VOIP security Research Papers - Academia.edu (original) (raw)

Voice over IP (VoIP) is the transmission of voice and multimedia content over Internet Protocol (IP) networks, this paper reviews models, frameworks and auditing standards proposed to this date to manage VoIP security through a literature review, with descriptions of both the historical and philosophical evolution reflecting an adequate knowledge of related research. Three research questions are raised here: RQ1. What are the requirements to be met by a model of security audit in VoIP systems to achieve their goals? RQ2. Today, are there additional attacks that previous works have not considered? RQ3. Which security requirements in the VoIP systems are covered (and which are not covered) by security frameworks? After some discussion about VoIP Protocols, Attacks on VoIP, Information Technology (IT) audit, IT security audits, Frameworks and auditing standards, we present a unified view of VoIP Security Requirements; as well as considering the contributions and disadvantages of frameworks and auditing standards toward achieving those requirements through a comparative evaluation. It was determined that there is no security framework which considers social engineering attacks in spite of being an important aspect to consider in security management VoIP; also there is no specific framework that covers all categories of security requirements for VoIP system, therefore, a more extensive model is needed.

- by
- •
- Network Security, VOIP security

— As with any other technological advancement in use in today's age, security threats are proving to be the major challenges and risks. Knowledge about these security vulnerabilities presents an avenue of protecting organizational assets against virtual attacks. VoIP phone systems are becoming increasingly popular in today's society for business and personal purposes. VoIP services are increasingly productive and cheap, thereby, providing adopters a competitive edge. Voice over Internet Protocol (VoIP) is a widely deployed service since the commencement of voice and data integration. This was done in a bid to reduce cost and management concerns. VoIP uses the same infrastructure as traditional data networks and thus, inherits all the security challenges of a data network. In addition, VoIP exhibit self-inflected problems resulting from network components and the protocol adopted. This paper present the security threats witnessed in VoIP telecommunication. First, the paper explores a brief overview of VoIP techniques including network components, structure, standards and protocols, data processing techniques and quality of service. Second, the paper discusses the security threats in tandem with confidentiality, integrity and availability principle. Examples of security issues under consideration include; spamming, identity spoofing, call tempering, DoS, and Man-in-the-middle attacks among others. Finally, the paper will outline the common countermeasures adopted to mitigate the threats.

- by Adam Mentsiev
- •
- Network Security, Voice over IP, VOIP security, Cyber Security

Este artigo apresenta um estudo da utilização do IPSec para garantir a seguran¸ca das comunicações Voz sobre IP em ambientes de comunicação sem fio. Nós investigamos e quantificamos o impacto dos mecanismos de segurança oferecidos pelo... more

- by Edjair Mota
- •
- Voip, VOIP security, IPSec, Comunicação Sem Fio

What an alternative. Most people argue that if something works well there is no sense in changing it. This is exactly what is happening with VoIP today. Voice over Internet Protocol usually called VoIP is the transmission of voice, video conferencing, data, faxes over an IP based network. VoIP technology has received much attention due to several emerging application in voice communication. This paper presents a tutorial on a basic way of deploying VoIP using miniSipServer on an existing Metropolitan Area Network (MAN). After which security solution is deployed on the network using Virtual Private Network (VPN)

- by Babatunde Lawall
- •
- VOIP security, Networking, VoIP, Security, VoIP/SIP/IMS

In recent years, there has been an increasing interest in the authentication process due to the key role that it has in the network security. Port Knocking (PKn) is an authentication method in which data transmits through the closed ports. This method is prone to attacks when attackers sniff the network. This paper proposes a new method which is called “Secure Port Knock-Tunneling” to eliminate both DOS-Knocking and NATK-nocking attacks. The possibility of implementation of this method is investigated on the Mikrotik devices.

- by Reza Ebrahimi Atani and +3
- •
- Internet Security, Authentication, VOIP security, Firewall

VoIP is technology for transmitting voice
and data over IP for communication. It has various
benefits such as, voice messaging, calling, video messaging
as well as video conferencing with file sharing. VoIP is
better than Public Switched Telephone Network (PSTN)
and cellular network. We can see all the services in VoIP
based application such as Skype, Google talk. Due to the
file sharing and information transformation in VoIP, there
are more chances to loss valuable data information. For
that the security provisions must be there. To prevent
from such problem there are various techniques designed.
In this research paper we study that various techniques
proposed for security in VoIP environment.

This paper reviews some security challenges currently faced by VoIP systems as well as their potential solutions. Particularly, it focuses on Zfone, a vendor-neutral security solution developed by PGP's creator, Phil Zimmermann. Zfone is based on the Z Real-time Transport Protocol (ZRTP), which is an extension of the Real-time Transport Protocol (RTP). ZRTP offers a very simple and robust approach to providing protection against the most common type of VoIP threats. Basically, the protocol offers a mechanism to guarantee high entropy in a Diffie-Hellman key exchange by using a session key that is computed through the hashing several secrets, including a short authentication string that is read aloud by callers. The common shared secret is calculated and used only for one session at a time. However, the protocol allows for a part of the shared secret to be cached for future sessions. The mechanism provides for protection for man-in-the-middle, call hijack, spoofing, and other common types of attacks. Also, this paper explores the fact that VoIP security is a very complicated issue and that the technology is far from being inherently insecure as many people usually claim. * Actually, the SS7 system performs other services such as call forwarding, automatic ring-back, and local number portability among others. † We only need to remember the infamous phone phreakers of the 1970s. The word Phreaker (compound of phone + freak) refers to people who exploit PSTN vulnerabilities to make free phone calls. ‡ The last mile refers to "the final leg of delivering connectivity from a communications provider to a customer" (see http://en.wikipedia.org/wiki/Last_mile). § The local loop refers to "the physical link or circuit" that connects "from the demarcation point of the customer premises to the edge" or Central Office of the communication provider's network (see http://en.wikipedia.org/wiki/Local_loop). * In VoIP jargon, jitter refers to the variation in time or delay between arriving packets. Possible causes of jitter in VoIP networks are: network congestion, timing drift, and/or changes of routing information (see http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213534,00.html). † We assume that Ethernet is the technology in place. Sotillo 8 © 2006 Samuel Sotillo Unfortunately, DOS attacks are very complex and cannot be addressed through a single do-it-all solution.

- by Samuel Sotillo
- •
- VOIP security

Voice over IP is a major trend in applications for wireless networks, but even so it is not immune to the risks usually related with IP networks. Proposed solutions for VoIP security are already in the market, but these solutions must take into account the real-time constraint of voice service and their mechanisms should address possible attacks and overhead associated with it. One of these solutions is to use IETF IPSec
to guarantee confidentiality in order to address security design
holes of wireless VoIP networks. This article performs an experimental comparison of the impact of encryption mechanisms on voice speech quality in widely deployed wireless technologies: 802.11 and Bluetooth. Evaluates the upper bound on number of simultaneous VoIP calls which can be placed in a single cell of both networks when security is applied and uses the computational model E-Model to assess quantitatively the quality of service.

- by Edjair Mota
- •
- Voip, VOIP security, Mos, Wlan

Various factors can have a significant degrading impact on the residential Voice over Internet Protocol (VoIP) phone services' quality. Hybrid fibre-coaxial (HFC) networks typically carry three types of traffic that include voice, data, and video. Unlike data and video, some delays or packet loss can result in a noticeable degraded impact on a VoIP's phone conversation. This paper will analyze and assess VoIP traffic prioritization and its impact on VoIP's quality of service (QoS) based on the concept of differentiated services code point (DSCP) markings. Call testing examines two types of calls. The first set of tests focus on calls that originate from a VoIP network and terminate on a signalling system 7 (SS7) network. The second experiment focuses on calls that originate from SS7 network and terminate on a VoIP network. The research results provide DSCP markings configurations that can improve phone conversations' quality.

- by IT Ambassador Ted Green
- •
- Machine Learning, Data Mining, Access Control, Cloud Computing

This paper describes the implementation process of the Free Technologies Open Laboratory (LATL) in the Center for Information Technology Renato Archer (CTI) under the approach of 5W1H framework. The actions of adoption, use and development of ICT by governs remain controversial between daily practice and legislation pro free technologies. The implementation of LATL aims to provide means to promote and empower government units in the use and development of free technologies and open standards for documents and data. The application of 5W1H model proved useful in the definition and evaluation of the actions of cause and effect in the implementation process of the laboratory. Resumo. Este artigo descreve o processo de implantação do Laboratório Aberto de Tecnologias Livres (LATL) no Centro de Tecnologia da Informação Renato Archer (CTI) sob o enfoque do modelo 5W1H. As ações de adoção, uso e desenvolvimento de TIC por governos continuam sendo controversas entre a prática vigente e a legislação pró tecnologias livres. A implantação do LATL visa proporcionar meios para promover e capacitar unidades de governo no uso e desenvolvimento de tecnologias livres e padrões abertos para documentos e dados. A aplicação do modelo 5W1H mostrou-se útil na definição e avaliação das ações de causa e efeito do processo de implantação do laboratório.

Voice over IP (VoIP) technology is swiftly accepted by consumers, militaries, enterprises and governments. This technology recommend higher flexibility and more features than traditional telephony (PSTN) infrastructures, over and above the potential for lower cost through equipment consolidation, new business models for the consumer market. Voice over IP (VoIP) communications is becoming essential to the corporate world. Possibly, Voice over IP should be viewed as a chance to develop new, more effective security policies, infrastructure and processes. These all new policies and practices can have a positive impact on the security of the entire network not only voice communications. This paper provide starting point for understanding the security facets of VoIP in a rapidly evolving set of technologies that are seeing growing deployment and use. The main goal is to provide a better understanding of the security background with respect to VoIP security facet toward directing future re...

- by Mohd Muntjir
- •
- Computer Science, Network Security, Network Analysis, VOIP security

In this paper, we present an optimized implementation of secure VoIP protocol stack so that the stack
would fit into the memory and computation budget of constrained embedded systems. The novel approach
that we take to achieve this is to perform cross-layer optimization of buffers and buffer operations.
Buffers and buffer operations are involved in playback, capture, codec transformations, and network I/O.
Following this approach, we have implemented VoIP application functions, RTP, and Secure RTP
protocols in a tightly integrated and highly optimized manner, on the top of the embedded TCP/IP stack,
uIP. We call the protocol stack thus constructed, the uVoIP stack. We have tested the uVoIP stack in
GNU/Linux Operating System using tunnel device for sending and receiving raw packets.

- by Mohd Muntjir and +1
- •
- Computer Science, Network Security, Network Analysis, VOIP security