Jiri Kuthan, Intuitive Labs
We describe the privacy aspects of an alerting system we have designed for low-latency voice-over-IP (VoIP) security analytics. The application of end-to-end encryption to Privacy Identifiable Information (PII) reliably assures that neither analytics system administrators nor intruders can find out who has been calling whom. Only a client, represented by a traffic probe at the source and a GUI at the receiving end, can observe the data in plain text. At the same time, we aim to preserve the system's analytic capabilities. The underlying system can ingest massive streams of events describing user and device behavior, analyze them, and provide low-latency automated responses to detected threats. Encryption of PII in ingested data poses a challenge to both analytical capabilities on the server side and CPU performance on the client side. We are thus using specific knowledge of the application's data. We limit the encryption to PII such as SIP URIs, E.164 telephone numbers, and IP addresses. Further, we use prefix-preserving encryption techniques. Performance measurements and field validation have shown that we could still support typical security analytical cases, preserve PII privacy, and achieve reasonable processing latency for human system users and automated response facilities.
Authors: Cristian Constantin and Jiri Kuthan
Jiri Kuthan, Intuitive Labs

Jiri Kuthan serves as Chief Technology Officer at Intuitive Labs. Jiri graduated in CS from the University of Salzburg, Austria, and started his research career at Fraunhofer Labs in Berlin, Germany. He co-founded a startup, iptel.org, that produced an open-source SIP server known today as Kamalio/opensips. Jiri then started several other startups that focused on monitoring, session border control, and, lately, security analytics. Jiri has co-authored the RFC 3303, which coined the notion of a middlebox, a book on SIP security, and several related patents.

author = {Jiri Kuthan},
title = {Anonymization Aspects of a Low-latency {VoIP} Security Analytics System},
year = {2024},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun