Mass surveillance of VoIP calls in the data plane

Authors: Ege Cem Kırcı, Maria Apostolaki, Roland Meier, Ankit Singla, and Laurent Vanbever
SOSR '22: Proceedings of the Symposium on SDN Research
PDF

Abstract

Over the last decade, programmable data planes have enabled highly customizable and efficient packet processing in commercial off-the-shelf hardware. Although researchers have demonstrated various use cases of this technology, its potential misuse has gained much less traction. This work investigates a typical surveillance scenario, VoIP call identification and monitoring, through a tailored data-plane attack. We introduce DELTA, a network-level side-channel attack that can efficiently identify VoIP calls and their hosting services. DELTA achieves this by tracking the inherent network footprint of VoIP services in the data plane. Specifically, DELTA stores the user addresses recently connected to VoIP services and links potential call flows with these addresses. We implement DELTA on existing hardware and conduct high-throughput tests based on representative traffic. DELTA can simultaneously store around 100 000 VoIP connections per service and identify call streams in-path, at line-rate, inside terabits of Internet traffic per second, immediately revealing users’ communication patterns.

People

Ege Cem Kırcı
PhD student
Dr. Maria Apostolaki
PhD student
2015—2021
Dr. Roland Meier
PhD student
2017—2022

BibTex

@INPROCEEDINGS{kirci2022surveillance,
	isbn = {978-1-4503-9892-3},
	doi = {10.1145/3563647.3563649},
	year = {2022-10},
	booktitle = {SOSR '22: Proceedings of the Symposium on SDN Research},
	type = {Conference Paper},
	author = {Kirci, Ege Cem and Apostolaki, Maria and Meier, Roland and Singla, Ankit and Vanbever, Laurent},
	abstract = {Over the last decade, programmable data planes have enabled highly customizable and efficient packet processing in commercial off-the-shelf hardware. Although researchers have demonstrated various use cases of this technology, its potential misuse has gained much less traction. This work investigates a typical surveillance scenario, VoIP call identification and monitoring, through a tailored data-plane attack. We introduce DELTA, a network-level side-channel attack that can efficiently identify VoIP calls and their hosting services. DELTA achieves this by tracking the inherent network footprint of VoIP services in the data plane. Specifically, DELTA stores the user addresses recently connected to VoIP services and links potential call flows with these addresses. We implement DELTA on existing hardware and conduct high-throughput tests based on representative traffic. DELTA can simultaneously store around 100 000 VoIP connections per service and identify call streams in-path, at line-rate, inside terabits of Internet traffic per second, immediately revealing users' communication patterns.},
	keywords = {VoIP; In-network monitoring; Internet surveillance},
	language = {en},
	address = {New York, NY},
	publisher = {Association for Computing Machinery},
	title = {Mass surveillance of VoIP calls in the data plane},
	PAGES = {33 - 49},
	Note = {2022 ACM SIGCOMM Symposium on SDN Research (SOSR 2022); Conference Location: Online; Conference Date: October 19-20, 2022}
}

Research Collection: 20.500.11850/581702