Characterising network traffic for Skype forensics

Ahmad Azab; Paul Watters; Robert Layton

doi:10.1109/CTC.2012.14

Characterising network traffic for Skype forensics

Ahmad Azab, Paul Watters, Robert Layton

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

22 Citations (Scopus)

Abstract

Voice over IP (VoIP) is increasingly replacing fixed line telephone systems globally due to lower cost, call quality improvements over digital lines and ease of availability. At the same time, criminals have also transitioned to using this environment, creating challenges for law enforcement, since interception of VoIP traffic is more difficult than a traditional telephony environment. One key problem for proprietary VoIP algorithms like Skype is being able to reliably identify and characterize network traffic. In this paper, the latest Skype version and its components are analyzed, in terms of network traffic behavior for logins, calls establishment, call answering and the change status phases. Network conditions tested included blocking different port numbers, inbound connections and outbound connections. The results provide a clearer view of the difficulties in characterizing Skype traffic in forensic contexts. We also found different changes from previous investigations into older versions of Skype.

Original language	English
Title of host publication	Proceedings - 2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	19-27
Number of pages	9
ISBN (Print)	9780769549408
DOIs	https://doi.org/10.1109/CTC.2012.14
Publication status	Published - 2013
Externally published	Yes
Event	2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012 - Ballarat, VIC, Australia Duration: 29 Oct 2012 → 30 Oct 2012

Other

Other	2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012
Country/Territory	Australia
City	Ballarat, VIC
Period	29/10/12 → 30/10/12

Keywords

component
Forensics
Security
Skype
VoIP

Access to Document

10.1109/CTC.2012.14

Cite this

@inproceedings{5e752382167c4fff85b48ee52ff6635b,

title = "Characterising network traffic for Skype forensics",

abstract = "Voice over IP (VoIP) is increasingly replacing fixed line telephone systems globally due to lower cost, call quality improvements over digital lines and ease of availability. At the same time, criminals have also transitioned to using this environment, creating challenges for law enforcement, since interception of VoIP traffic is more difficult than a traditional telephony environment. One key problem for proprietary VoIP algorithms like Skype is being able to reliably identify and characterize network traffic. In this paper, the latest Skype version and its components are analyzed, in terms of network traffic behavior for logins, calls establishment, call answering and the change status phases. Network conditions tested included blocking different port numbers, inbound connections and outbound connections. The results provide a clearer view of the difficulties in characterizing Skype traffic in forensic contexts. We also found different changes from previous investigations into older versions of Skype.",

keywords = "component, Forensics, Security, Skype, VoIP",

author = "Ahmad Azab and Paul Watters and Robert Layton",

year = "2013",

doi = "10.1109/CTC.2012.14",

language = "English",

isbn = "9780769549408",

pages = "19--27",

booktitle = "Proceedings - 2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

address = "United States",

note = "2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012 ; Conference date: 29-10-2012 Through 30-10-2012",

}

Azab, A, Watters, P & Layton, R 2013, Characterising network traffic for Skype forensics. in Proceedings - 2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012., 6498424, Institute of Electrical and Electronics Engineers (IEEE), pp. 19-27, 2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012, Ballarat, VIC, Australia, 29/10/12. https://doi.org/10.1109/CTC.2012.14

Characterising network traffic for Skype forensics. / Azab, Ahmad; Watters, Paul; Layton, Robert.
Proceedings - 2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012. Institute of Electrical and Electronics Engineers (IEEE), 2013. p. 19-27 6498424.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - Characterising network traffic for Skype forensics

AU - Azab, Ahmad

AU - Watters, Paul

AU - Layton, Robert

PY - 2013

Y1 - 2013

N2 - Voice over IP (VoIP) is increasingly replacing fixed line telephone systems globally due to lower cost, call quality improvements over digital lines and ease of availability. At the same time, criminals have also transitioned to using this environment, creating challenges for law enforcement, since interception of VoIP traffic is more difficult than a traditional telephony environment. One key problem for proprietary VoIP algorithms like Skype is being able to reliably identify and characterize network traffic. In this paper, the latest Skype version and its components are analyzed, in terms of network traffic behavior for logins, calls establishment, call answering and the change status phases. Network conditions tested included blocking different port numbers, inbound connections and outbound connections. The results provide a clearer view of the difficulties in characterizing Skype traffic in forensic contexts. We also found different changes from previous investigations into older versions of Skype.

AB - Voice over IP (VoIP) is increasingly replacing fixed line telephone systems globally due to lower cost, call quality improvements over digital lines and ease of availability. At the same time, criminals have also transitioned to using this environment, creating challenges for law enforcement, since interception of VoIP traffic is more difficult than a traditional telephony environment. One key problem for proprietary VoIP algorithms like Skype is being able to reliably identify and characterize network traffic. In this paper, the latest Skype version and its components are analyzed, in terms of network traffic behavior for logins, calls establishment, call answering and the change status phases. Network conditions tested included blocking different port numbers, inbound connections and outbound connections. The results provide a clearer view of the difficulties in characterizing Skype traffic in forensic contexts. We also found different changes from previous investigations into older versions of Skype.

KW - component

KW - Forensics

KW - Security

KW - Skype

KW - VoIP

UR - https://www.scopus.com/pages/publications/84877261395

U2 - 10.1109/CTC.2012.14

DO - 10.1109/CTC.2012.14

M3 - Conference proceeding contribution

AN - SCOPUS:84877261395

SN - 9780769549408

SP - 19

EP - 27

BT - Proceedings - 2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012

PB - Institute of Electrical and Electronics Engineers (IEEE)

T2 - 2012 3rd Cybercrime and Trustworthy Computing Workshop, CTC 2012

Y2 - 29 October 2012 through 30 October 2012

ER -

Characterising network traffic for Skype forensics

Abstract

Other

Keywords

Access to Document

Other files and links

Fingerprint

Cite this