IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.2, February 2008 52 Manuscript received February 5, 2008 Manuscript revised February 20, 2008 A Generic Technique for Voice over Internet Protocol (VoIP) Traffic Detection Fauzia Idrees Uzma Aslam Khan, Military College of Signals, NUST Rawalpindi, Pakistan Summary Skype, Google Talk, Yahoo voice etc. are all applications that enable the use of the Internet for voice conversations. They offer cost effectiveness and are easy to use, and due to these reasons many new VoIP applications are coming into existence. However, all forms of communications need to be monitored for security purposes to ensure their correct usage. With the development of more and more VoIP applications, monitoring and detection of these applications is becoming a more difficult task. Most detection techniques are based on standard protocol and IP address identification. Thus, application detection and monitoring techniques are developed after an application has been in use for some time, resulting in obvious security implications. This paper presents generic techniques for the detection of traffic generated by all VoIP protocols, both currently in existence and any future VoIP protocols that may be used. The method proposed is based on analysis carried out on different VoIP applications currently in existence. Key words: Voice over IP (VoIP), Skype, Peer-to-Peer (P2P), Internet Telephony, Voice packet characteristics 1. Introduction The world is becoming increasingly IP-centric, with a large number of devices getting networked every day. Voice over Internet Protocol -VoIP is one of the fastest growing Internet applications today. Voice over IP -VoIP - is a set of technologies that enable voice calls to be carried over the Internet (or other networks designed for data), rather than the traditional telephone landline system—the Public Switched Telephone Network (PSTN). Voice over IP uses the Internet Protocol (IP) to transmit voice as packets over an IP network. Using VOIP protocols, voice communications can be achieved on any IP network regardless, it is Internet, Intranets or Local Area Networks (LAN). The potential of free or very low cost- phone calls is the driving force behind the adoption of this technology, but in the long run, VoIP is more significant than just free phone calls, it represents a major change in telecommunications. The fact that VoIP transmits voice as digitized packets over the Internet means that it has the potential to converge with other digital technologies, which in turn will result in new services and applications becoming available. VoIP is an advancing area of research. There are many different and generally incompatible techniques for sending voice over the Internet. The International Telecommunications Union standard H.323 provides for voice and video teleconferencing; the Internet Engineering Task Force adopted an incompatible system called Session Initiation Protocol (SIP). Cisco developed a proprietary system called the Skinny Client Control Protocol (SCCP). This variety of available protocols has led to several different implementation architectures. Most implementations use the centralized server client architecture, but recent years have also seen developments in the decentralized peer-to-peer networks. Offering a cost effective solution without a compromise to the quality is attracting both home users as well as businesses, which are dependent on long distance communications. A recent survey carried out predicted that VoIP will account for approximately 75% of world voice services by 2008. However, the adoption of VoIP is not without its complications. Law enforcement agencies often need to conduct lawful electronic surveillance in order to combat crime and terrorism. The telephone service provider is required to provide the authorized law enforcement agencies with contents of telephone calls conducted by each user designated for surveillance. Carriers want to identify the type of traffic their networks are carrying, especially VoIP calls. The emphasis on VoIP is because it uses up the carriers’ largest traditional source of revenue, circuit switched services. Even if they offer VoIP services themselves, they face an obvious dilemma. At the very best, they receive less revenue from their largest and most