Mass surveillance of VoIP calls in the data plane

Abstract

Over the last decade, programmable data planes have enabled highly customizable and efficient packet processing in commercial off-the-shelf hardware. Although researchers have demonstrated various use cases of this technology, its potential misuse has gained much less traction. This work investigates a typical surveillance scenario, VoIP call identification and monitoring, through a tailored data-plane attack. We introduce DELTA, a network-level side-channel attack that can efficiently identify VoIP calls and their hosting services. DELTA achieves this by tracking the inherent network footprint of VoIP services in the data plane. Specifically, DELTA stores the user addresses recently connected to VoIP services and links potential call flows with these addresses. We implement DELTA on existing hardware and conduct high-throughput tests based on representative traffic. DELTA can simultaneously store around 100 000 VoIP connections per service and identify call streams in-path, at line-rate, inside terabits of Internet traffic per second, immediately revealing users’ communication patterns.

Research Areas: Network Programmability and Network Security

People

Ege Cem Kırcı

PhD student

Dr. Maria Apostolaki

PhD student

2015—2021

Dr. Roland Meier

PhD student

2017—2022

Prof. Laurent Vanbever

Group Leader

BibTex

@inproceedings{kirci2022surveillance,
  author    = {Kirci, Ege Cem and Apostolaki, Maria and Meier, Roland and Singla, Ankit and Vanbever, Laurent},
  title     = {{Mass surveillance of VoIP calls in the data plane}},
  booktitle = {SOSR '22: Proceedings of the Symposium on SDN Research},
  address   = {Online},
  year      = 2022,
  month     = oct,
  publisher = {Association for Computing Machinery},
  doi       = {10.1145/3563647.3563649},
  url       = {https://doi.org/10.1145/3563647.3563649}
}

Research Collection: 20.500.11850/581702