Surrey scientists led by Professor Ahmet Kondoz has developed new technology which will enable companies and organisations to ensure that their GSM mobile phone conversations are totally secure and confidential. Prev ...

Skype forms tie-up with Japan's KDDI

Oct 18, 2010

Japan's number two telecom operator KDDI said Monday it had formed a strategic tie-up with Skype to bring Internet-based communication services to its mobile smartphone users.

Facebook joins forces with Skype

Oct 14, 2010

Skype and Facebook joined forces Thursday to let users of the popular Internet communications service chat with their friends on the booming social network.

U.S. to open door to VoIP wiretaps

Sep 27, 2005

New rules allowing wiretaps of Voice over Internet Protocol conversations are expected to be issued by U.S. authorities in 2007.

Recommended for you

Cloud computing helps make sense of cloud forests

Dec 17, 2014

The forests that surround Campos do Jordao are among the foggiest places on Earth. With a canopy shrouded in mist much of time, these are the renowned cloud forests of the Brazilian state of São Paulo. It is here that researchers ...

Teaching robots to see

Dec 15, 2014

Syed Saud Naqvi, a PhD student from Pakistan, is working on an algorithm to help computer programmes and robots to view static images in a way that is closer to how humans see.

User comments : 5

Adjust slider to filter visible comments by rank

Display comments: newest first

Mahal_Kita
not rated yet May 26, 2011
Of course you have to fill out the strings before encryption.. Just fill out the remainder of a fixed length string with garbage. There will be some overhead, but the conversation will be safe from this sample method.
Noumenal
not rated yet May 26, 2011
In the paper that accompanied their presentation, the team describes the process as similar to that used by infants when learning to communicate. They learn by associating certain words they hear over and over with known results. When an adult speaks to them, they parse out the stuff they dont understand and instead concentrate on the words that stand out that they do know; linguists use the term well formed to describe terms that are understandable amongst those that are not.


Ironically maybe, scientists found that babies infact learn language through brief moments of insight, rather than repetition. http://medicalxpr...rds.html
Foolish1
5 / 5 (1) May 26, 2011
This has been known for years. Just use a constant rate codec.
hush1
not rated yet May 26, 2011
lol
Ironically, all users of Skype and other VoIP providers, learned "through the brief moment of insight" to digress.
To neologism.

:)
hush1
1 / 5 (1) May 26, 2011
The research is flawed. The computer researchers relied on linguistics researchers. On linguistics researchers knowledge that does not include the current breakthroughs in linguistics.
Too bad. A+ for effort.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.