A Lightweight Privacy Preserving Approach for Analyzing Communication Records to Prevent VoIP Attacks Using Toll Fraud as an Example

Voice-over-IP systems are quite frequently attacked with the intent of service theft. While VoIP security has been intensively researched in the past, devised solutions often demand significant changes to the VoIP systems. In addition, several solutions propose the filtering of telephone calls, but these solutions only have a limited focus on the privacy rights of the call participants. We propose a method for analyzing communication records with the primary purpose to prevent VoIP attacks. Moreover, our approach integrates with little effort into common VoIP usage scenarios. As an example we use the prevention of toll-fraud attacks as a running example. The analysis of the communication records, however, requires investigating personal information in the communication records, e.g., call habits and phone numbers. Consequently we give an overview of major US and EU laws and regulations to elicit privacy requirements. We also demonstrate how these requirements can be implemented using Comercial-Off-The-Shelf VoIP systems.