TY - GEN
T1 - Mass surveillance of VoIP calls in the data plane
AU - Kirci, Ege Cem
AU - Apostolaki, Maria
AU - Meier, Roland
AU - Singla, Ankit
AU - Vanbever, Laurent
N1 - Publisher Copyright:
© 2022 ACM.
PY - 2022/10/19
Y1 - 2022/10/19
N2 - Over the last decade, programmable data planes have enabled highly customizable and efficient packet processing in commercial off-the-shelf hardware. Although researchers have demonstrated various use cases of this technology, its potential misuse has gained much less traction. This work investigates a typical surveillance scenario, VoIP call identification and monitoring, through a tailored data-plane attack. We introduce DELTA, a network-level side-channel attack that can efficiently identify VoIP calls and their hosting services. DELTA achieves this by tracking the inherent network footprint of VoIP services in the data plane. Specifically, DELTA stores the user addresses recently connected to VoIP services and links potential call flows with these addresses. We implement DELTA on existing hardware and conduct high-throughput tests based on representative traffic. DELTA can simultaneously store around 100 000 VoIP connections per service and identify call streams in-path, at line-rate, inside terabits of Internet traffic per second, immediately revealing users' communication patterns.
AB - Over the last decade, programmable data planes have enabled highly customizable and efficient packet processing in commercial off-the-shelf hardware. Although researchers have demonstrated various use cases of this technology, its potential misuse has gained much less traction. This work investigates a typical surveillance scenario, VoIP call identification and monitoring, through a tailored data-plane attack. We introduce DELTA, a network-level side-channel attack that can efficiently identify VoIP calls and their hosting services. DELTA achieves this by tracking the inherent network footprint of VoIP services in the data plane. Specifically, DELTA stores the user addresses recently connected to VoIP services and links potential call flows with these addresses. We implement DELTA on existing hardware and conduct high-throughput tests based on representative traffic. DELTA can simultaneously store around 100 000 VoIP connections per service and identify call streams in-path, at line-rate, inside terabits of Internet traffic per second, immediately revealing users' communication patterns.
KW - VoIP
KW - in-network monitoring
KW - internet surveillance
UR - http://www.scopus.com/inward/record.url?scp=85141054201&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85141054201&partnerID=8YFLogxK
U2 - 10.1145/3563647.3563649
DO - 10.1145/3563647.3563649
M3 - Conference contribution
AN - SCOPUS:85141054201
T3 - SOSR 2022 - Proceedings of the 2022 Symposium on SDN Research
SP - 33
EP - 49
BT - SOSR 2022 - Proceedings of the 2022 Symposium on SDN Research
PB - Association for Computing Machinery, Inc
T2 - 2002 ACM SIGCOMM Symposium on SDN Research, SOSR 2022
Y2 - 20 October 2022
ER -