{"id":162,"date":"2011-03-22T13:20:37","date_gmt":"2011-03-22T17:20:37","guid":{"rendered":"http:\/\/www.digitalundercurrents.com\/blog\/?p=162"},"modified":"2011-03-22T13:20:37","modified_gmt":"2011-03-22T17:20:37","slug":"voip-encryption-vulnerability","status":"publish","type":"post","link":"http:\/\/www.digitalundercurrents.com\/blog\/?p=162","title":{"rendered":"VoIP Encryption Vulnerability"},"content":{"rendered":"<p>It&#8217;s a well-known fact that conversations using Voice-over-IP (VoIP) technologies need to be encrypted to ensure privacy; after all, tools like Wireshark offer special modes for reconstructing a phone conversation from a packet capture. But according to <a href=\"http:\/\/j.mp\/gLgRfD\">this paper<\/a> (warning: PDF file), encryption might not be enough.<\/p>\n<p>From the paper abstract:<\/p>\n<blockquote><p>Despite the rapid adoption of Voice over IP<br \/>\n(VoIP), its security implications are not yet fully un-<br \/>\nderstood. Since VoIP calls may traverse untrusted<br \/>\nnetworks, packets should be encrypted to ensure<br \/>\nconfidentiality. However, we show that when the<br \/>\naudio is encoded using variable bit rate codecs, the<br \/>\nlengths of encrypted VoIP packets can be used to<br \/>\nidentify the phrases spoken within a call. Our re-<br \/>\nsults indicate that a passive observer can identify<br \/>\nphrases from a standard speech corpus within en-<br \/>\ncrypted calls with an average accuracy of 50%, and<br \/>\nwith accuracy greater than 90% for some phrases.<br \/>\nClearly, such an attack calls into question the effi-<br \/>\ncacy of current VoIP encryption standards. In ad-<br \/>\ndition, we examine the impact of various features of<br \/>\nthe underlying audio on our performance and dis-<br \/>\ncuss methods for mitigation.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s a well-known fact that conversations using Voice-over-IP (VoIP) technologies need to be encrypted to ensure privacy; after all, tools like Wireshark offer special modes for reconstructing a phone conversation from a packet capture. But according to this paper (warning: PDF file), encryption might not be enough. From the paper abstract: Despite the rapid adoption [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,9],"tags":[],"class_list":["post-162","post","type-post","status-publish","format-standard","hentry","category-exploits","category-networking"],"_links":{"self":[{"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/162","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=162"}],"version-history":[{"count":0,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/162\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=162"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.digitalundercurrents.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}