Practical Attacks Against Encrypted VoIP Communications presented at HITBSecConf Malaysia 2013

by Dominic Chell, Shaun Colley,

Summary : Due to the often-sensitive nature of VoIP calls, it is well understood that packets in VoIP sessions should be encrypted in the interests of secrecy and confidentiality. The privacy associated with popular VoIP software is increasingly a concern not only for individuals but also for corporations whose data may be discussed via VoIP phone calls, especially in light of the recent PRISM hype.
This work evaluates voice data privacy within popular VoIP software using Microsoft’s Skype as a case study; in particular, we use statistical models and other natural language processing-like methods to spot known phrases in encrypted VoIP conversations in real-time. We then develop the techniques further to facilitate recovery of spoken phonemes to a degree of accuracy such that parts of live conversations can be recovered from encrypted VoIP streams. We take these concepts from theory to practice by presenting live proof-of-concept demonstrations, with these tools being publicly released at the end of the talk.
Furthermore, we discuss and develop how these principles may be applied to other networking protocols such that a loss of privacy or security compromise may occur.