SlideShare ist ein Scribd-Unternehmen logo

Practical Attacks Against Encrypted VoIP Communications

I
iphonepentest

The slides from MDSec's presentation at HackInTheBox KUL 2013. The presentation describes attacks that can be used to deduce spoken conversations from encrypted VoIP communications. The presentation uses Skype as a case study.

TechnologieBusiness
1 von 62
Downloaden Sie, um offline zu lesen
Prac%cal  A)acks  Against   Encrypted  VoIP  Communica%ons   HITBSECCONF2013:  Malaysia   Shaun  Colley  &  Dominic  Chell     @domchell  @mdseclabs  
Agenda   •  This  is  a  talk  about  traffic  analysis  and  paHern   matching   •  VoIP  background   •  NLP  techniques   •  StaNsNcal  modeling   •  Case  studies  aka  “the  cool  stuff”  
Introduc%on   •  VoIP  is  a  popular  replacement  for  tradiNonal   copper-­‐wire  telephone  systems   •  Bandwidth  efficient  and  low  cost   •  Privacy  has  become  an  increasing  concern   •  Generally  accepted  that  encrypNon  should  be   used  for  end-­‐to-­‐end  security   •  But  even  if  it’s  encrypted,  is  it  secure?  
Why?   •  Widespread  accusaNons  of  wiretapping   •  Leaked  documents  allegedly  claim  NSA  &  GCHQ   have  some  “capability”  against  encrypted  VoIP   •  “The  fact  that  GCHQ  or  a  2nd  Party  partner  has  a   capability  against  a  specific  the  encrypted  used  in   a  class  or  type  of  network  communica@ons   technology.  For  example,  VPNs,  IPSec,  TLS/SSL,   HTTPS,  SSH,  encrypted  chat,  encrypted  VoIP”.  
Previous  Work   •  LiHle  work  has  been  done  by  the  security   community   •  Some  interesNng  academic  research   –  Uncovering  Spoken  Phrases  in  Encrypted  Voice  over  IP   CommunicaNons:  Wright,  Ballard,  Coull,  Monrose,  Masson   –  Uncovering  Spoken  Phrases  in  Encrypted  VoIP   ConversaNons:  Doychev,  Feld,  Eckhardt,  Neumann   •  Not  widely  publicised   •  No  proof  of  concepts  
Background:   VoIP  
VoIP  Communica%ons   •  Similar  to  tradiNonal  digital  telephony,  VoIP   involves  signalling,  session  iniNalisaNon  and   setup  as  well  as  encoding  of  the  voice  signal   •  Separated  in  to  two  channels  that  perform   these  acNons:   –  Control  channel   –  Data  channel  
Control  Channel   •  Operates  at  the  applicaNon-­‐layer   •  Handles  call  setup,  terminaNon  and  other   essenNal  aspects  of  the  call   •  Uses  a  signalling  protocol  such  as:   –  Session  IniNaNon  Protocol  (SIP)   –  Extensible  Messaging  and  Presence  Protocol   (XMPP)   –  H.323   –  Skype  
Control  Channel   •  Handles  sensiNve  call  data  such  as  source  and   desNnaNon  endpoints,  and  can  be  used  for   modifying  exisNng  calls   •  Typically  protected  with  encrypNon,  for   example  SIPS  which  adds  TLS   •  Ocen  used  to  establish  the  the  direct  data   connecNon  for  the  voice  traffic  in  the  data   channel  
Data  Channels   •  The  primary  focus  of  our  research   •  Used  to  transmit  encoded  and  compressed   voice  data   •  Typically  over  UDP   •  Voice  data  is  transported  using  a  transport   protocol  such  as  RTP    
Data  Channels   •  Commonplace  for  VoIP  implementaNons  to   encrypt  the  data  flow  for  confidenNality   •  A  common  implementaNon  is  Secure  Real-­‐ Time  Transport  Protocol  (SRTP)   •  By  default  will  preserve  the  original  RTP   payload  size   •  “None  of  the  pre-­‐defined  encryp@on   transforms  uses  any  padding;  for  these,  the   RTP  and  SRTP  payload  sizes  match  exactly.”  
Background:   Codecs  
Codecs   •  Used  to  convert  the  analogue  voice  signal  in   to  a  digitally  encoded  and  compressed   representaNon   •  Codecs  strike  a  balance  between  bandwidth   limitaNons  and  voice  quality   •  We’re  mostly  interested  in  Variable  Bit  Rate   (VBR)  codecs  
Variable  Bitrate  Codecs   •  The  codec  can  dynamically  modify  the  bitrate   of  the  transmiHed  stream   •  Codecs  like  Speex  will  encode  sounds  at   different  bitrates   •  For  example,  fricaNves  may  be  encoded  at     lower  bitrates  than  vowels    
Variable  Bitrate  Codecs   •  The  primary  benefit  from  VBR  is  a  significantly   beHer  quality-­‐to-­‐bandwidth  raNo  compared  to   CBR   •  Desirable  in  low  bandwidth  environments   –  Cellular   –  Slow  WiFi  
Background:   NLP  and  Sta%s%cal  Analysis  
Natural  Language  Processing   •  Research  techniques  borrowed  from  NLP  and   bioinformaNcs   •  Primarily  the  use  of:   –  Profile  Hidden  Markov  Models   –  Dynamic  Time  Warping  
Hidden  Markov  Models   •  StaNsNcal  model  that  assigns  probabiliNes  to   sequences  of  symbols   •  TransiNons  from  Begin  state  (B)  to  End  state   (E)   •  Moves  from  state  to  state  randomly  but  in  line   with  transiNon  distribuNons   •  TransiNons  occur  independently  of  any   previous  choices  
Hidden  Markov  Models   •  The  model  will  conNnue  to  move  between   states  and  output  symbols  unNl  the  End  state   is  reached   •  The  emiHed  symbols  consNtute  the  sequence   Image  from  hHp://isabel-­‐drost.de/hadoop/slides/HMM.pdf  
Hidden  Markov  Models   •  A  number  of  possible  state  paths  from  B  to  E   •  Best  path  is  the  most  likely  path   •  The  Viterbi  algorithm  can  be  used  to  discover   the  most  probable  path   •  Viterbi,  Forward  and  Backward  algorithms  can   all  be  used  to  determine  probability  that  a   model  produced  an  output  sequence  
Hidden  Markov  Models   •  The  model  can  be  “trained”  by  a  collecNon  of   output  sequences   •  The  Baum-­‐Welch  algorithm  can  be  used  to   determine  probability  of  a  sequence  based  on   previous  sequences   •  In  the  context  of  our  research,  packet  lengths   can  be  used  as  the  sequences  
Profile  Hidden  Markov  Models   •  A  variaNon  of  HMM   •  Introduces  Insert  and  Deletes   •  Allows  the  model  to  idenNfy  sequences  with   Inserts  or  Deletes   •  ParNcularly  relevant  to  analysis  of  audio   codecs  where  idenNcal  uHerances  of  the  same   phrase  by  the  same  speaker  are  unlikely  to   have  idenNcal  paHerns  
Profile  Hidden  Markov  Models   •  Consider  a  model  trained  to  recognise:   A  B  C  D     •  The  model  can  sNll  recognise  paHerns  with   inser&on:   A  B  X  C  D     •  Or  paHerns  with  dele&on:   A  B  C  
Dynamic  Time  Warping   •  Largely  replaced  by  HMMs   •  Measures  similarity  in  sequences  that  vary  in   Nme  or  speed   •  Commonly  used  in  speech  recogniNon   •  Useful  in  our  research  because  of  the   temporal  element   •  A  packet  capture  is  essenNally  a  Nme  series  
Dynamic  Time  Warping   •  Computes  a  ‘distance’  between  two  Nme   series  –  DTW  distance   •  Different  to  Euclidean  distance   •  The  DTW  distance  can  be  used  as  a  metric  for   ‘closeness’  between  the  two  Nme  series  
Dynamic  Time  Warping  -­‐  Example   •  Consider  the  following  sequences:   –  0  0  0  4  7  14  26  23  8  3  2  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0     –  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  5  6  13  25  24  9  4  2  0  0  0  0  0     •  IniNal  analysis  suggests  they  are  very  different,  if  comparing  from   the  entry  points.   •  However  there  are  some  similar  characterisNcs:   –  Similar  shape   –  Peaks  at  around  25   –  Could  represent  the  same  sequence,  but  at  different  Nme   offsets?   30   25   20   15   Series1   10   Series3   5   0   1   2   3   4   5   6   7   8   9  10  11   12  13  14  15   16  17  18  19   20  21   22  23  24  25   26  27  28  29   30  
Side  Channel  A)acks  
Side  Channel  A)acks   •  Usually  connecNons  are  peer-­‐to-­‐peer   •  We  assume  that  encrypted  VoIP  traffic  can  be  captured:   –  Man-­‐in-­‐the-­‐middle   –  Passive  monitoring   •  Not  beyond  the  realms  of  possibility:   –  “GCHQ  taps  fibre-­‐opNc  cables”   hHp://www.theguardian.com/uk/2013/jun/21/gchq-­‐cables-­‐ secret-­‐world-­‐communicaNons-­‐nsa   –  “China  hijacked  Internet  traffic” hHp://www.zdnet.com/china-­‐hijacked-­‐uk-­‐internet-­‐traffic-­‐says-­‐ mcafee-­‐3040090910/  
Side  Channel  A)acks   •  But  what  can  we  get  from  just  a  packet   capture?  
Side  Channel  A)acks   •  Source  and  DesNnaNon  endpoints   –  Educated  guess  at  language  being  spoken   •  Packet  lengths   •  Timestamps  
Side  Channel  A)acks   •  So  what?......   •  We  now  know  VBR  codecs  encode  different   sounds  at  variable  bit  rates   •  We  now  know  some  VoIP  implementaNons   use  a  length  preserving  cipher  to  encrypt   voice  data  
Side  Channel  A)acks     Variable  Bit  Rate  Codec                                            +   Length  Preserving  Cipher  =  
Case  Study  
Skype  Case  Study   •  ConnecNons  are  peer-­‐to-­‐peer   •  Uses  the  Opus  codec  (RFC  6716):   “Opus  is  more  efficient  when  opera@ng  with  variable   bitrate  (VBR)  which  is  the  default”   •  Skype  uses  AES  encrypNon  in  integer  counter   mode   •  The  resulNng  packets  are  not  padded  up  to   size  boundaries  
Skype  Case  Study  
Skype  Case  Study   •  Although  similar  phrases  will  produce  a  similar   paHern,  they  won’t  be  idenNcal:   –  Background  noise   –  Accents   –  Speed  at  which  they’re  spoken   •  Simple  substring  matching  won’t  work!  
Skype  Case  Study   •  The  two  approaches  we  chose  make  use  of   the  NLP  techniques:   –  Profile  Hidden  Markov  Models   –  Dynamic  Time  Warping  
Skype  Case  Study   •  Both  approaches  are  similar  and  can  be  broken  down   in  the  following  steps:   –  Train  the  model  for  the  target  phrase   –  Capture  the  Skype  traffic   –  “Ask”  the  model  if  it’s  likely  to  contain  the  target  phrase  
Skype  Case  Study  -­‐  Training   •  To  “train”  the  model,  a  lot  of  test  data  is  required   •  We  used  the  TIMIT  Corpus  data   •  Recordings  of  630  speakers  of  eight  major  dialects  of   American  English   •  Each  speaker  reads  a  number  of  “phoneNcally  rich”   sentences  
Skype  Case  Study  -­‐  TIMIT   “Why  do  we  need  bigger  and  beHer  bombs?”      
Skype  Case  Study  -­‐  TIMIT   “He  ripped  down  the  cellophane  carefully,  and  laid  three  dogs   on  the  Nn  foil.”      
Skype  Case  Study  -­‐  TIMIT   “That  worm  a  murderer?”      
Skype  Case  Study  -­‐  Training   •  To  collect  the  data  we  played  each  of  the  phrases   over  a  Skype  session  and  logged  the  packets  using   tcpdump   for((a=0;a<400;a++)); do / Applications/VLC.app/Contents/MacOS/ VLC --no-repeat -I rc --play-and-exit $a.rif ; echo "$a " ; sleep 5 ; done !
Skype  Case  Study  -­‐  Training   •  PCAP  file  containing  ~400  occurrences  of  the  same   spoken  phrase   •  “Silence”  must  be  parsed  out  and  removed   •  Fairly  easy  -­‐  generally,  silence  observed  to  be  less   than  80  bytes   •  Unknown  spikes  to  ~100  during  silence  phases  
Skype  Case  Study  -­‐  Silence   Short  excerpt  of  Skype  traffic  of  the  same  recording  captured  3  Nmes,   each  separated  by  5  seconds  of  silence:  
Skype  Case  Study  -­‐  Silence   Approach  to  idenNfy  and  remove   the  silence:   –  Find  sequences  of  packets  below   the  silence  threshold,  ~80  bytes   –  Ignore  spikes  when  we’re  in  a   silence  phase  (i.e.  20  conNnuous   packets  below  the  silence   threshold)   –  Delete  the  silence  phase   –  Insert  a  marker  to  separate  the   speech  phases  –  integer  222,  in   our  case   –  This  leaves  us  with  just  the  speech   phases…..  
Skype  Case  Study  -­‐  Silence  
Skype  Case  Study  –  PHMM  A)ack     •  Biojava  provides  a  useful  open  source  framework   –  Classes  for  Profile  HMM  modeling   –  BaumWelch  for  training   –  A  dynamic  matrix  programming  class  (DP)  for  calling  into   Viterbi  for  sequence  analysis  on  the  PHMM   •  We  chose  this  library  to  implement  our  aHack  
Skype  Case  Study  –  PHMM  A)ack     •  Train  the  ProfileHMM  object  using  the  Baum  Welch   •  Query  Viterbi  to  calculate  a  log-­‐odds   •  Compare  the  log-­‐odds  score  to  a  threshold   •  If  above  threshold  we  have  a  possible  match   •  If  not,  the  packet  sequence  was  probably  not  the  target   phrase  
Skype  Case  Study  –  DTW  A)ack     •  Same  training  data  as  PHMM   •  Remove  silence  phases   •  Take  a  prototypical  sequence  and  calculate  DTW   distance  of  all  training  data  from  it   •  Determine  a  typical  distance  threshold   •  Calculate  DTW  distance  for  test  sequence  and   compare  to  threshold   •  If  the  distance  is  within  the  threshold  then  likely   match  
PHMM  Demonstra%on  
Skype  Case  Study  –  Pre  Tes%ng        
Skype  Case  Study  –  Post  Tes%ng   Cypher:  “I  don’t  even  see  the  code.  All  I  see  is  blonde,   bruneHe,  red-­‐head”  
PHMM  Sta%s%cs   •  Recall  rate  of  approximately  80%   •  False  posiNve  rate  of  approximately  20%   •  PhoneNcally  richer  phrases  will  yield  lower  false   posiNves   •  TIMIT  corpus:  “Young  children  should  avoid   exposure  to  contagious  diseases”  
DTW  Results   •  Similarly  to  PHMM  results,  ~80%  recall  rate   •  False  posiNve  rate  of  20%  and  under  –  again,  as  long   as  your  training  data  is  good.  
Silent  Circle  -­‐  Results   •  Not  vulnerable  –  all  data  payload  lengths  are  176  bytes  in   length!  
Wrapping  up  
Preven%on   •  Some  guidance  in  RFC656216     •  Padding  the  RTP  payload  can  provide  a  reducNon  in   informaNon  leakage   •  Constant  bitrate  codecs  should  be  negoNated  during   session  iniNaNon  
Further  work   •  Assess  other  implementaNons   –  Google  Talk   –  Microsoc  Lync   –  Avaya  VoIP  phones   –  Cisco  VoIP  phones   –  Apple  FaceTime   •  According  to  Wikipedia,  uses  RTP  and  SRTP…Vulnerable?   •  Improvements  to  the  algorithms  -­‐  Apply  the  Kalman   filter?  
Conclusions   •  Variable  bitrate  codecs  are  unsafe  for  sensiNve  VoIP   transmission   •  It  is  possible  to  deduce  spoken  conversaNons  in   encrypted  VoIP   •  VBR  with  length  preserving  encrypted  transports  like   SRTP  should  be  avoided   •  Constant  bitrate  codecs  should  be  used  where  possible  
@domchell  @MDSecLabs  

Empfohlen

44Con 2014: GreedyBTS - Hacking Adventures in GSM
44Con 2014: GreedyBTS - Hacking Adventures in GSM44Con 2014: GreedyBTS - Hacking Adventures in GSM
44Con 2014: GreedyBTS - Hacking Adventures in GSM
iphonepentest
 
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON
 
Abusing Calypso Phones
Abusing Calypso PhonesAbusing Calypso Phones
Abusing Calypso Phones
Positive Hack Days
 
Osmocom
OsmocomOsmocom
Osmocom
0xDEADC0DE
 
User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...
Siddharth Rao
 
IT6601 Mobile Computing Unit III
IT6601 Mobile Computing Unit IIIIT6601 Mobile Computing Unit III
IT6601 Mobile Computing Unit III
pkaviya
 
Gsm
GsmGsm
Gsm
Bala V
 
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
EC-Council
 

Empfohlen

44Con 2014: GreedyBTS - Hacking Adventures in GSM
44Con 2014: GreedyBTS - Hacking Adventures in GSM44Con 2014: GreedyBTS - Hacking Adventures in GSM
44Con 2014: GreedyBTS - Hacking Adventures in GSM
iphonepentest
 
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON 2014 - GreedyBTS: Hacking Adventures in GSM, Hacker Fantastic
44CON
 
Abusing Calypso Phones
Abusing Calypso PhonesAbusing Calypso Phones
Abusing Calypso Phones
Positive Hack Days
 
Osmocom
OsmocomOsmocom
Osmocom
0xDEADC0DE
 
User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...
Siddharth Rao
 
IT6601 Mobile Computing Unit III
IT6601 Mobile Computing Unit IIIIT6601 Mobile Computing Unit III
IT6601 Mobile Computing Unit III
pkaviya
 
Gsm
GsmGsm
Gsm
Bala V
 
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
EC-Council
 
VoLTE Flows and CS network
VoLTE Flows and CS networkVoLTE Flows and CS network
VoLTE Flows and CS network
Karel Berkovec
 
Class 1
Class 1Class 1
Class 1
5strikers
 
GSM & CDMA TECHNOL
GSM & CDMA TECHNOLGSM & CDMA TECHNOL
GSM & CDMA TECHNOL
Shalini Toluchuri
 
Lectures on 2 g,3g,3.5g,4g
Lectures on 2 g,3g,3.5g,4gLectures on 2 g,3g,3.5g,4g
Lectures on 2 g,3g,3.5g,4g
ProfArshadAbbas
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) Networks
Naveen Kumar
 
Wireless networking
Wireless networkingWireless networking
Wireless networking
METHODIST COLLEGE OF ENGG & TECH
 
IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA Global
Gaganpreet Singh Walia
 
ppt on GSM architechture
ppt on GSM architechtureppt on GSM architechture
ppt on GSM architechture
Hina Saxena
 
2 g 3g_4g_tutorial
2 g 3g_4g_tutorial2 g 3g_4g_tutorial
2 g 3g_4g_tutorial
nithyasukumar05
 
1cellulñar network
1cellulñar network1cellulñar network
1cellulñar network
Emiii
 
Telecom journey tutorial
Telecom journey tutorialTelecom journey tutorial
Telecom journey tutorial
Ravikant Sharma
 
cellular networks
cellular networks cellular networks
cellular networks
korevinaykumar
 
Introduction to GSM
Introduction to GSMIntroduction to GSM
Introduction to GSM
Shilpin Pvt. Ltd.
 
02 umts network architecturenew
02 umts network architecturenew02 umts network architecturenew
02 umts network architecturenew
sivakumar D
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the Planet
Positive Hack Days
 
Gsm an introduction....
Gsm an introduction....Gsm an introduction....
Gsm an introduction....
Shivalik college of engineering
 
Gsmadvanced
GsmadvancedGsmadvanced
Gsmadvanced
Mithilesh Waghmare
 
Gsm and Gprs Ppt
Gsm and Gprs PptGsm and Gprs Ppt
Gsm and Gprs Ppt
Dev Goel
 
Edge
EdgeEdge
Edge
Shashwat Shriparv
 
2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 72018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7
FRSecure
 
CISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranetsCISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranets
Karthikeyan Dhayalan
 
NWCRG-IAB-Review-IETF91.pdf
NWCRG-IAB-Review-IETF91.pdfNWCRG-IAB-Review-IETF91.pdf
NWCRG-IAB-Review-IETF91.pdf
ssuserf127b8
 

Weitere ähnliche Inhalte

Was ist angesagt?

IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA Global
Gaganpreet Singh Walia
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the Planet
Positive Hack Days
 

Was ist angesagt? (19)

VoLTE Flows and CS network
VoLTE Flows and CS networkVoLTE Flows and CS network
VoLTE Flows and CS network
 
Class 1
Class 1Class 1
Class 1
 
GSM & CDMA TECHNOL
GSM & CDMA TECHNOLGSM & CDMA TECHNOL
GSM & CDMA TECHNOL
 
Lectures on 2 g,3g,3.5g,4g
Lectures on 2 g,3g,3.5g,4gLectures on 2 g,3g,3.5g,4g
Lectures on 2 g,3g,3.5g,4g
 
Security in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) NetworksSecurity in GSM(2G) and UMTS(3G) Networks
Security in GSM(2G) and UMTS(3G) Networks
 
Wireless networking
Wireless networkingWireless networking
Wireless networking
 
IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA Global
 
ppt on GSM architechture
ppt on GSM architechtureppt on GSM architechture
ppt on GSM architechture
 
2 g 3g_4g_tutorial
2 g 3g_4g_tutorial2 g 3g_4g_tutorial
2 g 3g_4g_tutorial
 
1cellulñar network
1cellulñar network1cellulñar network
1cellulñar network
 
Telecom journey tutorial
Telecom journey tutorialTelecom journey tutorial
Telecom journey tutorial
 
cellular networks
cellular networks cellular networks
cellular networks
 
Introduction to GSM
Introduction to GSMIntroduction to GSM
Introduction to GSM
 
02 umts network architecturenew
02 umts network architecturenew02 umts network architecturenew
02 umts network architecturenew
 
How to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the PlanetHow to Intercept a Conversation Held on the Other Side of the Planet
How to Intercept a Conversation Held on the Other Side of the Planet
 
Gsm an introduction....
Gsm an introduction....Gsm an introduction....
Gsm an introduction....
 
Gsmadvanced
GsmadvancedGsmadvanced
Gsmadvanced
 
Gsm and Gprs Ppt
Gsm and Gprs PptGsm and Gprs Ppt
Gsm and Gprs Ppt
 
Edge
EdgeEdge
Edge
 

Ähnlich wie Practical Attacks Against Encrypted VoIP Communications

Wpmc2004 phy protection
Wpmc2004 phy protectionWpmc2004 phy protection
Wpmc2004 phy protection
Arpan Pal
 
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
Mathavan N
 
L1 by-mr
L1 by-mrL1 by-mr
L1 by-mr
wael-b1
 

Ähnlich wie Practical Attacks Against Encrypted VoIP Communications (20)

2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 72018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7
 
CISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranetsCISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranets
 
NWCRG-IAB-Review-IETF91.pdf
NWCRG-IAB-Review-IETF91.pdfNWCRG-IAB-Review-IETF91.pdf
NWCRG-IAB-Review-IETF91.pdf
 
LoRa online training for utility guys
LoRa online training for utility guysLoRa online training for utility guys
LoRa online training for utility guys
 
98 366 mva slides lesson 7
98 366 mva slides lesson 798 366 mva slides lesson 7
98 366 mva slides lesson 7
 
MVA slides lesson 7
MVA slides lesson 7MVA slides lesson 7
MVA slides lesson 7
 
8. TDM Mux_Demux.pdf
8. TDM Mux_Demux.pdf8. TDM Mux_Demux.pdf
8. TDM Mux_Demux.pdf
 
ch07.ppt
ch07.pptch07.ppt
ch07.ppt
 
Multi protocol label switching (mpls)
Multi protocol label switching (mpls)Multi protocol label switching (mpls)
Multi protocol label switching (mpls)
 
PWL Seattle #16 - Chord: A Scalable Peer-to-peer Lookup Protocol for Internet...
PWL Seattle #16 - Chord: A Scalable Peer-to-peer Lookup Protocol for Internet...PWL Seattle #16 - Chord: A Scalable Peer-to-peer Lookup Protocol for Internet...
PWL Seattle #16 - Chord: A Scalable Peer-to-peer Lookup Protocol for Internet...
 
Week 3
Week 3Week 3
Week 3
 
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoQuantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
 
Voip
VoipVoip
Voip
 
Distributed IP-PBX
Distributed IP-PBX Distributed IP-PBX
Distributed IP-PBX
 
Network Protocol
Network ProtocolNetwork Protocol
Network Protocol
 
Wpmc2004 phy protection
Wpmc2004 phy protectionWpmc2004 phy protection
Wpmc2004 phy protection
 
Chapter11
Chapter11Chapter11
Chapter11
 
Unit 2 sdr architecture
Unit 2 sdr architectureUnit 2 sdr architecture
Unit 2 sdr architecture
 
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
1fbciobmrrqmnlyjl1he-signature-a1b6820cbe628a2a167a0a81f2762fc8f340dd4b93d47a...
 
L1 by-mr
L1 by-mrL1 by-mr
L1 by-mr
 

Kürzlich hochgeladen

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Kürzlich hochgeladen (20)

HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Practical Attacks Against Encrypted VoIP Communications

  • 1. Prac%cal  A)acks  Against   Encrypted  VoIP  Communica%ons   HITBSECCONF2013:  Malaysia   Shaun  Colley  &  Dominic  Chell     @domchell  @mdseclabs  
  • 2. Agenda   •  This  is  a  talk  about  traffic  analysis  and  paHern   matching   •  VoIP  background   •  NLP  techniques   •  StaNsNcal  modeling   •  Case  studies  aka  “the  cool  stuff”  
  • 3. Introduc%on   •  VoIP  is  a  popular  replacement  for  tradiNonal   copper-­‐wire  telephone  systems   •  Bandwidth  efficient  and  low  cost   •  Privacy  has  become  an  increasing  concern   •  Generally  accepted  that  encrypNon  should  be   used  for  end-­‐to-­‐end  security   •  But  even  if  it’s  encrypted,  is  it  secure?  
  • 4. Why?   •  Widespread  accusaNons  of  wiretapping   •  Leaked  documents  allegedly  claim  NSA  &  GCHQ   have  some  “capability”  against  encrypted  VoIP   •  “The  fact  that  GCHQ  or  a  2nd  Party  partner  has  a   capability  against  a  specific  the  encrypted  used  in   a  class  or  type  of  network  communica@ons   technology.  For  example,  VPNs,  IPSec,  TLS/SSL,   HTTPS,  SSH,  encrypted  chat,  encrypted  VoIP”.  
  • 5. Previous  Work   •  LiHle  work  has  been  done  by  the  security   community   •  Some  interesNng  academic  research   –  Uncovering  Spoken  Phrases  in  Encrypted  Voice  over  IP   CommunicaNons:  Wright,  Ballard,  Coull,  Monrose,  Masson   –  Uncovering  Spoken  Phrases  in  Encrypted  VoIP   ConversaNons:  Doychev,  Feld,  Eckhardt,  Neumann   •  Not  widely  publicised   •  No  proof  of  concepts  
  • 7. VoIP  Communica%ons   •  Similar  to  tradiNonal  digital  telephony,  VoIP   involves  signalling,  session  iniNalisaNon  and   setup  as  well  as  encoding  of  the  voice  signal   •  Separated  in  to  two  channels  that  perform   these  acNons:   –  Control  channel   –  Data  channel  
  • 8. Control  Channel   •  Operates  at  the  applicaNon-­‐layer   •  Handles  call  setup,  terminaNon  and  other   essenNal  aspects  of  the  call   •  Uses  a  signalling  protocol  such  as:   –  Session  IniNaNon  Protocol  (SIP)   –  Extensible  Messaging  and  Presence  Protocol   (XMPP)   –  H.323   –  Skype  
  • 9. Control  Channel   •  Handles  sensiNve  call  data  such  as  source  and   desNnaNon  endpoints,  and  can  be  used  for   modifying  exisNng  calls   •  Typically  protected  with  encrypNon,  for   example  SIPS  which  adds  TLS   •  Ocen  used  to  establish  the  the  direct  data   connecNon  for  the  voice  traffic  in  the  data   channel  
  • 10. Data  Channels   •  The  primary  focus  of  our  research   •  Used  to  transmit  encoded  and  compressed   voice  data   •  Typically  over  UDP   •  Voice  data  is  transported  using  a  transport   protocol  such  as  RTP    
  • 11. Data  Channels   •  Commonplace  for  VoIP  implementaNons  to   encrypt  the  data  flow  for  confidenNality   •  A  common  implementaNon  is  Secure  Real-­‐ Time  Transport  Protocol  (SRTP)   •  By  default  will  preserve  the  original  RTP   payload  size   •  “None  of  the  pre-­‐defined  encryp@on   transforms  uses  any  padding;  for  these,  the   RTP  and  SRTP  payload  sizes  match  exactly.”  
  • 13. Codecs   •  Used  to  convert  the  analogue  voice  signal  in   to  a  digitally  encoded  and  compressed   representaNon   •  Codecs  strike  a  balance  between  bandwidth   limitaNons  and  voice  quality   •  We’re  mostly  interested  in  Variable  Bit  Rate   (VBR)  codecs  
  • 14. Variable  Bitrate  Codecs   •  The  codec  can  dynamically  modify  the  bitrate   of  the  transmiHed  stream   •  Codecs  like  Speex  will  encode  sounds  at   different  bitrates   •  For  example,  fricaNves  may  be  encoded  at     lower  bitrates  than  vowels    
  • 15.
  • 16. Variable  Bitrate  Codecs   •  The  primary  benefit  from  VBR  is  a  significantly   beHer  quality-­‐to-­‐bandwidth  raNo  compared  to   CBR   •  Desirable  in  low  bandwidth  environments   –  Cellular   –  Slow  WiFi  
  • 17. Background:   NLP  and  Sta%s%cal  Analysis  
  • 18. Natural  Language  Processing   •  Research  techniques  borrowed  from  NLP  and   bioinformaNcs   •  Primarily  the  use  of:   –  Profile  Hidden  Markov  Models   –  Dynamic  Time  Warping  
  • 19. Hidden  Markov  Models   •  StaNsNcal  model  that  assigns  probabiliNes  to   sequences  of  symbols   •  TransiNons  from  Begin  state  (B)  to  End  state   (E)   •  Moves  from  state  to  state  randomly  but  in  line   with  transiNon  distribuNons   •  TransiNons  occur  independently  of  any   previous  choices  
  • 20. Hidden  Markov  Models   •  The  model  will  conNnue  to  move  between   states  and  output  symbols  unNl  the  End  state   is  reached   •  The  emiHed  symbols  consNtute  the  sequence   Image  from  hHp://isabel-­‐drost.de/hadoop/slides/HMM.pdf  
  • 21. Hidden  Markov  Models   •  A  number  of  possible  state  paths  from  B  to  E   •  Best  path  is  the  most  likely  path   •  The  Viterbi  algorithm  can  be  used  to  discover   the  most  probable  path   •  Viterbi,  Forward  and  Backward  algorithms  can   all  be  used  to  determine  probability  that  a   model  produced  an  output  sequence  
  • 22. Hidden  Markov  Models   •  The  model  can  be  “trained”  by  a  collecNon  of   output  sequences   •  The  Baum-­‐Welch  algorithm  can  be  used  to   determine  probability  of  a  sequence  based  on   previous  sequences   •  In  the  context  of  our  research,  packet  lengths   can  be  used  as  the  sequences  
  • 23. Profile  Hidden  Markov  Models   •  A  variaNon  of  HMM   •  Introduces  Insert  and  Deletes   •  Allows  the  model  to  idenNfy  sequences  with   Inserts  or  Deletes   •  ParNcularly  relevant  to  analysis  of  audio   codecs  where  idenNcal  uHerances  of  the  same   phrase  by  the  same  speaker  are  unlikely  to   have  idenNcal  paHerns  
  • 24. Profile  Hidden  Markov  Models   •  Consider  a  model  trained  to  recognise:   A  B  C  D     •  The  model  can  sNll  recognise  paHerns  with   inser&on:   A  B  X  C  D     •  Or  paHerns  with  dele&on:   A  B  C  
  • 25. Dynamic  Time  Warping   •  Largely  replaced  by  HMMs   •  Measures  similarity  in  sequences  that  vary  in   Nme  or  speed   •  Commonly  used  in  speech  recogniNon   •  Useful  in  our  research  because  of  the   temporal  element   •  A  packet  capture  is  essenNally  a  Nme  series  
  • 26. Dynamic  Time  Warping   •  Computes  a  ‘distance’  between  two  Nme   series  –  DTW  distance   •  Different  to  Euclidean  distance   •  The  DTW  distance  can  be  used  as  a  metric  for   ‘closeness’  between  the  two  Nme  series  
  • 27. Dynamic  Time  Warping  -­‐  Example   •  Consider  the  following  sequences:   –  0  0  0  4  7  14  26  23  8  3  2  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0     –  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  0  5  6  13  25  24  9  4  2  0  0  0  0  0     •  IniNal  analysis  suggests  they  are  very  different,  if  comparing  from   the  entry  points.   •  However  there  are  some  similar  characterisNcs:   –  Similar  shape   –  Peaks  at  around  25   –  Could  represent  the  same  sequence,  but  at  different  Nme   offsets?   30   25   20   15   Series1   10   Series3   5   0   1   2   3   4   5   6   7   8   9  10  11   12  13  14  15   16  17  18  19   20  21   22  23  24  25   26  27  28  29   30  
  • 29. Side  Channel  A)acks   •  Usually  connecNons  are  peer-­‐to-­‐peer   •  We  assume  that  encrypted  VoIP  traffic  can  be  captured:   –  Man-­‐in-­‐the-­‐middle   –  Passive  monitoring   •  Not  beyond  the  realms  of  possibility:   –  “GCHQ  taps  fibre-­‐opNc  cables”   hHp://www.theguardian.com/uk/2013/jun/21/gchq-­‐cables-­‐ secret-­‐world-­‐communicaNons-­‐nsa   –  “China  hijacked  Internet  traffic” hHp://www.zdnet.com/china-­‐hijacked-­‐uk-­‐internet-­‐traffic-­‐says-­‐ mcafee-­‐3040090910/  
  • 30. Side  Channel  A)acks   •  But  what  can  we  get  from  just  a  packet   capture?  
  • 31. Side  Channel  A)acks   •  Source  and  DesNnaNon  endpoints   –  Educated  guess  at  language  being  spoken   •  Packet  lengths   •  Timestamps  
  • 32. Side  Channel  A)acks   •  So  what?......   •  We  now  know  VBR  codecs  encode  different   sounds  at  variable  bit  rates   •  We  now  know  some  VoIP  implementaNons   use  a  length  preserving  cipher  to  encrypt   voice  data  
  • 33. Side  Channel  A)acks     Variable  Bit  Rate  Codec                                            +   Length  Preserving  Cipher  =  
  • 35. Skype  Case  Study   •  ConnecNons  are  peer-­‐to-­‐peer   •  Uses  the  Opus  codec  (RFC  6716):   “Opus  is  more  efficient  when  opera@ng  with  variable   bitrate  (VBR)  which  is  the  default”   •  Skype  uses  AES  encrypNon  in  integer  counter   mode   •  The  resulNng  packets  are  not  padded  up  to   size  boundaries  
  • 37. Skype  Case  Study   •  Although  similar  phrases  will  produce  a  similar   paHern,  they  won’t  be  idenNcal:   –  Background  noise   –  Accents   –  Speed  at  which  they’re  spoken   •  Simple  substring  matching  won’t  work!  
  • 38. Skype  Case  Study   •  The  two  approaches  we  chose  make  use  of   the  NLP  techniques:   –  Profile  Hidden  Markov  Models   –  Dynamic  Time  Warping  
  • 39. Skype  Case  Study   •  Both  approaches  are  similar  and  can  be  broken  down   in  the  following  steps:   –  Train  the  model  for  the  target  phrase   –  Capture  the  Skype  traffic   –  “Ask”  the  model  if  it’s  likely  to  contain  the  target  phrase  
  • 40. Skype  Case  Study  -­‐  Training   •  To  “train”  the  model,  a  lot  of  test  data  is  required   •  We  used  the  TIMIT  Corpus  data   •  Recordings  of  630  speakers  of  eight  major  dialects  of   American  English   •  Each  speaker  reads  a  number  of  “phoneNcally  rich”   sentences  
  • 41. Skype  Case  Study  -­‐  TIMIT   “Why  do  we  need  bigger  and  beHer  bombs?”      
  • 42. Skype  Case  Study  -­‐  TIMIT   “He  ripped  down  the  cellophane  carefully,  and  laid  three  dogs   on  the  Nn  foil.”      
  • 43. Skype  Case  Study  -­‐  TIMIT   “That  worm  a  murderer?”      
  • 44. Skype  Case  Study  -­‐  Training   •  To  collect  the  data  we  played  each  of  the  phrases   over  a  Skype  session  and  logged  the  packets  using   tcpdump   for((a=0;a<400;a++)); do / Applications/VLC.app/Contents/MacOS/ VLC --no-repeat -I rc --play-and-exit $a.rif ; echo "$a " ; sleep 5 ; done !
  • 45. Skype  Case  Study  -­‐  Training   •  PCAP  file  containing  ~400  occurrences  of  the  same   spoken  phrase   •  “Silence”  must  be  parsed  out  and  removed   •  Fairly  easy  -­‐  generally,  silence  observed  to  be  less   than  80  bytes   •  Unknown  spikes  to  ~100  during  silence  phases  
  • 46. Skype  Case  Study  -­‐  Silence   Short  excerpt  of  Skype  traffic  of  the  same  recording  captured  3  Nmes,   each  separated  by  5  seconds  of  silence:  
  • 47. Skype  Case  Study  -­‐  Silence   Approach  to  idenNfy  and  remove   the  silence:   –  Find  sequences  of  packets  below   the  silence  threshold,  ~80  bytes   –  Ignore  spikes  when  we’re  in  a   silence  phase  (i.e.  20  conNnuous   packets  below  the  silence   threshold)   –  Delete  the  silence  phase   –  Insert  a  marker  to  separate  the   speech  phases  –  integer  222,  in   our  case   –  This  leaves  us  with  just  the  speech   phases…..  
  • 48. Skype  Case  Study  -­‐  Silence  
  • 49. Skype  Case  Study  –  PHMM  A)ack     •  Biojava  provides  a  useful  open  source  framework   –  Classes  for  Profile  HMM  modeling   –  BaumWelch  for  training   –  A  dynamic  matrix  programming  class  (DP)  for  calling  into   Viterbi  for  sequence  analysis  on  the  PHMM   •  We  chose  this  library  to  implement  our  aHack  
  • 50. Skype  Case  Study  –  PHMM  A)ack     •  Train  the  ProfileHMM  object  using  the  Baum  Welch   •  Query  Viterbi  to  calculate  a  log-­‐odds   •  Compare  the  log-­‐odds  score  to  a  threshold   •  If  above  threshold  we  have  a  possible  match   •  If  not,  the  packet  sequence  was  probably  not  the  target   phrase  
  • 51. Skype  Case  Study  –  DTW  A)ack     •  Same  training  data  as  PHMM   •  Remove  silence  phases   •  Take  a  prototypical  sequence  and  calculate  DTW   distance  of  all  training  data  from  it   •  Determine  a  typical  distance  threshold   •  Calculate  DTW  distance  for  test  sequence  and   compare  to  threshold   •  If  the  distance  is  within  the  threshold  then  likely   match  
  • 53. Skype  Case  Study  –  Pre  Tes%ng        
  • 54. Skype  Case  Study  –  Post  Tes%ng   Cypher:  “I  don’t  even  see  the  code.  All  I  see  is  blonde,   bruneHe,  red-­‐head”  
  • 55. PHMM  Sta%s%cs   •  Recall  rate  of  approximately  80%   •  False  posiNve  rate  of  approximately  20%   •  PhoneNcally  richer  phrases  will  yield  lower  false   posiNves   •  TIMIT  corpus:  “Young  children  should  avoid   exposure  to  contagious  diseases”  
  • 56. DTW  Results   •  Similarly  to  PHMM  results,  ~80%  recall  rate   •  False  posiNve  rate  of  20%  and  under  –  again,  as  long   as  your  training  data  is  good.  
  • 57. Silent  Circle  -­‐  Results   •  Not  vulnerable  –  all  data  payload  lengths  are  176  bytes  in   length!  
  • 59. Preven%on   •  Some  guidance  in  RFC656216     •  Padding  the  RTP  payload  can  provide  a  reducNon  in   informaNon  leakage   •  Constant  bitrate  codecs  should  be  negoNated  during   session  iniNaNon  
  • 60. Further  work   •  Assess  other  implementaNons   –  Google  Talk   –  Microsoc  Lync   –  Avaya  VoIP  phones   –  Cisco  VoIP  phones   –  Apple  FaceTime   •  According  to  Wikipedia,  uses  RTP  and  SRTP…Vulnerable?   •  Improvements  to  the  algorithms  -­‐  Apply  the  Kalman   filter?  
  • 61. Conclusions   •  Variable  bitrate  codecs  are  unsafe  for  sensiNve  VoIP   transmission   •  It  is  possible  to  deduce  spoken  conversaNons  in   encrypted  VoIP   •  VBR  with  length  preserving  encrypted  transports  like   SRTP  should  be  avoided   •  Constant  bitrate  codecs  should  be  used  where  possible