Skip to main content
SpringerLink
Log in

Evaluating the Privacy Properties of Secure VoIP Metadata

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11033))

Included in the following conference series:

  • 1207 Accesses

Abstract

Some governments do not consider metadata as personal data, and so not in the scope of privacy regulations. However, often, metadata gives more relevant information than the actual content itself. Metadata can be very useful to identify, locate, understand and manage personal data, i.e., information that is eminently private in nature and under most privacy regulation should be anonymized or deleted if users have not give their consent. In voice calls, we are facing a critical situation in terms of privacy, as metadata can identify who calls to whom and the duration of the call, for example. In this work, we investigate privacy properties of voice calls metadata, in particular when using secure VoIP, giving evidence of the ability to extract sensitive information from its (“secure”) metadata. We find that ZRTP metadata is freely available to any client on the network, and that users can be re-identified by any user with access to the network. Also, we propose a solution for this problem, suitable for all the ZRTP-based implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    SIP is a third party server that allows the peer discovery and negotiation, in the case of ZRTP does not interact with the key negotiation.

References

  1. Gruber, A., Ben-Gal, I.: Using targeted Bayesian network learning for suspect identification in communication networks. Int. J. Inf. Secur. 17(2), 169–181 (2018)

    Article  Google Scholar 

  2. de Montjoye, Y.-A., et al.: openPDS: protecting the privacy of metadata through safeanswers. PloS One 9(7), e98790 (2014)

    Article  Google Scholar 

  3. LinPhone Open source VOIP project (2017). http://www.linphone.org/. Accessed 29 Mar 2018

  4. Moscaritolo, V., Belvin, G., Zimmermann, P.: Silent circle instant messaging protocol protocol specification. Online, White Paper (2012)

    Google Scholar 

  5. Silent Circle (2018). https://www.silentcircle.com/. Accessed 29 Mar 2018

  6. Zimmermann, P., Johnston, A., Callas, J.: ZRTP: media path key agreement for unicast secure RTP. No. RFC 6189 (2011)

    Google Scholar 

  7. Greschbach, B., Kreitz, G., Buchegger, S.: The devil is in the metadata—new privacy challenges in decentralised online social networks. In: 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops). IEEE (2012)

    Google Scholar 

  8. Tesic, J.: Metadata practices for consumer photos. IEEE MultiMed. 12(3), 86–92 (2005)

    Article  Google Scholar 

  9. Mayer, J., Mutchler, P., Mitchell, J.C.: Evaluating the privacy properties of telephone metadata. Proc. Nat. Acad. Sci. 113(20), 5536–5541 (2016)

    Article  Google Scholar 

  10. Cole, D.: We kill people based on metadata. New York Rev. Books 10, 2014 (2014)

    Google Scholar 

  11. Furini, M., Tamanini, V.: Location privacy and public metadata in social media platforms: attitudes, behaviors and opinions. Multimed. Tools Appl. 74(21), 9795–9825 (2015)

    Article  Google Scholar 

  12. de Montjoye, Y.-A., Radaelli, L., Singh, V.K.: Unique in the shopping mall: on the reidentifiability of credit card metadata. Science 347(6221), 536–539 (2015)

    Article  Google Scholar 

  13. Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: IEEE Symposium on Security and Privacy, SP 2008. IEEE (2008)

    Google Scholar 

  14. Scapy: the Python-based interactive packet manipulation program and library (2015). https://github.com/secdev/scapy/

  15. Schrmann, D., et al.: Wiretapping end-to-end encrypted VoIP calls: real-world attacks on ZRTP. Proc. Priv. Enhanc. Technol. 2017(3), 4–20 (2017)

    Article  Google Scholar 

  16. Petraschek, M., et al.: Security and usability aspects of man-in-the-middle attacks on ZRTP. J. UCS 14(5), 673–692 (2008)

    Google Scholar 

  17. Werner Dittmann, ZRTPCPP (2018). https://github.com/wernerd/ZRTPCPP

  18. PJSIP version, teluu. http://www.pjsip.org/

  19. Toole, J.L., et al.: Tracking employment shocks using mobile phone data. J. Roy. Soc. Interface 12(107), 20150185 (2015)

    Article  Google Scholar 

  20. Arai, A., et al.: Understanding user attributes from calling behavior: exploring call detail records through field observations. In: Proceedings of the 12th International Conference on Advances in Mobile Computing and Multimedia. ACM (2014)

    Google Scholar 

  21. de Montjoye, Y.-A., Quoidbach, J., Robic, F., Pentland, A.S.: Predicting personality using novel mobile phone-based metrics. In: Greenberg, A.M., Kennedy, W.G., Bos, N.D. (eds.) SBP 2013. LNCS, vol. 7812, pp. 48–55. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37210-0_6

    Chapter  Google Scholar 

  22. Chittaranjan, G., Blom, J., Gatica-Perez, D.: Mining large-scale smartphone data for personality studies. Pers. Ubiquit. Comput. 17(3), 433–450 (2013)

    Article  Google Scholar 

  23. Zhong, E., et al.: User demographics prediction based on mobile data. Pervasive Mobile Comput. 9(6), 823–837 (2013)

    Article  Google Scholar 

  24. Alvanos, D., Limniotis, K., Stavrou, S.: On the cryptographic features of a VoIP service. Cryptography 2(1), 3 (2018)

    Article  Google Scholar 

Download references

Acknowledgements

This work is partially funded by the ERDF through the COMPETE 2020 Programme within project POCI-01-0145-FEDER-006961, and by National Funds through the FCT as part of project UID/EEA/50014/2013.

The work of João S. Resende was supported by a scholarship from the Fundação para a Ciência e Tecnologia (FCT), Portugal (scholarship number PD/BD/128149/2016).

The work of Patrícia R. Sousa and Luís Antunes was supported by Project “NanoSTIMA: Macro-to-Nano Human Sensing: Towards Integrated Multimodal Health Monitoring and Analytics/NORTE-01-0145-FEDER-000016”, financed by the North Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, and through the European Regional Development Fund (ERDF).

Author information

Authors and Affiliations

  1. Department of Computer Science, Faculty of Science, University of Porto, Porto, Portugal

    João S. Resende, Patrícia R. Sousa & Luís Antunes

Authors
  1. João S. Resende
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Patrícia R. Sousa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luís Antunes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to João S. Resende .

Editor information

Editors and Affiliations

  1. University of Plymouth, Plymouth, United Kingdom

    Steven Furnell

  2. University of Brighton, Brighton, United Kingdom

    Haralambos Mouratidis

  3. Universität Regensburg, Regensburg, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Resende, J.S., Sousa, P.R., Antunes, L. (2018). Evaluating the Privacy Properties of Secure VoIP Metadata. In: Furnell, S., Mouratidis, H., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2018. Lecture Notes in Computer Science(), vol 11033. Springer, Cham. https://doi.org/10.1007/978-3-319-98385-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-98385-1_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-98384-4

  • Online ISBN: 978-3-319-98385-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation