The Association of Digital Forensics, Security and Law (ADFSL)


Viber is one of the widely used mobile chat application which has over 606 million users on its platform. Since the recent release of Viber 6.0 in March/April 2016 and its further updates, Viber provides end-to-end encryption based on Open Whisper Signal security architecture. With proprietary communication protocol scattered on distributed cluster of servers in different countries and secure cryptographic primitives, Viber offers a difficult paradigm of traffic analysis. In this paper, we present a novel methodology of identification of Viber traffic over the network and established a model which can classify its services of audio and audio/video calls, message chats including text and voice chats, group messages and file/media sharing. Absolute detection of both parties of Viber voice and video calls is also demonstrated in our work. Our findings on Viber traffic signatures are applicable to most recent version of Viber 6.2.2 for android and iOS devices.


Adami, D., Callegari, C., Giordano, S., Pagano, M., & Pepe, T. (2012). Skype-hunter: A real-time system for the detection and classification of skype traffic. International Journal of Communication Systems, 25 (3), 386-403.

Appelman, M., Bosma, J., & Veerman, G. (2011). Viber communication security. System and network of engineering, university of Amsterdam, Netherlands.

Callado, A., Kamienski, C., Szabo, G., Gero, B. P., Kelner, J., Fernandes, S., & Sadok, D. (2009). A survey on internet traffic identification. IEEE Communications Surveys & Tutorials, 11 (3), 37-52.

Chakravarty, S., Barbera, M. V., Portokalidis, G., Polychronakis, M., & Keromytis, A. D. (2014). On the effectiveness of traffic analysis against anonymity networks using ow records. In International conference on passive and active network measurement (pp. 247-257).

Chakravarty, S., Stavrou, A., & Keromytis, A. D. (2010). Traffc analysis against low-latency anonymity networks using available bandwidth estimation. In European symposium on research in computer security (pp. 249-267).

Chen, A., Jin, Y., Cao, J., & Li, L. E. (2010). Tracking long duration flows in network traffic. In Infocom, 2010 proceedings ieee (pp. 1-5).

Coull, S. E., & Dyer, K. P. (2014). Traffic analysis of encrypted messaging services: Apple imessage and beyond. ACM SIGCOMM Computer Communication Review, 44 (5), 5-11.

Dainotti, A., Pescape, A., & Claffy, K. C. (2012). Issues and future directions in traffic classification. IEEE network, 26 (1), 35-40.

Gilad, Y., & Herzberg, A. (2012). Spying in the dark: Tcp and tor traffic analysis. In International symposium on privacy enhancing technologies symposium (pp. 100-119).

Karpisek, F., Baggili, I., & Breitinger, F. (2015). Whatsapp network forensics: Decrypting and understanding the whatsapp call signaling messages. Digital Investigation, 15, 110-118.

Marik, R., Bezpalec, P., Kucerak, J., & Kencl, L. (2015). Revealing viber communication patterns to assess protocol vulnerability. In 2015 international conference on computing and network communications (coconet) (pp. 496-504).

Nguyen, T. T., & Armitage, G. (2008). A survey of techniques for internet traffic classification using machine learning. IEEE Communications Surveys & Tutorials, 10 (4), 56-76.

Rakuten, I. (1997 (accessed 30-August-2016)). Viber Encryption Overview. http://www.viber.com/en/security-overview.

Rakuten, I. (1997 (accessed 9-November-2016)). Viber: About. http://www.viber.com/en/about.

Velan, P., Cermak, M., Celeda, P., & Drasar, M. (2015). A survey of methods for encrypted traffic classification and analysis. International Journal of Network Management, 25 (5), 355-374.

Walnycky, D., Baggili, I., Marrington, A., Moore, J., & Breitinger, F. (2015). Network and device forensic analysis of android social-messaging applications. Digital Investigation, 14 , S77-S84.

Yuan, Z., Du, C., Chen, X., Wang, D., & Xue, Y. (2014). Skytracer: Towards fine-grained identification for skype traffic via sequence signatures. In Computing, networking and communications (icnc), 2014 international conference on (pp. 1-5).

Zhang, F., He, W., Liu, X., & Bridges, P. G. (2011). Inferring users' online activities through traffic analysis. In Proceedings of the fourth acm conference on wireless network security (pp. 59-70).

Zhang, J., Chen, C., Xiang, Y., Zhou, W., & Vasilakos, A. V. (2013). An effective network traffic classification method with unknown flow detection. IEEE Transactions on Network and Service Management, 10 (2), 133-147.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.