Voice over IP(VoIP) is widely used in today's communication, VoIP is a methodology that able to converts analog voice signals into digital data packets and support real-time, two-way transmission of conversations using Internet Protocol. Despite of the fact that VoIP technology have greatly developed since the earliest design, it still suffer from the common problem that affect Internet security: hacker. Currently Timing-based attack is the most famous attack method on VoIP. Timing-based traffic analysis attacks mainly based on packet inter-arrival time. Attackers are able to analyze the packet sending time intervals and export user's talking pattern. Finally, attacker can identify the user by comparing the exported talking pattern with the talking pattern in their databases. Therefore, to protect user's identity, we propose a new application to hide user's talking pattern.

In this thesis, we address issues related to traffic analysis attacks and the corresponding countermeasures in VoIP traffic. We focus on a particular class of traffic analysis attack, timing-based correlation attacks, by which an adversary attempt to analyze packet inter-arrival time of a user and correlate the output traffic with the traffic in their database. Correlation method that is used in this type of attack, namely Dynamic Time Warping(DTW) based Correlation. Based on our threat model and known strategies in existing VoIP communication, we develop methods that can effectively counter the timing-based correlation attacks. The empirical results shows the effectiveness of the proposed scheme in term of countering timing-based correlation attacks.

Our experimental result showed that our application is able to hide user's identity in VoIP communication, with a few modifications in the sending process.