nach oben

Electronic Commerce Research

Erschienen in:

01.03.2016

Android mobile VoIP apps: a survey and examination of their security and privacy

verfasst von: Abdullah Azfar, Kim-Kwang Raymond Choo, Lin Liu

Erschienen in: Electronic Commerce Research | Ausgabe 1/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Voice over Internet Protocol (VoIP) has become increasingly popular among individuals and business organisations, with millions of users communicating using VoIP applications (apps) on their smart mobile devices. Since Android is one of the most popular mobile platforms, this research focuses on Android devices. In this paper we survey the research that examines the security and privacy of mVoIP published in English from January 2009 to January 2014. We also examine the ten most popular free mVoIP apps for Android devices, and analyse the communications to determine whether the voice and text communications using these mVoIP apps are encrypted. The results indicate that most of the apps encrypt text communications, but voice communications may not have been encrypted in Fring, ICQ, Tango, Viber, Vonage, WeChat and Yahoo. The findings described in this paper contribute to an in-depth understanding of the potential privacy risks inherent in the communications using these apps, a previously understudied app category. Six potential research topics are also outlined.

Vorheriger Artikel The role of risk in e-retailers’ adoption of payment methods: evidence for transition economies

Nächster Artikel A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Although the PRISM program by National Security Agency reportedly allows the U.S. intelligence community to gain access from nine Internet companies to a wide range of digital information [34], including VoIP and mVoIP communications, such capabilities are not typically available to other non-state actors or most non-U.S. state actors.

Appelman, M., Bosma, J., & Veerman, G. (2011). Viber communication security: Unscramble the scrambled.

Australian Government Department of Broadband Communications and Digital Economy. (2013). Statistical Snapshot.

Azab, A., Watters, P., & Layton, R. (2012). Characterising network traffic for skype forensics. In Proceedings of the Third Cybercrime and Trustworthy Computing Workshop (CTC), Australia, 29–30 October 2012 (pp. 19–27).

Azfar, A., Choo, K.-K. R., & Liu, L. (2014). A study of ten popular android mobile voip applications: Are the communications encrypted? In Proceedings of the 47th Anual Hawaii International Conference on System Sciences (HICSS), Hawaii, 6–9 January 2014 (pp. 4858–4867).

BKAV Internet Security Corporation (2013). Critical flaw in Viber allows full access to Android Smartphones, bypassing lock screen. Accessed April 30, 2013, from http://www.bkav.com/top-news/-/view_content/content/46264/critical-flaw-in-viber-allows-full-access-to-android-smartphones-bypassing-lock-screen.

Blond, S. L., Zhang, C., Legout, A., Ross, K., & Dabbous, W. (2011). I know where you are and what you are sharing: exploiting P2P communications to invade users’ privacy. In Proceedings of the ACM Internet Measurement Conference (SIGCOMM 2011), Germany, 2–4 November 2011 (pp. 45–60).

Cagnina, M., & Poian, M. (2009). Beyond e-business models: The road to virtual worlds. Electronic Commerce Research, 9(1–2), 49–75.CrossRef

Carpenter, M., & Wright, J. (2009). Advanced metering infrastructure attack methodology. http://inguardians.com/pubs/AMI_Attack_Methodology.pdf.

Chang, H. (2013). The security service rating design for IT convergence services. Electronic Commerce Research, 13(3), 317–328.CrossRef

10.

Chang, Y. F., Chen, C. S., & Zhou, H. (2009). Smart phone for mobile commerce. Computer Standards & Interfaces, 31(4), 740–747.CrossRef

11.

Chen, Q., Chen, H.-M., & Kazman, R. (2007). Investigating antecedents of technology acceptance of initial eCRM users beyond generation X and the role of self-construal. Electronic Commerce Research, 7(3–4), 315–339.CrossRef

12.

Choo, K. K. R. (2009). Secure key establishment. Advances in information security (Vol. 41). New York: Springer.CrossRef

13.

Choo, K.-K. R. (2014). Mobile cloud storage users. IEEE Cloud Computing, 1(3), 20–23.CrossRef

14.

Choo, K.-K. R., Smith, R. G., & McCusker, M. (2007). Future directions in technology-enabled crime: 2007–2009. Canberra: Australian Institute of Criminology.

15.

Does Skype use encryption? Retrieved January 30, 2014, from https://support.skype.com/en/faq/FA31/does-skype-use-encryption.

16.

Dorfinger, P., Panholzer, G., & John, W. (2011). Entropy estimation for real-time encrypted traffic identification (Short Paper). In J. Domingo-Pascual, Y. Shavitt, & S. Uhlig (Eds.), Traffic monitoring and analysis (Vol. 6613, pp. 164–171, Lecture Notes in Computer Science): Springer Berlin Heidelberg.

17.

Fring. Retrieved January 27, 2014, from http://www.fring.com/.

18.

Ghaemmaghami, H., Dean, D., Sridharan, S., & McCowan, I. (2010). Noise robust voice activity detection using normal probability testing and time-domain histogram analysis. In Proceedings of the IEEE International Conference on Acoustics Speech and Signal Processing (ICASSP), USA, 14–19 March 2010 (pp. 4470–4473).

19.

Goldreich, O. (2004). Foundations of cryptography: Volume 2, basic applications. Cambridge: Cambridge University Press.CrossRef

20.

Gomes, J., Inacio, P., Pereira, M., Freire, M., & Monteiro, P. (2013). Identification of peer-to-peer VoIP sessions using entropy and codec properties. IEEE Transactions on Parallel and Distributed Systems, 24(10), 2004–2014.CrossRef

21.

Google How Hangouts encrypts information. Retrieved April 3, 2015, from https://support.google.com/hangouts/answer/6046115?hl=en#.

22.

Guo, J.-I., Yen, J.-C., & Pai, H.-F. (2002). New voice over Internet protocol technique with hierarchical data security protection. IEE Proceedings: Vision, Image and Signal Processing, 149(4), 237–243.

23.

Hester, J. (2009). Big Blue Ball.com: Instant messaging & social networking. Accessed January 25, 2014, from http://www.bigblueball.com/im/googletalk/.

24.

ICQ. (2011). ICQ Privacy Policy. Accessed April 3, 2015, from http://www.icq.com/legal/privacypolicy/en.

25.

Infonetics Research raises VoLTE forecast; Over-the-top mobile VoIP subscribers nearing 1 billion mark (2013). Accessed January 15, 2014, from http://www.infonetics.com/pr/2013/Mobile-VoIP-Services-and-Subscribers-Market-Highlights.asp.

26.

Jahanirad, M., AL-Nabhani, Y., & Noor, R. M. (2011). Security measures for VoIP application: A state of the art review. Scientific Research and Essays, 6(23), 4950–4959.

27.

Johnson, M., Ishwar, P., Prabhakaran, V., Schonberg, D., & Ramchandran, K. (2004). On compressing encrypted data. IEEE Transactions on Signal Processing, 52(10), 2992–3006.CrossRef

28.

King, A., & Lyons, K. (2011). Automatic status updates in distributed software development. In Proceedings of the 2nd International Workshop on Web 2.0 for Software Engineering, USA, 21–28 May 2011 (pp. 19–24).

29.

Lee, J., Ko, H.-S., Park, S., Seo, M., & Kim, I. (2011) .Study on secure mobile communication based on the hardware security module. In Fifth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies (UBICOMM 2011), Portugal, 20–25 November 2011 (pp. 23–26)

30.

Ludwig, S., Beda, J., Saint-Andre, P., McQueen, R., Egan, S., & Hildebrand, J. (2009). XEP-0166: Jingle. Accessed January 30, 2014, from http://xmpp.org/extensions/xep-0166.html.

31.

Menghui, Y., Hua, L., & Tonghong, L. (2010). Implementation and performance for lawful intercept of VoIP calls based on SIP session border controller. In Proceedings of the IEEE 10th International Conference on Computer and Information Technology (CIT), United Kingdom, 29 June-1 July 2010 (pp. 2635–2642).

32.

Misra, S. K., & Wickamasinghe, N. (2004). Security of a mobile transaction: A trust model. Electronic Commerce Research, 4(4), 359–372.CrossRef

33.

Nimbuzz. Accessed January 30, 2014, from http://www.nimbuzz.com/en/support.

34.

NSA slides explain the PRISM data-collection program. (2013). The Washington Post.

35.

PcapHistogram. Retrieved January 30, 2014, from http://www.willhackforsushi.com/code/pcaphistogram.pl.

36.

Perez, J. C. (2013, May 25). Google defends its use of proprietary tech in Hangouts. PC World

37.

pyNetEntropy. Accessed January 30, 2014, from https://github.com/batidiane/pyNetEntropy.

38.

Sarkar, A. (2012). Yahoo! Voice Compromised, 450 K Login Credentials Stolen & Posted In Plain Text. Accessed January 30, 2014, from http://www.voiceofgreyhat.com/2012/07/yahoo-voice-compromised-450k-login.html.

39.

Shannon, C. E. (1951). Prediction and entropy of printed English. Bell Systems Technical Journal, 30(1), 50–64.CrossRef

40.

Shepard, B. (2013). 10 Cool Ways Companies Use Skype. Accessed January 30, 2014, from http://blogs.skype.com/2013/08/28/happy-10th-ten-cool-ways-companies-use-skype/.

41.

Soupionis, Y., Basagiannis, S., Katsaros, P., & Gritzalis, D. (2011). A formally verified mechanism for countering SPIT. In C. Xenakis, & S. Wolthusen (Eds.), Critical Information Infrastructures Security (Vol. 6712, pp. 128–139, Lecture Notes in Computer Science): Springer Berlin Heidelberg.

42.

Tango. Accessed January 27, 2014, from http://www.tango.me/.

43.

Viber are my messages secure? Accessed April 3, 2015, from https://support.viber.com/customer/portal/articles/1600146-are-my-messages-secure-#.VR321vmUeSo.

44.

Viber Connect Freely. Accessed January 15, 2015, from http://www.viber.com/.

45.

VoIP Users Conference. Accessed January 27, 2014, from http://www.voipusersconference.org/2011/jabber-jitsi-nimbuzz/.

46.

Vonage Mobile. Accessed January 30, 2014, from http://www.vonagemobile.com/.

47.

Vrakas, N., & Lambrinoudakis, C. (2013). An intrusion detection and prevention system for IMs and VoIP services. International Journal of Information Security, 2(3), 201–217.CrossRef

48.

Wang, C.-H., & Liu, Y.-S. (2011). A dependable privacy protection for end-to-end VoIP via Elliptic-Curve Diffie-Hellman and dynamic key changes. Journal of Network and Computer Applications, 34(5), 1545–1556.CrossRef

49.

WeChat The New Way to Connect. Accessed January 15, 2015, from http://www.wechat.com/en/.

50.

Wright, C. V., Ballard, L., Monrose, F., & Masson, G. M. (2007). Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob? In USENIX Security, 2007 (Vol. 3, pp. 43–54, Vol. 3.6)

51.

Yahoo! 7 Messenger. Accessed January 30, 2014, from http://au.messenger.yahoo.com/features/.

Titel: Android mobile VoIP apps: a survey and examination of their security and privacy
verfasst von: Abdullah Azfar
Kim-Kwang Raymond Choo
Lin Liu
Publikationsdatum: 01.03.2016
Verlag: Springer US
Erschienen in: Electronic Commerce Research / Ausgabe 1/2016
Print ISSN: 1389-5753
Elektronische ISSN: 1572-9362
DOI: https://doi.org/10.1007/s10660-015-9208-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 1/2016

Erratum to: Trust and risk in consumer acceptance of e-services

How do social-based cues influence consumers’ online purchase decisions? An event-related potential study

A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography

The role of risk in e-retailers’ adoption of payment methods: evidence for transition economies