THE OVERALL MODEL OF TRACING ANONYMOUS PEERTOPEER VOIP CALLS
Given any two di®erent Skype peers A and B, we are interested in determining if A is talking (or has talked) to B via Skype peer-to-peer VoIP. As shown in Figure 1, both Skype peers A and B have outgoing and incoming VoIP °ows to and from the Internet cloud. The Skype peers could be behind ¯rewall and NAT, and peer A and/or B could be connected to some low latency anonymizing network. Here we view the Internet cloud and any low latency anonymizing network as a black box, and we are interested only in the Skypy °ows that enter or exit the black box.
We assume that (1) we can monitor the Skype °ow from the black box to the Skype peer; (2) we can perturb the timing of the Skype °ow from the Skype peer to the black box.
Here we do not intend to track all the peer-to-peer VoIP calls from anyone to anyone, nor do we assume the global monitoring and intercepting capability. Instead we focus on ¯nding out if some parties in which we are interested have communicated via peer-to-peer VoIP calls anonymously, and we only need the capability to monitor and intercept IP °ows to and from those interested parties. This model is consistent with our understanding of the common practice of lawful electronic surveillance by the law enforcement agencies. Because the Skype VoIP °ows are encrypted from end to end, no correlation could be found from the °ow content.
Given that the Skype VoIP °ow could pass some intermediate Skype peers and some low latency anonymizing network, there is no correlation from the VoIP °ow headers. Among all the characteristics of the VoIP °ows, the inter-packet timing characteristics are likely to be preserved across intermediate Skype peers and low latency anonymizing network. This invariant property of VoIP °ows forms the very foundation for tracking anonymous, peer-to-peer VoIP calls on the Internet.
Source: gmu.edu