VoIP: encrypted but vulnerable to linguistic attack (Image: Frederic Sierakowski/Rex Features)
Chatting over internet phone networks like Skype may not be as secure as once thought: security researchers have shown that encrypted voice-over-internet-protocal (VoIP) conversations can be partially understood by an eavesdropper.
Transmitting voice data through the internet securely involves encoding and then encrypting speech. This combination of two signal-processing techniques means the size of the encrypted data packets reflect properties of the original speech, a key vulnerability that allowed a team of computer scientists and linguists at the University of North Carolina at Chapel Hill to reconstruct words and phrases from a VoIP call.
The team listen in by splitting the sequence of encrypted VoIP data packets into sequences that correspond to phonemes, the short sounds that form the building blocks of speech. Theythen apply linguistic rules to turn a string of phonemes into words - for example, the spoken conjunction that sounds like "zzdr", which occurs in the middle of "eavesdrop" (say it out loud and you'll hear it) never appears at the start of an English word.
The researchers compare the technique to the way infants learn to understand speech, segmenting the stream of sound coming from an adult's mouth into words by using linguistic clues such as separating out their own name.
Users don't need to worry about people listening in on their entire Skype conversation though, as the success of their technique varies widely. The team tested it on 6300 recordings in eight American English dialects and evaluated the performance using METEOR, a widely used scoring system for comparing machine translation techniques. Only 2.3 per cent scored over 0.5, meaning they are generally considered understandable, though some scores were much higher with near-perfect recovery of full sentences.
Even though their success rate is low, the researchers told the IEEE Symposium on Security and Privacy in Oakland, California, this week that no information should be leaking out of a supposedly encrypted communication, and say that future advances in computational linguistics are likely to improve their reconstructions.
One fix might be to change the encoding and encryption schemes used in VoIP software, or to alter the transmission by dropping some packets or padding them with meaningless data - though this could affect call quality.
No comments:
Post a Comment