Abstract
To establish peer-to-peer connections and achieve realtime web-based communication, the WebRTC framework requires address information of the communicating peers. This means that users behind, say, NAT or firewalls normally rely on the ICE framework for the sake of negotiating information about the connection and media transferring. This typically involves STUN/TURN servers, which assist the peers discover each other's private and public IP:port, and relay traffic if direct connection fails. Nevertheless, these IP:port pieces of data can be easily captured by anyone who controls the corresponding STUN/TURN server, and even more become readily available to the JavaScript application running on the webpage. While this is acceptable for a user that deliberately initiates a WebRTC connection, it becomes a worrisome privacy issue for those being unaware that such a connection is attempted. Furthermore, the application acquires more information on the local network architecture compared to what is exposed in usual HTTP interactions, where only the public IP is visible. Even though this problem is well-known in the related literature, no practical solution has been proposed so far. To this end, and for the sake of detecting and preventing in realtime the execution of STUN/TURN clandestine, privacy-invading requests, we introduce two different kinds of solutions (a) a browser extension, and (b) an HTTP gateway, implemented in C++ as well as in Golang. Both solutions detect any WebRTC API call before it happens and inform accordingly the end-user about the webpage's intentions. We meticulously evaluate the proposed schemes in terms of performance and demonstrate that even in the worst case, the latency introduced is tolerable.

Abstract
While more and more users turn to IP-based communication technologies, privacy and anonymity remain largely open issues. One of the most prominent VoIP protocols for multimedia session management is SIP which, despite its popularity, suffers from security and privacy flaws. As SIP messages are sent in plain text, user data are exposed to intermediate proxies and eavesdroppers. As a result, information about users participating in a call can leak from header data, which cannot be omitted since they are needed for the correct routing of SIP messages to their final destination. Even more, traffic analysis attacks can be mounted with data stemming from lower layers. To redress this kind of problems, privacy can be achieved either by the construction of a lower level tunnel (via the use of SSL or IPsec protocols) or by employing a custom-tailored solution. However, SSL and IPsec are known for leading to undesirable, non affordable delays, and thus the need for a SIP-oriented solution is preferable. In the context of this article, we evaluate three alternative solutions to encounter the above issues. More specifically, we use two well-known anonymity networks, Tor and I2P, for secluding both caller's and callee's actions by securing SIP messages content. As a third solution, we present our proposal for preserving privacy in SIP signaling, by using an onion-routing approach, where selected sensitive fields of SIP messages are encrypted using either asymmetric or symmetric encryption. We compare these three alternatives in terms of performance, mentioning the pros and cons that come up with each proposal. Our work also presents the reasons why other existing anonymity networks fail to be considered as appropriate for preserving anonymity in SIP.

Abstract
We present a moderately simple to implement but very effective and silent deanonymization scheme for Tor traffic. This is done by bridging the mixes in Tor, that is, we control both the traffic leaving the Onion Proxy (OP) and the traffic entering the Exit node. Specifically, from a user’s viewpoint, our proposal has been implemented in the popular Android platform as a spyware, having the dual aim to manipulate user traffic before it enters the Tor overlay and explicitly instruct OP to choose an exit node that is controlled by the attacker. When the user traffic is received by the rogue exit node it is filtered, and the sender’s IP details become visible. Notably, apart from deobfuscating normal http traffic, say, send via the Tor browser, the proposed scheme is able to manipulate https requests as well.

Abstract
This paper focuses on network anomaly-detection and especially the effectiveness of Machine Learning (ML) techniques in detecting Denial of Service (DoS) in SIP-based VoIP ecosystems. It is true that until now several works in the literature have been devoted to this topic, but only a small fraction of them have done so in an elaborate way. Even more, none of them takes into account high and low-rate Distributed DoS (DDoS) when assessing the efficacy of such techniques in SIP intrusion detection. To provide a more complete estimation of this potential, we conduct extensive experimentations involving 5 different classifiers and a plethora of realistically simulated attack scenarios representing a variety of (D)DoS incidents. Moreover, for DDoS ones, we compare our results with those produced by two other anomaly-based detection methods, namely Entropy and Hellinger Distance. Our results show that ML-powered detection scores a promising false alarm rate in the general case, and seems to outperform similar methods when it comes to DDoS.

Abstract
Anonymity on SIP signaling can be achieved either by the construction of a lower level tunnel (via the use of SSL or IPSec protocols) or by employing a custom-tailored solution. Unfortunately, the former category of solutions present significant impediments including the requirement for a PKI and the hop-by-hop fashioned protection, while the latter only concentrate on the application layer, thus neglecting sensitive information leaking from lower layers. To remediate this problem, in the context of this paper, we employ the well-known Tor anonymity system to achieve complete SIP traffic obfuscation from an attacker’s standpoint. Specifically, we capitalize on Tor for preserving anonymity on network links that are considered mostly untrusted, i.e., those among SIP proxies and the one between the last proxy in the chain and the callee. We also, combine this Tor-powered solution with PrivaSIP to achieve an even greater level of protection. By employing PrivaSIP we assure that: (a) the first hop in the path (i.e., between the caller and the outbound proxy) affords anonymity, (b) the callee does not know the real identity of the caller, and (c) no real identities of both the caller and the callee are stored in log files. We also evaluate this scheme in terms of performance and show that even in the worst case, the latency introduced is not so high as it might be expected due to the use of Tor.