Title :
Timing Attacks on a Centralized Presence Model
Author_Institution :
Karlstad Univ., Karlstad, Sweden
Abstract :
Presence information (PI) represents the updated status, context and willingness of communication partners in Voice over IP systems. For instance, the action that Alice switches her status (e.g., from "idle" to "busy") will trigger PI messages to notify her buddies this change. In a centralized presence service system, presence communications are managed by a presence server based on users\´ buddylists. The privacy concern in this paper is that networking intermediaries, as adversaries, might be able to profile the buddy-relationship among the users by utilizing message arrival time. We found that the threat cannot be totally eliminated even if the server processes messages in batches. Attackers might observe the traffic in several rounds and thus profile the results. In this paper, we introduce the attacks and discuss potential countermeasures.
Keywords :
Internet telephony; computer network security; PI message; centralized presence model; centralized presence service system; communication partner context; communication partner willingness; presence communications; presence information; presence server; timing attacks; updated status; user buddylists; voice-over-IP systems; Electronic mail; IEEE Communications Society; Privacy; Protocols; Security; Servers; Timing;
Conference_Titel :
Communications (ICC), 2011 IEEE International Conference on
Conference_Location :
Kyoto
Print_ISBN :
978-1-61284-232-5
Electronic_ISBN :
1550-3607
DOI :
10.1109/icc.2011.5962453
