Anonymity Leakage in Private VoIP Networks

Private communication detection (PCD) is a traffic-analysis technique whereby an ordinary user of a communication network exploits side channels in end-point devices to observe the busy/idle activity status of targeted users. Correlations of users’ activity status allows collection of communication records that reveal private relationships. PCD techniques have been demonstrated for a number of communication technologies, such as Wi-Fi and VoIP, and their effectiveness shown even when the communication network is private; i.e. it provides content confidentiality, flow anonymity, and user pseudonymity. In this paper, we present a mathematical model of PCD that captures the activity status of two targets in a private VoIP network, including the probing process of an attacker that aims to breach their communication anonymity. Using this model, we a) develop fundamental bounds on PCD accuracy; b) measure the anonymity leakage in terms of the amount of call record information obtained in an attack; and c) provide performance guarantees and compare the efficacy of different PCD countermeasures, such as resource randomization and use of firewalls.