signalling level voip privacy & p2p (Re: [p2p-hackers] Is P2P
SIP Poised to Out-Hype Skype?)
Saikat Guha
sg266 at cornell.edu
Tue Aug 23 02:46:14 UTC 2005
On Mon, 2005-08-22 at 09:51 -0400, Adam Back wrote:
> You are talking about current protocols -- and even with current
> protocols I think p2p does because without a central server it is
> harder to tap -- you have to tap enough points to catch the call
> negotiation you are interested in.
Agreed. Although in some cases, as few as two tap-points can be enough
(as demonstrated in the article I linked earlier).
> Also at zero-knowledge systems they had a pseudonymous mail system.
On the topic of anonymity, the only p2p network that is immune to packet
correlations that I am aware of is P5 [1] -- where peers send noise
(that models real data) when they don't have real data to send. The same
approach can be extended to centralized approaches where endpoints
randomly initiate fake calls and send noise to hide the real calls. Both
approaches trade off level of anonymity for communication efficiency and
have equivalent privacy properties.
Barring the # of taps argument (which is mitigated by recent techniques
as pointed out earlier), I'd appreciate pointers to p2p systems that
represent a genuine security/privacy/anonymity advantage that cannot be
applied to centralized ones.
[1] http://www.cs.cornell.edu/People/egs/615/p5.pdf
--
Saikat
More information about the P2p-hackers
mailing list