• DocumentCode
    2404803
  • Title

    Timing Attacks on a Centralized Presence Model

  • Author

    Zhang, Ge

  • Author_Institution
    Karlstad Univ., Karlstad, Sweden
  • fYear
    2011
  • fDate
    5-9 June 2011
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    Presence information (PI) represents the updated status, context and willingness of communication partners in Voice over IP systems. For instance, the action that Alice switches her status (e.g., from "idle" to "busy") will trigger PI messages to notify her buddies this change. In a centralized presence service system, presence communications are managed by a presence server based on users\´ buddylists. The privacy concern in this paper is that networking intermediaries, as adversaries, might be able to profile the buddy-relationship among the users by utilizing message arrival time. We found that the threat cannot be totally eliminated even if the server processes messages in batches. Attackers might observe the traffic in several rounds and thus profile the results. In this paper, we introduce the attacks and discuss potential countermeasures.
  • Keywords
    Internet telephony; computer network security; PI message; centralized presence model; centralized presence service system; communication partner context; communication partner willingness; presence communications; presence information; presence server; timing attacks; updated status; user buddylists; voice-over-IP systems; Electronic mail; IEEE Communications Society; Privacy; Protocols; Security; Servers; Timing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communications (ICC), 2011 IEEE International Conference on
  • Conference_Location
    Kyoto
  • ISSN
    1550-3607
  • Print_ISBN
    978-1-61284-232-5
  • Electronic_ISBN
    1550-3607
  • Type

    conf

  • DOI
    10.1109/icc.2011.5962453
  • Filename
    5962453
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2404803