August 9, 2005 4:54 PM PDT

Feds fund VoIP tapping research

The federal government is funding the development of a prototype surveillance tool by George Mason University researchers who have discovered a novel way to trace Internet phone conversations.

Their project is designed to let police identify whether suspects under surveillance have been communicating through voice over Internet Protocol (VoIP)--information that would be unavailable today if people choose to communicate surreptitiously. The eavesdropping technique already has been shown to work with Skype, the researchers say.

"From a privacy advocate's point of view, this is an attack on privacy," Xinyuan Wang, an assistant professor of software engineering and principal investigator, said Tuesday. "From a police point of view, this is a way to trace things."

To translate his research into a tool that could be used by police in a successor version of the FBI's Carnivore system, Wang received a grant of $307,436 from the National Science Foundation this month. The grant calls for the development of a prototype VoIP-tracing application to provide a "critical but currently missing capability in the fight on crime and terrorism."

The NSF grant comes as federal police are fretting about criminals using VoIP to mask their communications. The Federal Communications Commission on Friday approved mandatory wiretapping requirements for some VoIP providers, and the FBI has been warning for more than two years that VoIP may become a "haven for criminals, terrorists and spies."

At the moment, two Skype users who wish to conceal the fact that they're chatting can direct their computers to bounce their conversation off a commercial anonymizing service, sometimes called a proxy service. Such services are offered by FindNot.com, Proxify.us and Anonymizer.com.

The FBI or any other government agency that's eavesdropping on both ends of the link would see that each person was connected to the anonymizing server--but couldn't know for sure who was talking to whom. The more customers who use the service at once, the more difficult it would be for investigators to connect the dots.

Wang discovered he could embed a unique, undetectable signature in Skype packets and then identify that signature when they reached their destination. The technique works in much the same way as a radioactive marker that a patient swallows, permitting doctors to monitor its progress through the digestive system.

"It's based on the flow itself," Wang said. "I embed a watermark into the flow itself, the timing of the packets. By adjusting the timing of select packets slightly, it's transparent. There's no overhead in the bandwidth, and it's very subtle. It's mingled with the background noise." (The anonymizing service tested was Findnot.com, which did not immediately respond to a request for comment on Tuesday.)

A paper co-authored by Wang and fellow George Mason researchers Shiping Chen and Sushil Jajodia describing their results is scheduled to be presented at a computer security conference in November. An early draft concludes that "tracking anonymous, peer-to-peer VoIP calls on the Internet is feasible" with only 3-millisecond timing alterations as long as the calls are at least 90 seconds long.

Peter Wayner, an author of books on cryptography who is teaching at Dartmouth College, predicts that an arms race could develop between VoIP programmers and eavesdroppers. The George Mason research "seems as likely to yield new techniques in anonymizing as it is to yield techniques for stripping people of their privacy," Wayner said.

"I think it's pretty academic right now," Wayner said. "It would take a lot of work to track people. They'd have to really be interested in someone to use it."

The George Mason researchers' technique does not try to decipher the contents of encrypted conversations (Skype, VoicePulse and PeerMe are VoIP providers that use encryption). In other words, it tries to glean only the identities of the participants, not what they say.

2 comments

Join the conversation!
Add your comment
That shalt spy on the user at all times
It's is understandable, the fed's need to tap everyones phone, for the simple reason, both the Fed's and local police have always illegally tapped anyone's phone they considered as a political subversive and freely holding views opposite to the then ruling elite, like Martin Luther King jnr(an advocate of peace and non violence). Now in this day an age of the new fear of the dreaded suicidal terroists(used to replace the illusion of the dreaded red menace of the fifties to justify excessive military expenses and taxes to pay the same), we now need to spy on the entire population just in case they may express political views other than those prescribed by the ruling drunken powermad elite. Sadly these incompetents, are unable to protect the the average citizen from a preventable death or injury from something simple as the everyday mundane motor vehicle, but say all that those oppose their political views and activities as unpatriotic, and infer that they harbour terroists, to justisfy the continuing waste and pointless spending of revenue raised, to further their misadventures in todays world. Little wonder they need additional funds to circumvent this new technology! Say, would it not be cheaper to do what the NKVD did in the thirties, by placing informants in all neighbourhoods and work places, to spy on all fellow citizens!
Posted by heystoopid (691 comments )
Reply Link Flag
7-11 To Sell STU-III Secure Phones
I predict that someday 7-11 will sell the STU-III secure phone with crypto engine to teenagers so that they can be protected from the spying ears of their parents. Or some other such parent-child relationship deemed a risk. What is even more interesting is the Strangelovean personality of the people who rush in to do their master's bidding. I suppose there was no shortage of crematorium engineers offering their services to A.H. either.
Posted by Stating (869 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.