Mass surveillance of VoIP calls in the data plane

Ege Cem Kirci, Maria Apostolaki, Roland Meier, Ankit Singla, Laurent Vanbever

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations


Over the last decade, programmable data planes have enabled highly customizable and efficient packet processing in commercial off-the-shelf hardware. Although researchers have demonstrated various use cases of this technology, its potential misuse has gained much less traction. This work investigates a typical surveillance scenario, VoIP call identification and monitoring, through a tailored data-plane attack. We introduce DELTA, a network-level side-channel attack that can efficiently identify VoIP calls and their hosting services. DELTA achieves this by tracking the inherent network footprint of VoIP services in the data plane. Specifically, DELTA stores the user addresses recently connected to VoIP services and links potential call flows with these addresses. We implement DELTA on existing hardware and conduct high-throughput tests based on representative traffic. DELTA can simultaneously store around 100 000 VoIP connections per service and identify call streams in-path, at line-rate, inside terabits of Internet traffic per second, immediately revealing users' communication patterns.

Original languageEnglish (US)
Title of host publicationSOSR 2022 - Proceedings of the 2022 Symposium on SDN Research
PublisherAssociation for Computing Machinery, Inc
Number of pages17
ISBN (Electronic)9781450398923
StatePublished - Oct 19 2022
Event2002 ACM SIGCOMM Symposium on SDN Research, SOSR 2022 - Virtual, Online, United States
Duration: Oct 20 2022 → …

Publication series

NameSOSR 2022 - Proceedings of the 2022 Symposium on SDN Research


Conference2002 ACM SIGCOMM Symposium on SDN Research, SOSR 2022
Country/TerritoryUnited States
CityVirtual, Online
Period10/20/22 → …

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software


  • VoIP
  • in-network monitoring
  • internet surveillance


Dive into the research topics of 'Mass surveillance of VoIP calls in the data plane'. Together they form a unique fingerprint.

Cite this