A hardware-assisted proof-of-concept for secure VoIP clients on untrusted operating systems

In this work we propose a secure architecture for Voice-over-IP (VoIP) that encapsulates all security and privacy critical components and I/O functions into secure hardware and thus drastically reduces the underlying trusted computing base. Our proof-of-concept implementation shows that high security and reliance on established standards and software (e.g., device drivers, transmission control, and protocols) to keep development costs down are no contradiction. Security is ensured as all security and privacy critical operations of the VoIP system are performed in protected hardware and as a consequence a successful attack on any software component (e.g., buffer overflow) does not lead to a violation of security. All I/O devices like microphones, speakers, displays, and dial buttons are directly connected to the secure hardware and cannot be controlled by an adversary even if the software part has been compromised.