Multi-class Traffic Morphing for Encrypted VoIP Communication
نویسندگان
چکیده
In a re-identification attack, an adversary analyzes the sizes of intercepted encrypted VoIP packets to infer characteristics of the underlying audio— for example, the language or individual phrases spoken on the encrypted VoIP call. Traffic morphing has been proposed as a general solution for defending against such attacks. In traffic morphing, the sender pads ciphertext to obfuscate the distribution of packet sizes, impairing the adversary’s ability to accurately identify features of the plaintext. This paper makes several contributions to traffic morphing defenses. First, we argue that existing traffic morphing techniques are ineffective against certain reidentification attacks since they (i) require a priori knowledge of what information the adversary is trying to learn about the plaintext (e.g., language, the identity of the speaker, the speaker’s gender, etc.), and (ii) perform poorly with a large number of classes. Second, we introduce new algorithms for traffic morphing that are more generally applicable and do not depend on assumptions about the goals of the adversary. Finally, we evaluate our defenses against re-identification attacks, and show, using a large real-world corpus of spoken audio samples, that our techniques reduce the adversary’s accuracy by 94% with low computational and bandwidth overhead.
منابع مشابه
Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis
Recent work has shown that properties of network traffic that remain observable after encryption, namely packet sizes and timing, can reveal surprising information about the traffic’s contents (e.g., the language of a VoIP call [29], passwords in secure shell logins [20], or even web browsing habits [21, 14]). While there are some legitimate uses for encrypted traffic analysis, these techniques...
متن کاملClassification of encrypted traffic for applications based on statistical features
Traffic classification plays an important role in many aspects of network management such as identifying type of the transferred data, detection of malware applications, applying policies to restrict network accesses and so on. Basic methods in this field were using some obvious traffic features like port number and protocol type to classify the traffic type. However, recent changes in applicat...
متن کاملEvaluating Quality of Encrypted VoIP Calls in a Simulation Environment
The purpose of this work is to evaluate the quality of encrypted VoIP calls with different encryption algorithms through OpenVPN software, in order to identify differences in results between encryption algorithms and also differences between non-encrypted and encrypted calls. This evaluation will take into account the MOS (Mean Opinion Score), a method to indicate user satisfaction of voice com...
متن کاملIP over Voice-over-IP for censorship circumvention
Open communication over the Internet poses a serious threat to countries with repressive regimes, leading them to develop and deploy networkbased censorship mechanisms within their networks. Existing censorship circumvention systems face different difficulties in providing unobservable communication with their clients; this limits their availability and poses threats to their users. To provide ...
متن کاملDetecting Bot Networks Based On HTTP And TLS Traffic Analysis
Abstract— Bot networks are a serious threat to cyber security, whose destructive behavior affects network performance directly. Detecting of infected HTTP communications is a big challenge because infected HTTP connections are clearly merged with other types of HTTP traffic. Cybercriminals prefer to use the web as a communication environment to launch application layer attacks and secretly enga...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015