Over the last several years, Voice over IP (VoIP) has enjoyed a marked increase in popularity, particularly as a replacement of traditional telephony for international calls. Indeed, several large network providers already boast millions of subscribers. At the same time, the security and privacy implications of conducting everyday voice communications over the Internet are not yet well understood. For the most part, the current focus on VoIP security has centered around hardening the signaling protocol. Of late, the increased attention surrounding eavesdropping and call hijacking threats to VoIP communications has heightened the need for encrypting VoIP data before transmitting it over the Internet. Unfortunately, the current recommendations for encrypting VoIP traffic are tuned for efficiency rather than privacy.
In this project, we explore the risks that arise in VoIP under the common practice of using variable bit rate encoders (to save bandwidth) and stream ciphers (for confidentiality). Our ultimate goals are to better understand a wide spectrum of privacy threats to VoIP usage, and to explore countermeasures to hinder these breaches. We also explore the trade-offs associated with better ways of balancing privacy and efficiency, with an eye towards minimizing the impact on the perceptual quality of VoIP calls. The broader significance of the work is to provide sound designs that benefit ongoing efforts in the greater networking community to secure VoIP.
