Wiretapping End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP-Reference-Cited by-同舟云学术

Wiretapping End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP

Published:2017-07-01 Issue:3 Volume:2017 Page:4-20
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Schürmann Dominik¹,Kabus Fabian¹,Hildermeier Gregor¹,Wolf Lars¹

Affiliation:

1. TU Braunschweig

Abstract

Abstract Voice calls are still one of the most common use cases for smartphones. Often, sensitive personal information but also confidential business information is shared. End-to-end security is required to protect against wiretapping of voice calls. For such real-time communication, the ZRTP key-agreement protocol has been proposed. By verbally comparing a small number of on-screen characters or words, called Short Authentication Strings, the participants can be sure that no one is wiretapping the call. Since 2011, ZRTP is an IETF standard implemented in several VoIP clients. In this paper, we analyzed attacks on real-world VoIP systems, in particular those implementing the ZRTP standard. We evaluate the protocol compliance, error handling, and user interfaces of the most common ZRTP-capable VoIP clients. Our extensive analysis uncovered a critical vulnerability that allows wiretapping even though Short Authentication Strings are compared correctly. We discuss shortcomings in the clients’ error handling and design of security indicators potentially leading to insecure connections.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Reference37 articles.

1. [1] Devdatta Akhawe and Adrienne Porter Felt. Alice in warningland: A large-scale field study of browser security warning effectiveness. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13), pages 257–272, Washington, D.C., 2013. USENIX.

2. [2] akwizgran. basic-english. https://github.com/akwizgran/basic-english. (Accessed: 10/2016).

3. [3] K. Bhargavan, C. Brzuska, C. Fournet, M. Green, M. Kohlweiss, and S. Zanella-Béguelin. Downgrade resilience in key-exchange protocols. In IEEE Symposium on Security and Privacy (SP), pages 506–525, May 2016.

4. [4] R. Bresciani and A. Butterfield. A formal security proof for the ZRTP protocol. In International Conference for Internet Technology and Secured Transactions (ICITST), pages 1–6, Nov 2009.

5. [5] Riccardo Bresciani. The ZRTP protocol analysis on the diffie-hellman mode. Computer Science Department Technical Report TCD-CS-2009-13, Trinity College Dublin, 2009.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. On the Cryptographic Features of a VoIP Service;Cryptography;2018-01-19

2. Evaluating the Privacy Properties of Secure VoIP Metadata;Trust, Privacy and Security in Digital Business;2018