Feeds

Compressed VoIP leaves eavesdropping clues

The Norman Collier effect

Intelligent flash storage arrays

Eavesdroppers might be able to gain clues about the content of encrypted conversations even without breaking the cryptography.

VoIP services such as Skype encrypt conversations but law enforcement agencies, most notably in Germany, have complained this can hinder law enforcement investigations.

The emerging use of variable bitrate compression for VoIP transmission carries serious potential drawbacks that may play into the hands of those seeking to spy on the content of conversations, for whatever purpose. Variable bitrate compression to VoIP streams minimises the use of bandwidth without reducing audio quality.

But the technique, when applied to encrypted VoIP streams, means that larger packets of scrambled data are associated with complex sounds such as "ow" than simple consonants, such as "c". As a result traffic analysis techniques can be applied to encrypted traffic streams.

Boffins from John Hopkins University in Baltimore, USA have found that the relative size of packets in a VoIP conversation might be used to detect whether words or phrases of interest appear in encrypted conversations. The result might yield a transcript even more unintelligible than from comedian Norman Collier's faulty microphone routine - which might still be a useful result.

Even though the approach is not sophisticated enough to come anywhere near gaining the actual gist of conversations it is be good enough to pick out chosen phrases within encrypted data. By using machine learning techniques the researchers were able to develop systems that "inferred 'hidden' information from encrypted VoIP traffic streams based on observable patterns in packet size and timing of various protocols".

Software developed by the researchers picked out words or short phrases with an average accuracy of 50 per cent, a result that climbed to 90 per cent in the case of longer phrases.

"I think the attack is much more of a threat to calls with some sort of professional jargon where you have lots of big words that string together to make long, relatively predictable phrases," Charles Wright, one of the John Hopkins team, told New Scientist. "Informal conversational speech would be tougher because it's so much more random."

Variable bit rate compression is not widely used in the VoIP world but is likely to be included in future upgrades of a number of services, according to Wright. He added that: "We hope we have caught this threat before it becomes too serious."

The John Hopkins team presented their research at the 2008 IEEE Symposium on Security and Privacy conference in Oakland, California last month. Their paper, Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations can be found here (pdf). ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.