Options
2014
Conference Paper
Titel
A conceptual model of a trustworthy voice signature terminal
Abstract
Organizations often transmit phone conversations via private business exchanges (PBXs) using Voice over Internet Protocol (VoIP), which is evermore frequently available via cloud computing. Conversations that utilize this technology are easily recorded, and consequently can become digital artifacts that are available for use as forensic evidence. However, their soundness as evidence could be called into question because these artifacts can be manipulated. As a solution to this problem, we present a concept to achieve non-repudiation for natural-language conversations by electronically signing packet-based, digital, voice communication. A digital, voice communication is made up of two parts: a bidirectional data stream and a temporal sequence. Ensuring the security of such a communication involves protecting both its integrity and authenticity. This is achieved using a signature, key-based approach that is conceptually close to the protocols already inherent to VoIP, allowing it to be interoperable with existing VoIP infrastructures. Additionally, in order to develop a fully trustworthy voice signature terminal, we incorporate various design principles defined by the Trusted Computing Group (TCG) with regard to both software and hardware. By signing both the data streams and the temporal sequence of a communication, various attacks are mitigated. These include tampering with the content of the conversation in order to change the meaning; deliberately suppressing packets; falsely claiming that packets did not arrive; and finally sending dual data streams with the intention to replace or invalidate data. A trustworthy voice signature terminal will provide complete non-repudiation of conversations by protecting the integrity of voice conversations, authenticating speakers, and electronically signing voice communications.