Researchers highlight threat to VoIP security

Researchers from Johns Hopkins University in Baltimore, USA, have identified compression techniques as a potential security risk for VoIP users when used in conjunction with encryption technology.

In a paper, called “Spot me if you can: Uncovering spoken phrases in encrypted VoIP conversations”, the researchers suggests that the use of variable bitrate (VBR) compression techniques reduces the effectiveness of standard encryption methods.

VBR is sometimes used to save bandwidth in VoIP calls.

With VoIP being increasingly used for business purposes, security is paramount, and call encryption is becoming more common.

VoIP calls can be encrypted using a method which preserves the lengths of voice patterns in the original, unencrypted conversation, making them difficult to listen in to.

However, the use of VBR compression together with this length-preserving encryption, leads to significant information leakage, the study found.

The combination of the two techniques can allow phrases to be identified with more than 90 percent accuracy.

The research was presented at the 2008 IEEE Symposium on Security and Privacy in Oakland, California.

Story link: Researchers highlight threat to VoIP security