DOCSLIB.ORG

Voip Over 3G/Wifi Networks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Voip Over 3G/Wifi Networks Mobility Project - VoIP over 3G/WiFi networks Gaël ALLOYER, Marc CABOCEL, Romain CASTAGNET, Pascal CLEMENT, Pierre LEROY, Guillaume LESNE, Nicolas PEPIN [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] Abstract. With the increasing of mobility of devices and Internet expansion, users are constantly connected. In this con- text, the aim is to study if it is possible to create a Voice over IP application for Android and iPhone OS in order to be able to switch between networks to maintain Internet connection. Swapping between networks has to be without discon- nection. A VoIP application dealing with this mobility problem has already been implemented for Linux. This report pre- sents our approach to port a similar application for smartphones. Our results show that smartphones cannot always be considered as small computers with an easy development platform. Access and management restrictions can cause nu- merous problems for developers for this software migration on iPhone OS and Android. 1 Mobility Management The aim of this project is to develop a VoIP (Voice over IP) application with mobility on two mobile OS, iOS and Android. This application allows the user to switch between two networks without any disconnection during a communication. This project is based on a mobility patch created for an open-source project named PJSIP [1], which provides source codes writ- ten in C language to build VoIP applications. This patch modifies PJSIP libraries (PJLIB) [2] and PJSUA [3], a UNIX VoIP application for testing purposes that uses PJSIP. The patched version of PJSUA already allows mobility management. 1.1 Context SIP/RTP. SIP is a signaling protocol used in VoIP. RTP is used for media transport. IMS. The IMS is an architectural framework delivering Internet Protocol multimedia services. The IMS server provides a database of subscribed users that are allowed to interact with other subscribers using SIP/RTP protocols. In order to provide Voice over IP, an IMS (IP Multimedia Subsystem) server providing VoIP services was installed. Routers. Users have access to the IMS through two routers, one configured as a public router where accessible through 3G networks, and the other through WiFi. These devices constitute a simulation bench for access switching on mobile devices. Available Patch. The patched version of PJLIB provides a good starting point to implement mobility on iOS and Android. iPJSUA is an iPhone application that uses PJLIB, as well as CSipSimple [5], a similar application for Android. 1.2 Research Before implementing the managing of mobility on a smartphone using PJSIP, the context has to be fully understood. During a communication between two devices, packets pass through an IMS proxy (P-CSCF) and the IMS core before passing through another IMS proxy. This leads to the device called. Calling Process (Figure 1). Firstly, the calling device uses SIP protocol in order to register itself in the IMS (by sending a REGISTER SIP packet). Then the user can make a call (by sending an INVITE SIP packet). If the IMS accepts the registra- tion, and the correspondent answers the call, communication begins. RTP packets carrying the voice are exchanged be- tween the two devices. 1 of 8 Figure 1. Calling process Mobility Management. With mobility management, this process is slightly modified. The communication has to switch between two network interfaces (e.g. WiFi to 3G) without any disconnection. The device has to be connected to these two networks during a few milliseconds, to REGISTER, REINVITE and quickly synchronize the communication via the se- cond interface. The IMS and PJSIP must be modified to be able to manage two connections with the same device. Mobility Management Implementation (Figure 2). The chosen solution that was implemented for mobility management was to incorporate a second entry proxy to the IMS. This proxy allows another connection using a second network between the IMS and the second network interface of the device. One was used by the client through its 3G interface, and the other one was used by the WiFi interface. Figure 2. Mobility management with IMS 2 of 8 Mobility Calling Process. A new connection signal was added to PJSIP. This signal is a “re-invite” (REINVITE) message sent by the second interface. This message specifies in its header that it must be routed on the first PCSCF proxy via the second PCSCF proxy. Thus, the first proxy understanding that this device is asking for mobility can duplicate the commu- nication. This was achieved by sending packets on both network interfaces. Both connections are kept active during a few milliseconds, while some packets are transiting to make sure that the new connection is stable. After ten RTP packets, the new connection is considered stable if these packets are well received. The first connection is then closed. 1.3 Setup Routers. In order to have a fully functional environment to test mobility, DDWRT [4], an open-source Unix-based firm- ware was installed on both routers. This Operating System (OS) allows very powerful functionalities for debugging and managing routes with classical Unix commands. Testing. The first important step is to know if the environment is working without mobility. PJSUA was compiled under MacOS 10.6.6 and under Ubuntu 10.04. A call was initialized between two UNIX OS based computers. Patching. The patch provided is working for PJSIP 1.6. After applying the patch to the 1.6 version, compiling PJSUA under MacOS 10.6.6 was no longer possible due to compilation errors. Ubuntu was used for the next testing process. First Results (Figure 3). The initial context is that computers are running the previously patched PJSUA under Ubuntu 10.04. The caller makes a call to the second computer via PCSCF1 using a given network interface (eth0). During the communication a REGISTER and REINVITE signal are sent to PCSCF2 through a second network interface (eth1). Con- sequently, after a few milliseconds the communication switches to the second interface (eth1). All the traffic is monitored with a traffic analyzer to log the mobility management and prove that mobility from one interface to another is working. Figure 3. Wireskark capture - Mobility with test2 (192.168.0.9 then 172.18.1.217) calling test user (172.18.1.6) As expected, the first interface of test2 subscriber registers itself in the IMS then calls the test correspondent. An invite packet is sent and the communication is established once test picks up. RTP packets are exchanged (in Figure 5 only SIP packets are filtered). Then, the second interface of test2 registers itself into the IMS. The two interfaces receive RTP pack- ets during 10 RTP packets (few milliseconds). Then the first connection is closed and only the second connection remains active. 2 Migration on Smartphone This project aims to develop an application on smartphones to manage mobility as the one running on UNIX. To implement this functionality, the project was split up in two parts: one for iOS and one for Android. 3 of 8 2.1 Investigation At the beginning of the project, studies about IMS, SIP/RTP and VoIP were done to understand the context of this project. This investigation was needed to understand how a VoIP application works, and how it can be modified for mobility. Stud- ies on PJSIP were also done to understand how the mobility management was implemented for the PJSUA UNIX applica- tion. Devices. Some tests were performed on the iPhone 3GS and on the iPhone 4 to know if managing mobility can work on them. Android devices such as the Samsung GALAXY Tab and the Samsung GALAXY S were also tested. These tests are explained later on this report. Application Choice. Patching an existing application that uses PJLIB with mobility enhance mobility management imple- mentation. It has been previously demonstrated that PJSUA works with PJLIB patched. Thus, a VoIP application for each operating system (Android and iOS) using PJSIP needs to be found. iPJSUA is a port of PJSUA for iOS, and CSipSimple is the one for Android. PJSIP is directly included in IPJSUA whereas CSipSimple belongs to another project which is based on PJSIP. The two screenshots below (Figure 4) show a part of the GUI of both applications. Figure 4. CSipSimple running on Android (left) iPJSUA running on an iPhone 3GS (right) Application Compilation. CSipSimple can be compiled and runs on the Android emulator included in the Android SDK; PJLIB can also be compiled and integrated to CSipSimple. The latest version of this application is working with PJLIB 1.8. On the iOS side, jailbroken iPhones are required. This allows any compiled application to be brought on real devices and not only on the Xcode provided iPhone simulator. At least, iPJSUA was running on both the Xcode simulator and iPhones. Application Testing. These applications were tested without mobility management. Even after their configuration, some problems were still remaining such as the RTP communication, which is unidirectional. After some research into the source code of these applications, it seems RTP packets should be sent. Thanks to a Man In The Middle (MITM) attack between the client (iPhone 3GS in communication) and the wireless Access Point (AP) on which it was connected, it was discovered using Wireshark that the router was dropping every RTP packet sent by the iPhone. Indeed, this problem was coming from route tables of the router. Its routes were fixed, and both CSipSimple and iPJSUA were working well. 4 of 8 2.2 From PJSIP 1.6 to PJSIP 1.8.10 Patched with Mobility Management PJLIB is used by CSipSimple and iPJSUA. Unfortunately, CSipSimple requires PJLIB 1.8.10 to work and iPJSUA is not yet implemented in PJLIB 1.6.
Load more

Recommended publications
  • Wiretapping End-To-End Encrypted Voip Calls Real-World Attacks on ZRTP
    Institute of Operating Systems and Computer Networks Wiretapping End-to-End Encrypted VoIP Calls Real-World Attacks on ZRTP Dominik Schürmann, Fabian Kabus, Gregor Hildermeier, Lars Wolf, 2017-07-18 wiretapping difficulty End-to-End Encryption SIP + DTLS-SRTP (SIP + Datagram Transport Layer Security-SRTP) End-to-End Encryption & Authentication SIP + SRTP + ZRTP Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time Transport Protocol) 2017-07-18 Dominik Schürmann Wiretapping End-to-End Encrypted VoIP Calls Page 2 of 13 wiretapping difficulty End-to-End Encryption & Authentication SIP + SRTP + ZRTP Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time Transport Protocol) End-to-End Encryption SIP + DTLS-SRTP (SIP + Datagram Transport Layer Security-SRTP) 2017-07-18 Dominik Schürmann Wiretapping End-to-End Encrypted VoIP Calls Page 2 of 13 wiretapping difficulty Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time
    [Show full text]
  • TECH TOOLS for ACTIVISTS Published : 2012-10-04 License : CC-BY T ABLE of CONT ENT S
    TECH TOOLS FOR ACTIVISTS Published : 2012-10-04 License : CC-BY T ABLE OF CONT ENT S Tech Tools For Activism 1 An introduction to this booklet 2 2 Securing your email 4 3 Anonymous Blogs and Websites 7 4 Microblogging Beyond Twitter 9 5 Browsing the Internet 11 6 Organising and Networking Online 14 7 Mobile Phone Security and Android Apps 18 8 Publishing and Networking News 21 9 Producing and Publishing Media to the Internet 23 10 Green Computing 25 11 Hiding & Deleting Things on your PC 27 TECH TOOLS FOR ACTIVISM 1. AN INTRODUCTION TO THIS BOOKLET 2. SECURING YOUR EMAIL 3. ANONYMOUS BLOGS AND WEBSITES 4. MICROBLOGGING BEYOND TWITTER 5. BROWSING THE INTERNET 6. ORGANISING AND NETWORKING ONLINE 7. MOBILE PHONE SECURITY AND ANDROID APPS 8. PUBLISHING AND NETWORKING NEWS 9. PRODUCING AND PUBLISHING MEDIA TO THE INTERNET 10. GREEN COMPUTING 11. HIDING & DELETING THINGS ON YOUR PC 1 1. AN INT RODUCT ION T O T HIS BOOKLET T his booklet will help you to: use email securely publish news and upload media anonymously make your web browsing more anonymous and secure use Facebook and Twitter more securely get organised online without relying on corporate social networking sites use encrypted messaging on mobile phones hide stuff on your computer so it can't be found find a more secure and decentralised replacement for Twitter support free software, open licences and decentralised/ federated communication. Why this booklet is important: This booklet provides an introduction to the effective use of technology for activism, with links to step-by-step guides and further information.
    [Show full text]
  • Portable Wi-Fi Calling and Interactive Voice Response System
    www.ijemr.net ISSN (ONLINE): 2250-0758, ISSN (PRINT): 2394-6962 Volume-7, Issue-1, January-February 2017 International Journal of Engineering and Management Research Page Number: 384-386 Portable Wi-Fi Calling and Interactive Voice Response System Ruchi W. Kasare1, Pooja K. Muneshwar2, Nikhil D. Tembhekar3, Prof. V. P. Yadav4, Prof. J. V. Shriral5 1,2,3,4,5Department of Computer Science and Engineering, Priyadarshani College of Engineering and Research, Nagpur University, Maharashtra, INDIA ABSTRACT Wireless IP-PBX utilizes WIFI technology for Implementation of a VoIP telephony system using communication, the same wireless infrastructure used for an IP Telephony solution in the organization as IVR. A new your corporate network. Just as we use mobiles and technology VoIP or Internet Telephony means that your laptops within this wireless infrastructure to gain access voice is carried over the IP network, otherwise known as to information, now we can use wireless IP phones the Internet. Voice which is an analog signal, is converted system as this system uses the telephony function to digital data, which is then disassembled and transmitted through the Internet or Internet to be recovered back to an directly into an already existing data network. This analog signal an the other using an IP Telephony solution provides an advantage that voice and data network can which is an Linux base system. be used together using single system. One of the major This service can be properly managed and advantages of the IP-PBX wireless phone is that you can deployed over a network with less stress and expenses.
    [Show full text]
  • A Survey of Open Source Products for Building a SIP Communication Platform
    Hindawi Publishing Corporation Advances in Multimedia Volume 2011, Article ID 372591, 21 pages doi:10.1155/2011/372591 Research Article A Survey of Open Source Products for Building a SIP Communication Platform Pavel Segec and Tatiana Kovacikova Department of InfoCom Networks, University of Zilina, Univerzitna 8215/1, 010 26 Zilina, Slovakia Correspondence should be addressed to Tatiana Kovacikova, [email protected] Received 29 July 2011; Revised 31 October 2011; Accepted 15 November 2011 Academic Editor: T. Turletti Copyright © 2011 P. Segec and T. Kovacikova. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. The Session Initiation Protocol (SIP) is a multimedia signalling protocol that has evolved into a widely adopted communication standard. The integration of SIP into existing IP networks has fostered IP networks becoming a convergence platform for both real- time and non-real-time multimedia communications. This converged platform integrates data, voice, video, presence, messaging, and conference services into a single network that offers new communication experiences for users. The open source community has contributed to SIP adoption through the development of open source software for both SIP clients and servers. In this paper, we provide a survey on open SIP systems that can be built using publically available software. We identify SIP features for service deve- lopment and programming, services and applications of a SIP-converged platform, and the most important technologies support- ing SIP functionalities. We propose an advanced converged IP communication platform that uses SIP for service delivery.
    [Show full text]
  • Performance Analysis of Voip Call
    Buletin Pos dan Telekomunikasi Vol. 13 No.1 (2015) 79-96 Performance Analysis of VoIP Call Application Android in MANET (Mobile Ad Hoc Network) Analisis Unjuk Kerja Aplikasi VoIP Call Android di Jaringan MANET (Mobile Ad Hoc Network) Ryan Ari Setyawan Jurusan Teknik Informatika, Fakultas Teknik, Universitas Janabadra Jl. Tentara Rakyat Mataram No. 55-57 Yogyakarta 55231, Indonesia e-mail: [email protected] INFORMATION ARTI CLE A B S T R A K Manuscript received June 15, 2015 Penelitian ini bertujuan menganalisis kinerja aplikasi VoIP call android di Revised June 24, 2015 jaringan MANET (mobile ad hoc network). Hasil pengujian menunjukan bahwa Approved June 25, 2015 aplikasi VoIP call android dapat digunakan di jaringan MANET. Delay yang dihasilkan paling besar di pengujian indoor dengan jarak 11-15 meter yakni Kata kunci : sebesar 0,014624811 seconds. Packet loss yang dihasilkan pada range 1%-2%, Android sedangkan standar packet loss yang ditetapkan oleh CISCO untuk layanan aplikasi VoIP VoIP adalah < 5%. Jitter yang dihasilkan yakni antara 0,01-0,06 seconds MANET sedangkan standar yang ditetapkan oleh CISCO adalah ≤ 30 ms atau 0,03 seconds. Throughput yang dihasilkan pada proses pengujian yakni antar 161 kbps-481 kbps. A B S T R A CT Keywords: This study aims to analyze the performance of VOIP call android application in the Android MANET (mobile ad hoc network). The results showed that VoIP applications could VoIP be implemented in MANET network. The highest delay is produced in indoor MANET testing with distance of 11-15 meters, which is equal to 0.014624811 seconds. Packet loss is generated in the range of 1% -2%, while packet loss standards set by Cisco for VoIP application services are <5%.
    [Show full text]
  • Battery and Data Drain of Over-The-Top Applications on Low-End Smartphones
    CORE Metadata, citation and similar papers at core.ac.uk Provided by University of the Western Cape Research Repository IST-Africa 2018 Conference Proceedings Paul Cunningham and Miriam Cunningham (Eds) IIMC International Information Management Corporation, 2018 ISBN: 978-1-905824-59-5 Battery and Data Drain of Over-The-Top Applications on Low-end Smartphones Shree Om1, William D. Tucker2 University of the Western Cape, Robert Sobukwe Road, Cape Town, 7535, South Africa1,2 Tel: +27 21 959 3010, Fax: +27 21 959 1274, Email: [email protected] 1, [email protected] 2 Abstract: Low-end smartphones with sub $50 price tags provide affordable device ownership to low-income populations. However, their limited capacity, when combined with the need for multimodal connectivity, raises usage concerns in rural off-grid regions. Some off-grid regions in sub-Saharan Africa provide recharge facilities using solar power and charge money for the service. Adding data bundle costs to frequent recharge costs, affordability of low-end smartphones becomes questionable in such areas. Community-controlled solar-powered wireless mesh network models with Session Initiation Protocol capability could alleviate the network usage cost conundrum and consume less power in low-end smartphones with the usage of WiFi. This paper reports on investigations that reveal usage of WiFi consumes less battery than 3G, 2G and Bluetooth. In addition, we feel that lowering recharge costs also requires battery consumption knowledge of the over- the-top applications. Using automated voice calls, this paper reports on battery and data consumption by multiple popular social media applications using one type of low-end smartphone.
    [Show full text]
  • Debian's Role in Establishing an Alternative to Skype
    Debian’s role in establishing an alternative to Skype Motivation, Challenges and Tactics Daniel Pocock [email protected] http://www.OpenTelecoms.org mini-DebConf, Paris, November 2012 Daniel Pocock [email protected] Debian’s role in establishing an alternative to Skype Introduction Motivation – why do we need to do something? What happens if we do nothing? Challenges – why hasn’t it been done already? Tactics – what can we do over the next 12 months? Daniel Pocock [email protected] Debian’s role in establishing an alternative to Skype Motivation Some background Yes, you’ve seen me before – in Managua. Slides and video are available and highly recommended. Is there something new? – yes. Daniel Pocock [email protected] Debian’s role in establishing an alternative to Skype Motivation Why mention Skype? Widely deployed – hundreds of millions of users Interdependency – unlike other types of software, interoperability is a critical factor in the success of real-time communications software Viber – another proprietary solution that has quickly gained traction thanks to ease of use. The free software community missed the boat in the desktop VoIP arena, now the same may be happening for mobile. Daniel Pocock [email protected] Debian’s role in establishing an alternative to Skype Motivation How bad is it? Marketing – Skype allows Microsoft to study your thoughts and emotions in real time. Feedback to advertisers. Privacy – Microsoft has patented a technique for monitoring Skype. Call records, friend lists, etc. Statistical techniques for identifying who is pregnant, who is a homosexual, have all been exposed recently.
    [Show full text]
  • Droidleaks: a Comprehensive Database of Resource Leaks in Android Apps
    Noname manuscript No. (will be inserted by the editor) DroidLeaks: A Comprehensive Database of Resource Leaks in Android Apps Yepang Liu · Jue Wang · Lili Wei · Chang Xu · Shing-Chi Cheung · Tianyong Wu · Jun Yan · Jian Zhang Received: date / Accepted: date Abstract Resource leaks in Android apps are pervasive. They can cause se- rious performance degradation and system crashes. In recent years, many re- source leak detection techniques have been proposed to help Android develop- ers correctly manage system resources. Yet, there exist no common databases of real-world bugs for effectively comparing such techniques to understand their strengths and limitations. This paper describes our effort towards con- structing such a bug database named DroidLeaks. To extract real resource leak bugs, we mined 124,215 code revisions of 34 popular open-source Android apps. After automated filtering and manual validation, we successfully found 292 fixed resource leak bugs, which cover a diverse set of resource classes, from 32 analyzed apps. To understand these bugs, we conducted an empirical study, which revealed the characteristics of resource leaks in Android apps and common patterns of resource management mistakes made by developers. To further demonstrate the usefulness of our work, we evaluated eight resource leak detectors from both academia and industry on DroidLeaks and per- Yepang Liu Shenzhen Key Laboratory of Computational Intelligence, Department of Computer Science and Engineering, Southern University of Science and Technology, Shenzhen, China. E-mail: [email protected] Jue Wang, Chang Xu State Key Laboratory for Novel Software Technology and Department of Computer Science and Technology, Nanjing University, Nanjing, China E-mail: [email protected], [email protected] Lili Wei, Shing-Chi Cheung Department of Computer Science and Engineering, Hong Kong University of Science and Technology, Hong Kong, China.
    [Show full text]
  • Digital Source Protection for Journalists
    3 Tow Center for Digital Journalism DIGITAL A Tow/Knight Report SECURITY AND SOURCE PROTECTION FOR JOURNALISTS SUSAN MCGREGOR Funded by the Tow Foundation and the John S. and James L. Knight Foundation 4 Acknowledgements This paper is the product of countless conversations, encounters, recommen- dations and insights provided to me over the past year by members of the digital security and journalism communities. Though it would be impossible to name everyone whose insight and exper- tise has informed this work, my deepest thanks go to Franzi Roesner, Carey Shenkman, Nabiha Syed, Seamus Tuohy, Chris Walker and Carol Waters for providing invaluable feedback and direction on early versions of this pa- per; your expertise and insight was invaluable. Also to Oktavia Jonsdottir, Scott Klein, Quinn Norton, Jeremy Singer-Vine and Jennifer Valentino- DeVries, who shared their ideas and work processes with me. And a very special thanks to Peter G. Neumann, who offered me the long view on digital security and directed me to essential resources and experts on the subject. This project would also not have been possible without the financial and intellectual support of my colleagues at Columbia Journalism School, and the Tow Center for Digital Journalism–particularly Emily Bell and Taylor Owen. Likewise, I am very grateful to both OpenITP and TacticalTech– organizations whose generosity in hosting me in the fall of 2013 made pos- sible so many enlightening interactions with the digital security community. Without the openness of these organizations and their associates, this work would not have been possible. And finally, many grateful thanks to my talented, enthusiastic, and insightful illustrator and collaborator, Matteo Farinella, for truly making the invisible, visible.
    [Show full text]
  • Safety on the Line Exposing the Myth of Mobile Communication Security
    Safety on the Line Exposing the myth of mobile communication security Prepared by: Supported by: Cormac Callanan Freedom House and Hein Dries-Ziekenheiner Broadcasting Board of Governors This report has been prepared within the framework Contacts of Freedom House/Broadcasting Board of Governors funding. The views expressed in this document do not FOR FURTHER INFORMATION necessarily reflect those of Freedom House nor those of PLEASE CONTACT: the Broadcasting Board of Governors. Mr. Cormac Callanan July 2012 Email: [email protected] Mr. Hein Dries-Ziekenheiner Email: [email protected] 2 Safety on the Line Exposing the myth of mobile communication security Authors CORMAC CALLANAN HEIN DRIES-ZIEKENHEINER IRELAND THE NETHERLANDS Cormac Callanan is director of Aconite Internet Solutions Hein Dries-Ziekenheiner LL.M is the CEO of VIGILO (www.aconite.com), which provides expertise in policy consult, a Netherlands based consultancy specializing development in the area of cybercrime and internet in internet enforcement, cybercrime and IT law. Hein security and safety. holds a Master’s degree in Dutch civil law from Leiden University and has more than 10 years of legal and Holding an MSc in Computer Science, he has over 25 technical experience in forensic IT and law enforcement years working experience on international computer on the internet. networks and 10 years experience in the area of cybercrime. He has provided training at Interpol and Hein was technical advisor to the acclaimed Netherlands Europol and to law enforcement agencies around the anti-spam team at OPTA, the Netherlands Independent world. He has worked on policy development with the Post and Telecommunications Authority, and frequently Council of Europe and the UNODC.
    [Show full text]
  • Wiretapping End-To-End Encrypted Voip Calls: Real-World Attacks on ZRTP
    Preprint Version, Accepted for Publication in PoPETS 2017; 2017 (3):1–17 Dominik Schürmann*, Fabian Kabus, Gregor Hildermeier, and Lars Wolf Wiretapping End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP Abstract: Voice calls are still one of the most com- saging apps, such as WhatsApp and Facebook Messen- mon use cases for smartphones. Often, sensitive personal ger [10, 36]. As a result, mobile messaging, the most information but also confidential business information popular smartphone feature, finally includes end-to-end is shared. End-to-end security is required to protect encryption for average users. Comparing their security against wiretapping of voice calls. For such real-time features with that of voice calls shows a major imbal- communication, the ZRTP key-agreement protocol has ance. While making voice calls is the second most popu- been proposed. By verbally comparing a small number lar smartphone feature with 93% popularity [25], its se- of on-screen characters or words, called Short Authenti- curity is often neglected. It is difficult to retrofit the tra- cation Strings, the participants can be sure that no one ditional Public Switched Telephone Network with end- is wiretapping the call. Since 2011, ZRTP is an IETF to-end security, but it is feasible to protect users of mod- standard implemented in several VoIP clients. ern Voice over IP (VoIP) apps. In this paper, we analyzed attacks on real-world VoIP To protect real-time communication channels, the systems, in particular those implementing the ZRTP ZRTP key agreement protocol has been proposed. Based standard. We evaluate the protocol compliance, er- on the Diffie-Hellmann (DH) key exchange, it has been ror handling, and user interfaces of the most common standardized in 2011 as RFC 6189 [38].
    [Show full text]
  • Real-Time Communications Quick Start Guide
    Real-Time Communications Quick Start Guide Daniel Pocock [http://danielpocock.com] Real-Time Communications Quick Start Guide Daniel Pocock [http://danielpocock.com] Copyright © 2013, 2014, 2015 Daniel Pocock Table of Contents Preface ........................................................................................................................ x 1. Introduction .............................................................................................................. 1 Federation ............................................................................................................ 1 Independent and decentralized alternatives to federation ............................................... 1 Private networks ........................................................................................... 1 Decentralized networks .................................................................................. 1 Conclusion ................................................................................................... 2 Choosing between SIP and XMPP ........................................................................... 2 Choice of operating system ..................................................................................... 3 Using a ready-to-run or turn-key solution .......................................................... 3 Using a generic GNU/Linux distribution ........................................................... 3 Use latest software versions ...................................................................................
    [Show full text]