Technology Review - Published By MIT
Technology Review  in English | en Español | auf Deutsch | in Italiano | 中文 | in India
Advertisement

Breaking Phone-Call Encryption

Continued from page 1

By Erica Naone

Tuesday, June 17, 2008
smaller text tool iconmedium text tool iconlarger text tool icon

While 50 percent accuracy may not sound like much, "these are encrypted conversations, so your expectation is not to be able to do this at all," says Fabian Monrose, an associate professor of computer science at Johns Hopkins, who was also involved in the research.

Matt Bishop, a professor of computer science at the University of California, Davis, agrees. "Fifty percent is quite scary," he says, "because what it means is that, in essence, you could potentially understand a fair portion of the conversation. The whole purpose of encryption is to prevent understanding." He adds that the attack is made more realistic by its ability to simulate phrases from standard sample sounds, which would be easier for an attacker to obtain than speech samples from the person he or she wants to spy on.

Sipera Systems' Ostrom says that he found the research particularly interesting "because it shows that you shouldn't feel safe just because you're using a security control. You still have to validate it to ensure that it meets your requirements." He adds, "In VoIP, there's always a fight between quality of service and security." The researchers' attack is a good example, he says, because it explores how an effort to improve quality of service by reducing bandwidth usage can affect efforts to protect calls. However, Ostrom notes that most corporations aren't currently using variable-bit-rate encoding and wouldn't now be at risk.

Wright and Monrose say that they see their work as more of a cautionary tale. Monrose says that recently he has been seeing drafts of technical specifications that call for variable-bit-rate encoders. "Our gut reaction was, this has privacy implications that people have not well studied," he says. The researchers say that they hope their work will prevent people from making design decisions in isolation and encourage them to think about solutions that will increase both efficiency and security. "If we start combining tools the way a lot of the specifications are calling for," Monrose says, "then we need to make sure that we do it in the right way."


Tags

bandwidth bandwidth savings security VOIP

Related Articles

Comments
  • Nice hack!
    It's not obvious how you can get round this and simultaneously reduce bandwidth usage (which is, after all, one of the attractions of using VoIP).

    I wonder if this technique would work as well on non-Indo-European, particularly tonal, languages?  One possible defence could be for us all to learn Mandarin :)
    Rate this comment: 12345

    chrisjmiller
    06/17/2008
    Posts:26
    Avg Rating:
    4/5
    • Not a hack - this is FUD
      Actually, for any existing system, this is a non-hack. Not only do "most" systems no use VBR for audio, so far as I know no systems use VBR. All audio codecs currently in use (and virtually all being considered) are fixed-frame-size codecs, which network admins like because they're predictable.

      The only VBR codecs commonly in use are for video - and this doesn't work well for that...

      (FUD == Fear, Uncertainty, and Doubt - i.e. scare people away from VoIP)

      Not that the paper is *wrong*, but that it's being WAY over-hyped by the author (and the reporter).
      Rate this comment: 12345

      jesup
      06/17/2008
      Posts:11
      Avg Rating:
      4/5
      • Re: Not a hack - this is FUD
        To me, what's interesting about this story is the implications it has for design. I think the paper's authors are looking ahead at two concerns that are on the horizon for VoIP -- how to save bandwidth and also be secure -- and pointing out that it's important to pay attention to the whole design of a system and how the parts work together. I've tried to make clear in the article that this is a scenario that doesn't currently threaten most people -- my intention is definitely not to "overhype." I think the researchers are, as academic researchers often do, investigating things that may come up in the future. Incidentally, there are some variable bit rate encoders available for VoIP (Speex codec is the one the researchers used, and has a VBR mode).

        Charles Wright is interested in information leakage from encrypted traffic as applied to several types of scenarios. I think the techniques used to garner clues about supposedly hidden data are worth looking at even if they don't pose an immediate threat, since, again, it sheds light on design.
        Rate this comment: 12345

        Erica Naone
        06/17/2008
        Posts:43
        Avg Rating:
        4/5
      • Re: Not a hack - this is FUD
        Microsoft Office Communication Server/Microsoft Office Communicator use "RTAudio codec" as the preferred codec. This codec supports VBR mode


        http://www.microsoft.com/downloads/details.aspx?FamilyID=5D79B584-79C9-42A8-90C4-4AB3F03D19C4&displaylang=en
        Rate this comment: 12345

        satyamtyagi
        06/18/2008
        Posts:1
    • Re: Nice hack!
      Nice hack!
      chrisjmiller on 06/17/2008 at 6:47 AM Posts:

      It's not obvious how you can get round this and simultaneously reduce bandwidth usage (which is, after all, one of the attractions of using VoIP).

      Very good point. And not especially new.

      Certainly during World War II (and probably before, but I don't know), codebreakers were using "traffic analysis" to get information. Even without being able to decipher the encryption itself, they could often tell when and where attacks were planned by monitoring message volume levels between different locations of the oppontents' armies. The only way for the communicator to beat traffic analysis was to send empty or dummy messages from everywhere to everywhere else -- to use all the links the same amount of time, whether or not there was meaningful information to send.

      There seems to be an analogous situation here. The main value of packet switching voice is bandwidth reduction, based on not sending bits except when there is speech energy to encode and transmit. Now we find out (probably not surprisingly, had anyone thought about it) that showing the pattern of energy bursts may be almost as telling as simply not encrypting at all. Traffic analysis, anybody?

      I agree with crisjmiller that the obvious solution is to do away with the bandwidth reduction. But there may be other, if less obvious, solutions. Let me brainstorm one for a moment...

      If additional delay in the transmission is permissible, then the speech energy could be block-coded in a way that "smears" it over time. Rather than finding phrases, all a codebreaker could do is identify pauses in speech. Still some traffic-analyzable info, but nothing close to the ability to recognize phrases.

      The big problem to this specific approach is the delay. I haven't done the homework, but I'd guess that any effective smearing would probably require adding a delay of at least a second. This is up in the range where telephone users are disturbed, and conversations even "go out of sync".

      There may be other solutions, but the encryption technique is not going to be the biggest component. Any effective solution must hide the energy-burst pattern in speech.

      DaveT
      Rate this comment: 12345

      dtutelman
      06/17/2008
      Posts:57
      Avg Rating:
      4/5
  • Partial Solution
    A potential solution to the problem described in the article would be to employ temporal scrambling within the encryption process.  The downside is that it introduces additional latency to the encode/decode process, which could create awkward delays in phone conversations if the added latency is excessive.

    Whereas the latency issue would be too severe to enable a high degree of inter-word scrambling, it would seem reasonable that enough added latency could be tolerated to accommodate scrambling at the phoneme level.  Also, it might be particularly beneficial if the scrambling latency could be made sufficiently long to permit some or most word boundaries to be obscured.
    Rate this comment: 12345

    wf
    06/17/2008
    Posts:14
    Avg Rating:
    5/5
  • Non-issue in the future
    A telling statement, Erica: "I think the researchers are, as academic researchers often do, investigating things that may come up in the future."  If you think you MAY get in an accident, your chances of doing so dramatically increase, for example...  If you think you MAY get robbed, your chances increase as well.  Not advocating being foolhardy, but this is a proven aspect of quantum thought.

    Anyhow, this is all moot in this "future" because bandwidth issues will not exist when the average household has in excess of 100 mpbs fiber or some other type of connection as a de facto standard.  Already in France their bandwidth is way ahead of us, even in small villages, because their govt. sees the benefits of installing fiber and paying the bill instead of our outdated system of relying on a bunch of lazy, greedy capitalists to spur the movement.  Unless this country becomes more of a socialist democracy instead of the fake democracy it is at present, we will sit here in our mud puddle whining about and trying to find workaround solutions for our substandard infrastructures.  It's as if we've already accepted poor bandwidth, and we are preparing for a future of poor bandwith...  I am confident this will all be a non-issue in the "future" - just not sure if it's going to happen in this country any time soon, unless perhaps we are paying for service from a foreign provider, which would be an improvement over what we've got within our isolationist borders today, and apparently in the foreseeable future...
    Rate this comment: 12345

    johnalphonse
    06/17/2008
    Posts:78
    Avg Rating:
    2/5
    • Re: Non-issue in the future
      what is "quantum thought", and how does one prove that anticipating a problem increases its likelihood of occurrence, rather than prompting measures that decrease that likelihood?
      Rate this comment: 12345

      mbloore
      06/17/2008
      Posts:28
      Avg Rating:
      4/5
      • Re: Non-issue in the future
        Quantum thought; quantum theory. Whichever term you prefer.  It's explained in the texts of quantum physicists dealing with quantum theory and is at a point where science is beginning to acknowledge the vastness and reality of a spiritual world.  Here the basic premise is that "thought determines action" and thought has already been proven to be a physical substance.  Without going there and creating an argument, which I am not really interested in, I'm just suggesting that if we focus on the technologies that DO ALREADY EXIST which provide us in excess of 100-200 mpbs rates, we would be making more progress with humanity than trying to tweak something that we are only dealing with because of the false limitations of economics.  And yes, by working to "prevent" something we in fact only bring this dreaded thing we are trying to prevent closer to reality.  This is a known strategy of propagandists since Edward Bernays.  Why do you think there's so much talk about "Stop war"?  If we focused on "make peace" instead, you would see a different, kinder more peaceful world (but who in power would profit from that?).  This is fact, and words do matter, as do your thoughts, so please think nice!
        Rate this comment: 12345

        johnalphonse
        06/19/2008
        Posts:78
        Avg Rating:
        2/5
Reply

Log In

Forgot your password?     Register »
Advertisement

Videos
Latest Videos
The Marcellus Shale Gas Rush

Top Stories Of The Day

Technology Review November/December 2009

Current Issue

Natural Gas Changes the Energy Map
The United States has vast supplies of this cleaner fossil fuel. But how should we use it?
Featured Content
Sponsored by:
White Papers

Twelve ways to reduce costs with SQL Server 2008
Find out how to reduce costs and get more efficient

Download

Total Economic Impact of SQL Server 2008 Upgrade
Forrester reports on increasing productivity and management capabilities

Download 

Achieving Cost and Resource Savings with UC
How Office Communications Server R2 and Exchange Server can make your business smarter and more efficient

Download 

The Compelling Case for Conferencing
Read how you can improve workload support and find IT efficiencies

Download

How Windows Server 2008 R2 Helps Optimize IT and Save you Money
Read how you can improve workload support and find IT efficiencies

Download

Windows Server 2008 R2 Hyper-V Live Migration
See how Windows Server 2008 R2 and Hyper-V enable virtualization and Live Migration

Download

RSS Feeds

xml icon TR Top Stories
xml icon TR Editors' Blog
xml icon TR Video Blog
xml icon TR Video
Advertisement
Subscribe to Technology Review's daily e-mail update. Enter your e-mail address

TECHNOLOGY RESOURCES
Advertisement
MIT Massachusetts Institute of Technology © 2009 Technology Review. All Rights Reserved.