I Know Where You are and What You are Sharing: Exploiting P2P Communications to Invade Users' Privacy

In this paper, we show how to exploit real-time communication applications to determine the IP address of a targeted user. We focus our study on Skype, although other real-time communication applications may have similar privacy issues. We first design a scheme that calls an identified targeted user inconspicuously to find his IP address, which can be done even if he is behind a NAT. By calling the user periodically, we can then observe the mobility of the user. We show how to scale the scheme to observe the mobility patterns of tens of thousands of users. We also consider the linkability threat, in which the identified user is linked to his Internet usage. We illustrate this threat by combining Skype and BitTorrent to show that it is possible to determine the file-sharing usage of identified users. We devise a scheme based on the identification field of the IP datagrams to verify with high accuracy whether the identified user is participating in specific torrents. We conclude that any Internet user can leverage Skype, and potentially other real-time communication systems, to observe the mobility and file-sharing usage of tens of millions of identified users.Comment: This is the authors' version of the ACM/USENIX Internet Measurement Conference (IMC) 2011 pape

Detecting and Mitigating Denial-of-Service Attacks on Voice over IP Networks

Voice over IP (VoIP) is more susceptible to Denial of Service attacks than traditional data traffic, due to the former's low tolerance to delay and jitter. We describe the design of our VoIP Vulnerability Assessment Tool (VVAT) with which we demonstrate vulnerabilities to DoS attacks inherent in many of the popular VoIP applications available today. In our threat model we assume an adversary who is not a network administrator, nor has direct control of the channel and key VoIP elements. His aim is to degrade his victim's QoS without giving away his presence by making his attack look like a normal network degradation. Even black-boxed, applications like Skype that use proprietary protocols show poor performance under specially crafted DoS attacks to its media stream. Finally we show how securing Skype relays not only preserves many of its useful features such as seamless traversal of firewalls but also protects its users from DoS attacks such as recording of conversations and disruption of voice quality. We also present our experiences using virtualization to protect VoIP applications from 'insider attacks'. Our contribution is two fold we: 1) Outline a threat model for VoIP, incorporating our attack models in an open-source network simulator/emulator allowing VoIP vendors to check their software for vulnerabilities in a controlled environment before releasing it. 2) We present two promising approaches for protecting the confidentiality, availability and authentication of VoIP Services

24% of Internet Users Have Made Phone Calls Online

Presents survey findings about trends in Americans' use of Skype, Vonage, and other Voice over Internet Protocol services to make phone calls by gender, age, race/ethnicity, income, education, and community type

The Economics of “Wireless Net Neutrality”

None.

Evidences Behind Skype Outage

Skype is one of the most successful VoIP application in the current Internet spectrum. One of the most peculiar characteristics of Skype is that it relies on a P2P infrastructure for the exchange of signaling information amongst active peers. During August 2007, an unexpected outage hit the Skype overlay, yielding to a service blackout that lasted for more than two days: this paper aims at throwing light to this event. Leveraging on the use of an accurate Skype classification engine, we carry on an experimental study of Skype signaling during the outage. In particular, we focus on the signaling traffic before, during and after the outage, in the attempt to quantify interesting properties of the event. While it is very difficult to gather clear insights concerning the root causes of the breakdown itself, the collected measurement allow nevertheless to quantify several interesting aspects of the outage: for instance, measurements show that the outage caused, on average, a 3-fold increase of signaling traffic and a 10-fold increase of number of contacted peers, topping to more than 11 million connections for the most active node in our network - which immediately gives the feeling of the extent of the phenomeno

Quality assessment and usage behavior of a mobile voice-over-IP service

Voice-over-IP (VoIP) services offer users a cheap alternative to the traditional mobile operators to make voice calls. Due to the increased capabilities and connectivity of mobile devices, these VoIP services are becoming increasingly popular on the mobile platform. Understanding the user's usage behavior and quality assessment of the VoIP service plays a key role in optimizing the Quality of Experience (QoE) and making the service to succeed or to fail. By analyzing the usage and quality assessments of a commercial VoIP service, this paper identifies device characteristics, context parameters, and user aspects that influence the usage behavior and experience during VoIP calls. Whereas multimedia services are traditionally evaluated by monitoring usage and quality for a limited number of test subjects and during a limited evaluation period, this study analyzes the service usage and quality assessments of more than thousand users over a period of 120 days. This allows to analyze evolutions in the usage behavior and perceived quality over time, which has not been done up to now for a widely-used, mobile, multimedia service. The results show a significant evolution over time of the number of calls, the call duration, and the quality assessment. The time of the call, the used network, and handovers during the call showed to have a significant influence on the users' quality assessments