|
Tuesday, June 17, 2008 Breaking Phone-Call EncryptionA data compression scheme could leave Internet phone calls vulnerable to eavesdroppers. By Erica Naone
A technique for saving bandwidth in Internet phone calls could undermine their security, according to research recently presented at the IEEE Symposium on Security and Privacy. Johns Hopkins University researchers showed that, in encrypted phone calls using a certain combination of technologies, preselected phrases can be spotted up to 50 percent of the time on average, and up to 90 percent of the time under optimal conditions. Voice-over-Internet-protocol (VoIP) phone calls, in which a computer converts a voice signal into data packets and sends them over the Internet, are increasingly popular for personal and business communication. Although most VoIP systems don't yet use encryption, says Jason Ostrom, director of the VoIP-exploitation research lab at Sipera Systems, it's absolutely necessary, particularly for business users. In many cases, security measures aren't in place because companies haven't realized how vulnerable VoIP can be, he says. He cites an assessment that he did for a hotel that uses VoIP phones, in which he showed that an attacker could access and record guests' calls using a laptop plugged into a standard wall connection. The Johns Hopkins researchers hope that pointing out possible holes in voice encryption systems can help ensure their security when they become more commonplace. The Johns Hopkins attack takes advantage of a compression technique called variable-bit-rate encoding, which is sometimes used to save bandwidth in VoIP calls, explains Charles Wright, lead author of the paper. (Wright, who recently received his PhD from Johns Hopkins, will join the technical staff at the MIT Lincoln Laboratory in August.) Variable-bit-rate encoding, Wright says, adjusts the size of data packets being sent over the Internet based on how much information they actually contain. For example, when the person on one end of a VoIP call is listening rather than speaking, the packets sent from that person's computer shrink significantly. Also, packets containing certain sounds, such as "s" or "f," can take up less space than those containing more-complex sounds, such as vowels. Encrypting the packets after they've been compressed scrambles their contents, making them look like gibberish. But it doesn't change their size, which is what would give away information to potential eavesdroppers. In their tests, the Hopkins researchers simulated the packets that a combination of compression and encryption would produce for particular phrases. While an example of the way that a targeted speaker pronounced a particular phrase would give eavesdroppers a big advantage, they could still simulate the phrase using a pronunciation dictionary and a database of sample sounds from multiple speakers. The researchers can create many versions of the sounds in the phrase, which lets them accommodate different accents and other variations in pronunciation. They then use probabilistic methods to look for likely instances of the phrase. Wright says that the method can identify the phrase, on average, about half the time that it occurs, and that about half of the phrases it flags turn out to be exact matches of the desired phrase. In some circumstances, as when the phrases are longer, or when the speakers are particularly well matched to the simulated versions of the phrase, the accuracy became as high as 90 percent, Wright says. Because eavesdroppers have to know what phrase they're listening for, Wright says, "the threat would be more to technical, professional jargon than to an informal call between friends or family members." |
Audio »
Share »
Digg this
Add to del.icio.us
Add to Reddit
Add to Facebook
Slashdot It!
Stumble It!
Add to Newsvine
Add to Connotea
Add to CiteUlike
Add to Furl
Googlize this
Add to Rojo
Add to MyWeb
Favorite
Print
E-mail
Internet Security Hole Revealed
08/08/2008
Comments
chrisjmiller on 06/17/2008 at 6:47 AM
15
I wonder if this technique would work as well on non-Indo-European, particularly tonal, languages? One possible defence could be for us all to learn Mandarin :)
jesup on 06/17/2008 at 7:35 AM
6
The only VBR codecs commonly in use are for video - and this doesn't work well for that...
(FUD == Fear, Uncertainty, and Doubt - i.e. scare people away from VoIP)
Not that the paper is *wrong*, but that it's being WAY over-hyped by the author (and the reporter).
Erica Naone on 06/17/2008 at 8:42 AM
Assistant Editor
25
Charles Wright is interested in information leakage from encrypted traffic as applied to several types of scenarios. I think the techniques used to garner clues about supposedly hidden data are worth looking at even if they don't pose an immediate threat, since, again, it sheds light on design.
satyamtyagi on 06/18/2008 at 2:38 AM
1
http://www.microsoft.com/downloads/details.aspx?FamilyID=5D79B584-79C9-42A8-90C4-4AB3F03D19C4&displaylang=en
dtutelman on 06/17/2008 at 9:05 AM
13
chrisjmiller on 06/17/2008 at 6:47 AM Posts:
It's not obvious how you can get round this and simultaneously reduce bandwidth usage (which is, after all, one of the attractions of using VoIP).
Very good point. And not especially new.
Certainly during World War II (and probably before, but I don't know), codebreakers were using "traffic analysis" to get information. Even without being able to decipher the encryption itself, they could often tell when and where attacks were planned by monitoring message volume levels between different locations of the oppontents' armies. The only way for the communicator to beat traffic analysis was to send empty or dummy messages from everywhere to everywhere else -- to use all the links the same amount of time, whether or not there was meaningful information to send.
There seems to be an analogous situation here. The main value of packet switching voice is bandwidth reduction, based on not sending bits except when there is speech energy to encode and transmit. Now we find out (probably not surprisingly, had anyone thought about it) that showing the pattern of energy bursts may be almost as telling as simply not encrypting at all. Traffic analysis, anybody?
I agree with crisjmiller that the obvious solution is to do away with the bandwidth reduction. But there may be other, if less obvious, solutions. Let me brainstorm one for a moment...
If additional delay in the transmission is permissible, then the speech energy could be block-coded in a way that "smears" it over time. Rather than finding phrases, all a codebreaker could do is identify pauses in speech. Still some traffic-analyzable info, but nothing close to the ability to recognize phrases.
The big problem to this specific approach is the delay. I haven't done the homework, but I'd guess that any effective smearing would probably require adding a delay of at least a second. This is up in the range where telephone users are disturbed, and conversations even "go out of sync".
There may be other solutions, but the encryption technique is not going to be the biggest component. Any effective solution must hide the energy-burst pattern in speech.
DaveT
wf on 06/17/2008 at 8:54 AM
14
Whereas the latency issue would be too severe to enable a high degree of inter-word scrambling, it would seem reasonable that enough added latency could be tolerated to accommodate scrambling at the phoneme level. Also, it might be particularly beneficial if the scrambling latency could be made sufficiently long to permit some or most word boundaries to be obscured.
johnalphonse on 06/17/2008 at 11:24 AM
78
Anyhow, this is all moot in this "future" because bandwidth issues will not exist when the average household has in excess of 100 mpbs fiber or some other type of connection as a de facto standard. Already in France their bandwidth is way ahead of us, even in small villages, because their govt. sees the benefits of installing fiber and paying the bill instead of our outdated system of relying on a bunch of lazy, greedy capitalists to spur the movement. Unless this country becomes more of a socialist democracy instead of the fake democracy it is at present, we will sit here in our mud puddle whining about and trying to find workaround solutions for our substandard infrastructures. It's as if we've already accepted poor bandwidth, and we are preparing for a future of poor bandwith... I am confident this will all be a non-issue in the "future" - just not sure if it's going to happen in this country any time soon, unless perhaps we are paying for service from a foreign provider, which would be an improvement over what we've got within our isolationist borders today, and apparently in the foreseeable future...
mbloore on 06/17/2008 at 6:27 PM
20
johnalphonse on 06/19/2008 at 10:51 AM
78