VOIP security Research Papers - Academia.edu (original) (raw)

Este artigo apresenta um estudo da utilização do IPSec para garantir a seguran¸ca das comunicações Voz sobre IP em ambientes de comunicação sem fio. Nós investigamos e quantificamos o impacto dos mecanismos de segurança oferecidos pelo... more

- by
- •
- Voip, VOIP security, IPSec, Comunicação Sem Fio

Voice over IP (VoIP) is the transmission of voice and multimedia content over Internet Protocol (IP) networks, this paper reviews models, frameworks and auditing standards proposed to this date to manage VoIP security through a literature review, with descriptions of both the historical and philosophical evolution reflecting an adequate knowledge of related research. Three research questions are raised here: RQ1. What are the requirements to be met by a model of security audit in VoIP systems to achieve their goals? RQ2. Today, are there additional attacks that previous works have not considered? RQ3. Which security requirements in the VoIP systems are covered (and which are not covered) by security frameworks? After some discussion about VoIP Protocols, Attacks on VoIP, Information Technology (IT) audit, IT security audits, Frameworks and auditing standards, we present a unified view of VoIP Security Requirements; as well as considering the contributions and disadvantages of frameworks and auditing standards toward achieving those requirements through a comparative evaluation. It was determined that there is no security framework which considers social engineering attacks in spite of being an important aspect to consider in security management VoIP; also there is no specific framework that covers all categories of security requirements for VoIP system, therefore, a more extensive model is needed.

- by Glen Rodriguez
- •
- Network Security, VOIP security

In recent years, there has been an increasing interest in the authentication process due to the key role that it has in the network security. Port Knocking (PKn) is an authentication method in which data transmits through the closed ports. This method is prone to attacks when attackers sniff the network. This paper proposes a new method which is called “Secure Port Knock-Tunneling” to eliminate both DOS-Knocking and NATK-nocking attacks. The possibility of implementation of this method is investigated on the Mikrotik devices.

- by Reza Ebrahimi Atani and +3
- •
- Internet Security, Authentication, VOIP security, Firewall

— As with any other technological advancement in use in today's age, security threats are proving to be the major challenges and risks. Knowledge about these security vulnerabilities presents an avenue of protecting organizational assets against virtual attacks. VoIP phone systems are becoming increasingly popular in today's society for business and personal purposes. VoIP services are increasingly productive and cheap, thereby, providing adopters a competitive edge. Voice over Internet Protocol (VoIP) is a widely deployed service since the commencement of voice and data integration. This was done in a bid to reduce cost and management concerns. VoIP uses the same infrastructure as traditional data networks and thus, inherits all the security challenges of a data network. In addition, VoIP exhibit self-inflected problems resulting from network components and the protocol adopted. This paper present the security threats witnessed in VoIP telecommunication. First, the paper explores a brief overview of VoIP techniques including network components, structure, standards and protocols, data processing techniques and quality of service. Second, the paper discusses the security threats in tandem with confidentiality, integrity and availability principle. Examples of security issues under consideration include; spamming, identity spoofing, call tempering, DoS, and Man-in-the-middle attacks among others. Finally, the paper will outline the common countermeasures adopted to mitigate the threats.

- by Adam Mentsiev
- •
- Network Security, Voice over IP, VOIP security, Cyber Security

Voice over IP is a major trend in applications for wireless networks, but even so it is not immune to the risks usually related with IP networks. Proposed solutions for VoIP security are already in the market, but these solutions must take into account the real-time constraint of voice service and their mechanisms should address possible attacks and overhead associated with it. One of these solutions is to use IETF IPSec
to guarantee confidentiality in order to address security design
holes of wireless VoIP networks. This article performs an experimental comparison of the impact of encryption mechanisms on voice speech quality in widely deployed wireless technologies: 802.11 and Bluetooth. Evaluates the upper bound on number of simultaneous VoIP calls which can be placed in a single cell of both networks when security is applied and uses the computational model E-Model to assess quantitatively the quality of service.

- by Edjair Mota
- •
- Voip, VOIP security, Mos, Wlan

Existen muchas razones para que las empresas se embarquen en la migración a troncales SIP con Session Border Controllers: reducción de los costes de comunicación, mayor fiabilidad, mayor velocidad en la introducción de nuevos servicios,... more

- by Ramon Millan
- •
- Voip, VOIP security, SBC, PBX SIP Trunk
- by IT Ambassador Ted Green
- •
- Machine Learning, Data Mining, Access Control, Cloud Computing

Various factors can have a significant degrading impact on the residential Voice over Internet Protocol (VoIP) phone services' quality. Hybrid fibre-coaxial (HFC) networks typically carry three types of traffic that include voice, data, and video. Unlike data and video, some delays or packet loss can result in a noticeable degraded impact on a VoIP's phone conversation. This paper will analyze and assess VoIP traffic prioritization and its impact on VoIP's quality of service (QoS) based on the concept of differentiated services code point (DSCP) markings. Call testing examines two types of calls. The first set of tests focus on calls that originate from a VoIP network and terminate on a signalling system 7 (SS7) network. The second experiment focuses on calls that originate from SS7 network and terminate on a VoIP network. The research results provide DSCP markings configurations that can improve phone conversations' quality.

The multimedia communication is rapidly converging towards Voice over Internet-commonly known as Voice over Internet Protocol (VoIP). Session Initiation Protocol (SIP) is the standard used for session signaling in VoIP. Crafty attackers can launch a number of Denial of Service (DoS) attacks on a SIP based VoIP infrastructure that can severely compromise its reliability. In contrast, little work is done to analyze the robustness and reliability of SIP severs under DoS attacks. In this paper, we show that the robustness and reliability of generic SIP servers is inadequate than commonly perceived. We have done our study using a customized analysis tool that has the ability to synthesize and launch different types of attacks. We have integrated the tool in a real SIP test bed environment to measure the performance of SIP servers. Our measurements show that a standard SIP server can be easily overloaded by sending simple call requests. We define the performance metrics to measure the effects of flooding attacks on real time services-VoIP in SIP environment-and show the results on different SIP server implementations. Our results also provide insight into resources' usage by SIP servers under flooding attacks. Moreover, we show that how a well known open source SIP server can be crashed through 'INVITE of Death'-a malformed SIP packet maliciously crafted by our tool. 1 We define breaking point as an attack scenario in which only 50% of the requested calls are completed.

- by Ali akbar
- •
- Computer Science, Voice over IP, DoS Attack, Multimedia Communication

Voice over IP (VoIP) technology is swiftly accepted by consumers, militaries, enterprises and governments. This technology recommend higher flexibility and more features than traditional telephony (PSTN) infrastructures, over and above the potential for lower cost through equipment consolidation, new business models for the consumer market. Voice over IP (VoIP) communications is becoming essential to the corporate world. Possibly, Voice over IP should be viewed as a chanc e to develop new, more effective security policies, infrastructu re and processes. These all new policies and practices ca n have a positive impact on the security of the entire netwo rk not only voice communications. This paper provide starting point for understanding the security facets of VoIP in a rapi dly evolving set of technologies that are seeing growing deployment and use. The main goal is to provide a better understanding of the security background with respect to VoIP security facet towa rd directing fut...

- by Mohd Muntjir
- •
- Business, Computer Science, Network Security, Network Analysis

What an alternative. Most people argue that if something works well there is no sense in changing it. This is exactly what is happening with VoIP today. Voice over Internet Protocol usually called VoIP is the transmission of voice, video conferencing, data, faxes over an IP based network. VoIP technology has received much attention due to several emerging application in voice communication. This paper presents a tutorial on a basic way of deploying VoIP using miniSipServer on an existing Metropolitan Area Network (MAN). After which security solution is deployed on the network using Virtual Private Network (VPN)

- by Babatunde Lawall
- •
- VOIP security, Networking, VoIP, Security, VoIP/SIP/IMS

ASTPP is an Open Source VoIP billing solution for Freeswitch. It supports pre-paid and post-paid billing with call rating, credit control and call reporting. It also provides many other features such as calling cards, least cost routing... more

- by Arpit Modi
- •
- Information Systems, Structural Engineering, Teacher Education, Voip

This paper reviews some security challenges currently faced by VoIP systems as well as their potential solutions. Particularly, it focuses on Zfone, a vendor-neutral security solution developed by PGP's creator, Phil Zimmermann. Zfone is based on the Z Real-time Transport Protocol (ZRTP), which is an extension of the Real-time Transport Protocol (RTP). ZRTP offers a very simple and robust approach to providing protection against the most common type of VoIP threats. Basically, the protocol offers a mechanism to guarantee high entropy in a Diffie-Hellman key exchange by using a session key that is computed through the hashing several secrets, including a short authentication string that is read aloud by callers. The common shared secret is calculated and used only for one session at a time. However, the protocol allows for a part of the shared secret to be cached for future sessions. The mechanism provides for protection for man-in-the-middle, call hijack, spoofing, and other common types of attacks. Also, this paper explores the fact that VoIP security is a very complicated issue and that the technology is far from being inherently insecure as many people usually claim. * Actually, the SS7 system performs other services such as call forwarding, automatic ring-back, and local number portability among others. † We only need to remember the infamous phone phreakers of the 1970s. The word Phreaker (compound of phone + freak) refers to people who exploit PSTN vulnerabilities to make free phone calls. ‡ The last mile refers to "the final leg of delivering connectivity from a communications provider to a customer" (see http://en.wikipedia.org/wiki/Last_mile). § The local loop refers to "the physical link or circuit" that connects "from the demarcation point of the customer premises to the edge" or Central Office of the communication provider's network (see http://en.wikipedia.org/wiki/Local_loop). * In VoIP jargon, jitter refers to the variation in time or delay between arriving packets. Possible causes of jitter in VoIP networks are: network congestion, timing drift, and/or changes of routing information (see http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213534,00.html). † We assume that Ethernet is the technology in place. Sotillo 8 © 2006 Samuel Sotillo Unfortunately, DOS attacks are very complex and cannot be addressed through a single do-it-all solution.

- by Samuel Sotillo
- •
- VOIP security

- by Franklin Gavilanez
- •
- Computer Science, Network Security, VOIP security, arXiv

12th International Conference on Communications Security & Information Assurance
(CSIA 2021) focuses on all technical and practical aspects of communications security &
information assurance for wired and wireless networks. The goal of this conference is to
bring together researchers and practitioners from academia and industry to focus on
understanding modern security threats and countermeasures, and establishing new
collaborations in these areas

Voice over IP (VoIP) technology is swiftly accepted by consumers, militaries, enterprises and governments. This technology recommend higher flexibility and more features than traditional telephony (PSTN) infrastructures, over and above the potential for lower cost through equipment consolidation, new business models for the consumer market. Voice over IP (VoIP) communications is becoming essential to the corporate world. Possibly, Voice over IP should be viewed as a chance to develop new, more effective security policies, infrastructure and processes. These all new policies and practices can have a positive impact on the security of the entire network not only voice communications. This paper provide starting point for understanding the security facets of VoIP in a rapidly evolving set of technologies that are seeing growing deployment and use. The main goal is to provide a better understanding of the security background with respect to VoIP security facet toward directing future re...

- by Mohd Muntjir
- •
- Computer Science, Network Security, Network Analysis, VOIP security

- by Yanzhen Qu
- •
- Distributed Computing, Max/MSP/Jitter, Databases, QoS and QoE
- by Leandro Galvao
- •
- Voice over IP, Cryptography, Voip, VOIP security

Skype, Google Talk, Yahoo voice etc. are all applications that enable the use of the Internet for voice conversations. They offer cost effectiveness and are easy to use, and due to these reasons many new VoIP applications are coming into existence. However, all forms of communications need to be monitored for security purposes to ensure their correct usage. With the development of more and more VoIP applications, monitoring and detection of these applications is becoming a more difficult task. Most detection techniques are based on standard protocol and IP address identification. Thus, application detection and monitoring techniques are developed after an application has been in use for some time, resulting in obvious security implications. This paper presents generic techniques for the detection of traffic generated by all VoIP protocols, both currently in existence and any future VoIP protocols that may be used. The method proposed is based on analysis carried out on different VoIP applications currently in existence.

- by Fauzia Idrees Abro
- •
- Computer Networks, VOIP security

This paper describes the implementation process of the Free Technologies Open Laboratory (LATL) in the Center for Information Technology Renato Archer (CTI) under the approach of 5W1H framework. The actions of adoption, use and development of ICT by governs remain controversial between daily practice and legislation pro free technologies. The implementation of LATL aims to provide means to promote and empower government units in the use and development of free technologies and open standards for documents and data. The application of 5W1H model proved useful in the definition and evaluation of the actions of cause and effect in the implementation process of the laboratory. Resumo. Este artigo descreve o processo de implantação do Laboratório Aberto de Tecnologias Livres (LATL) no Centro de Tecnologia da Informação Renato Archer (CTI) sob o enfoque do modelo 5W1H. As ações de adoção, uso e desenvolvimento de TIC por governos continuam sendo controversas entre a prática vigente e a legislação pró tecnologias livres. A implantação do LATL visa proporcionar meios para promover e capacitar unidades de governo no uso e desenvolvimento de tecnologias livres e padrões abertos para documentos e dados. A aplicação do modelo 5W1H mostrou-se útil na definição e avaliação das ações de causa e efeito do processo de implantação do laboratório.

Voice over IP (VoIP) technology is swiftly accepted by consumers, militaries, enterprises and governments. This technology recommend higher flexibility and more features than traditional telephony (PSTN) infrastructures, over and above the potential for lower cost through equipment consolidation, new business models for the consumer market. Voice over IP (VoIP) communications is becoming essential to the corporate world. Possibly, Voice over IP should be viewed as a chance to develop new, more effective security policies, infrastructure and processes. These all new policies and practices can have a positive impact on the security of the entire network not only voice communications. This paper provide starting point for understanding the security facets of VoIP in a rapidly evolving set of technologies that are seeing growing deployment and use. The main goal is to provide a better understanding of the security background with respect to VoIP security facet toward directing future re...

- by Mohd Muntjir and +1
- •
- Computer Science, Network Security, Network Analysis, VOIP security

VoIP is technology for transmitting voice
and data over IP for communication. It has various
benefits such as, voice messaging, calling, video messaging
as well as video conferencing with file sharing. VoIP is
better than Public Switched Telephone Network (PSTN)
and cellular network. We can see all the services in VoIP
based application such as Skype, Google talk. Due to the
file sharing and information transformation in VoIP, there
are more chances to loss valuable data information. For
that the security provisions must be there. To prevent
from such problem there are various techniques designed.
In this research paper we study that various techniques
proposed for security in VoIP environment.

In this paper, we present an optimized implementation of secure VoIP protocol stack so that the stack
would fit into the memory and computation budget of constrained embedded systems. The novel approach
that we take to achieve this is to perform cross-layer optimization of buffers and buffer operations.
Buffers and buffer operations are involved in playback, capture, codec transformations, and network I/O.
Following this approach, we have implemented VoIP application functions, RTP, and Secure RTP
protocols in a tightly integrated and highly optimized manner, on the top of the embedded TCP/IP stack,
uIP. We call the protocol stack thus constructed, the uVoIP stack. We have tested the uVoIP stack in
GNU/Linux Operating System using tunnel device for sending and receiving raw packets.

This paper presents an empirical investigation of the impact of Secure RTP (SRTP) on VoIP calls over wireless networks: 802.11 and Bluetooth. For the purpose of evaluating this impact we developed an analysis tool based on E-Model and... more

- by Edjair Mota
- •
- Voice over IP, Secure and Critical Communicating Systems, Voip, VOIP security

- by Samuel Sotillo
- •
- VOIP security