Hooked On Phonics: Learning to Read Encrypted VoIP Conversations
University of North Carolina at Chapel Hill
Thursday, December 1, 2011
NSF Stafford I, Room 110
Over the past decade, Voice-over-IP (VoIP) telephony has witnessed spectacular growth. Today, VoIP is being used everywhere, and is making steady headway as a replacement for traditional telephony in both the residential and commercial sectors. Yet, even with this widespread adoption, the security and privacy implications of VoIP are still not well understood. In this talk we will explore why current practices for encrypting VoIP packets are insufficient for ensuring privacy. In particular, we will examine how two common design decisions made in VoIP protocols---namely, the use of variable-bit-rate (VBR) codecs for speech encoding and length-preserving stream ciphers for encryption---interact to leak substantial information about a given conversation. More specifically, I will recap our recent attempts to reconstruct a hypothesized transcript of a conversation from a bottom up approach that has striking parallels to how infants find words in a speech stream. Time permitting, I'll share some interesting stories about the events that unfolded since publication of our work.
To watch the recorded presentation, register at: https://mmancusa.webex.com/mmancusa/j.php?ED=174395792&RG=1&UID=0&RT=MiMxMQ%3D%3D
Fabian Monrose is an Associate Professor of Computer Science at University of North Carolina at Chapel Hill. Prior to joining UNC, he was an Associate Professor at Johns Hopkins University, and a founding member of the Johns Hopkins Information Security Institute. From 1999-2002, he was a member of technical staff at Bell Labs, Lucent Technologies. He has received several awards including a National Science Foundation CAREER award in 2006, and best paper awards at flagship security conferences including IEEE Security and Privacy and USENIX Security Symposium. He received his Ph.D. and M.Sc. from the Courant Institute of Mathematical Sciences at New York University.
Like the speaker before him, he does not like writing about himself in the third person.