A Survey Of Voice Over Ip Security Research Paper

  • 1.

    Abdelnur, H., Avanesov, T., Rusinowitch, M., State, R.: Abusing SIP Authentication. In: Proceedings of the 4th International Conference on Information Assurance and Security (ISIAS), September 2008, pp. 237–242 (2008)Google Scholar

  • 2.

    Adelsbach, A., Alkassar, A., Garbe, K.-H., Luzaic, M., Manulis, M., Scherer, E., Schwenk, J., Siemens, E.: Voice over IP: Sichere Umstellung der Sprachkommunikation auf IP-Technologie. Bundesanzeiger Verlag (2005)Google Scholar

  • 3.

    Anwar, Z., Yurcik, W., Johnson, R.E., Hafiz, M., Campbell, R.H.: Multiple Design Patterns for Voice over IP (VoIP) Security. In: Proceedings of the IEEE Workshop on Information Assurance (WIA), held in conjunction with the 25th IEEE International Performance Computing and Communications Conference (IPCCC) (April 2006)Google Scholar

  • 4.

    Balasubramaniyan, V., Ahamad, M., Park, H.: CallRank: Combating SPIT Using Call Duration, Social Networks and Global Reputation. In: Proceedings of the 4th Conference on Email and Anti-Spam (CEAS) (August 2007)Google Scholar

  • 5.

    Barbieri, R., Bruschi, D., Rosti, E.: Voice over IPsec: Analysis and Solutions. In: Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC), December 2002, pp. 261–270 (2002)Google Scholar

  • 6.

    Bilien, J., Eliasson, E., Orrblad, J., Vatn, J.-O.: Secure VoIP: Call Establishment and Media Protection. In: Proceedings of the 2nd Workshop on Securing Voice over IP (June 2005)Google Scholar

  • 7.

    Butcher, D., Li, X., Guo, J.: Security Challenge and Defense in VoIP Infrastructures. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews 37(6), 1152–1162 (2007)CrossRefGoogle Scholar

  • 8.

    Cao, F., Malik, S.: Vulnerability Analysis and Best Practices for Adopting IP Telephony in Critical Infrastructure Sectors. IEEE Communications Magazine 44(4), 138–145 (2006)CrossRefGoogle Scholar

  • 9.

    Conner, W., Nahrstedt, K.: Protecting SIP Proxy Servers from Ringing-based Denial-of-Service Attacks. In: Proceedings of the 10th IEEE International Symposium on Multimedia (ISM), December 2008, pp. 340–347 (2008)Google Scholar

  • 10.

    Cretu, G.F., Stavrou, A., Locasto, M.E., Stolfo, S.J., Keromytis, A.D.: Casting out Demons: Sanitizing Training Data for Anomaly Sensors. In: Proceedings of the IEEE Security and Privacy Symposium, May 2008, pp. 81–95 (2008)Google Scholar

  • 11.

    Dagiuklas, T., Geneiatakis, D., Kambourakis, G., Sisalem, D., Ehlert, S., Fiedler, J., Markl, J., Rokis, M., Botron, O., Rodriguez, J., Liu, J.: General Reliability and Security Framework for VoIP Infrastructures. Technical Report Deliverable D2.2, SNOCER COOP-005892 (September 2005)Google Scholar

  • 12.

    Dantu, R., Fahmy, S., Schulzrinne, H., Cangussu, J.: Issues and Challenges in Securing VoIP. Computers & Security (to appear, 2009)Google Scholar

  • 13.

    Geneiatakis, D., Lambrinoudakis, C.: An Ontology Description for SIP Security Flaws. Computer Communications 30(6), 1367–1374 (2007)CrossRefGoogle Scholar

  • 14.

    Guo, J.-I., Yen, J.-C., Pai, H.-F.: New Voice over Internet Protocol Technique with Hierarchical Data Security Protection. IEE Proceedings — Vision, Image and Signal Processing 149(4), 237–243 (2002)CrossRefGoogle Scholar

  • 15.

    Gupta, P., Shmatikov, V.: Security Analysis of Voice-over-IP Protocols. In: Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSFW), July 2007, pp. 49–63 (2007)Google Scholar

  • 16.

    Keromytis, A.D.: Voice over IP: Risks, Threats and Vulnerabilities. In: Proceedings of the Cyber Infrastructure Protection (CIP) Conference (June 2009)Google Scholar

  • 17.

    Kolan, P., Dantu, R.: Socio-technical Defense Against Voice Spamming. ACM Transactions on Autonomous and Adaptive Systems (TAAS) 2(1) (March 2007)Google Scholar

  • 18.

    Kolan, P., Dantu, R., Cangussu, J.W.: Nuisance of a Voice Call. ACM Transactions on Multimedia Computing, Communications and Applications (TOMCCAP) 5(1), 6:1–6:22 (2008)Google Scholar

  • 19.

    Krebs, B.: Security Fix: Default Passwords Led to $55 Million in Bogus Phone Charges (June 2009)Google Scholar

  • 20.

    Kuhn, D.R., Walsh, T.J., Fries, S.: Security Considerations for Voice Over IP Systems. US National Institute of Standards and Technology (NIST) Special Publication SP 800-58 (January 2005)Google Scholar

  • 21.

    Kuntze, N., Schmidt, A.U., Hett, C.: Non-Repudiation in Internet Telephony. In: Proceedings of the IFIP International Information Security Conference, May 2007, pp. 361–372 (2007)Google Scholar

  • 22.

    Larson, J., Dawson, T., Evans, M., Straley, J.C.: Defending VoIP Networks from DDoS Attacks. In: Proceedings of the 2nd Workshop on Securing Voice over IP (June 2005)Google Scholar

  • 23.

    Li, C., Li, S., Zhang, D., Chen, G.: Cryptanalysis of a Data Security Protection Scheme for VoIP. IEE Proceedings—Vision, Image and Signal Processing 153(1), 1–10 (2006)CrossRefGoogle Scholar

  • 24.

    Luo, M., Peng, T., Leckie, C.: CPU-based DoS Attacks Against SIP Servers. In: Proceedings of the IEEE Network Operations and Management Symposium (NOMS), April 2008, pp. 41–48 (2008)Google Scholar

  • 25.

    Marias, G.F., Dritsas, S., Theoharidou, M., Mallios, J., Mitrou, L., Gritzalis, D., Dagiuklas, T., Rebahi, Y., Ehlert, S., Pannier, B., Capsada, O., Juell, J.F.: SPIT Detection and Handling Strategies for VoIP Infrastructures. Technical Report Deliverable WP2/D2.2, SPIDER COOP-32720 (March 2007)Google Scholar

  • 26.

    Marshall, W., Faryar, A.F., Kealy, K., de los Reyes, G., Rosencrantz, I., Rosencrantz, R., Spielman, C.: Carrier VoIP Security Architecture. In: Proceedings of the 12th International Telecommunications Network Strategy and Planning Symposium, November 2006, pp. 1–6 (2006)Google Scholar

  • 27.

    Mathieu, B., Niccolini, S., Sisalem, D.: SDRS: A Voice-over-IP Spam Detection and Reaction System. IEEE Security & Privacy Magazine 6(6), 52–59 (2008)CrossRefGoogle Scholar

  • 28.

    Nassar, M., State, R., Festor, O.: VoIP Honeypot Architecture. In: Proceedings of the 10th IFIP/IEEE International Symposium on Integrated Network Management, May 2007, pp. 109–118 (2007)Google Scholar

  • 29.

    Niccolini, S.: SPIT Prevention: State of the Art and Research Challenges. In: Proceedings of the 3rd Workshop on Securing Voice over IP (June 2006)Google Scholar

  • 30.

    Niccolini, S., Garroppo, R.G., Giordano, S., Risi, G., Ventura, S.: SIP Intrusion Detection and Prevention: Recommendations and Prototype Implementation. In: Proceedings of the 1st IEEE Workshop on VoIP Management and Security (VoIP MaSe), April 2006, pp. 47–52 (2006)Google Scholar

  • 31.

    Ormazabal, G., Nagpal, S., Yardeni, E., Schulzrinne, H.: Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems. In: Proceedings of the 2nd International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm), July 2008, pp. 107–132 (2008)Google Scholar

  • 32.

    Persky, D.: VoIP Security Vulnerabilities. White paper, SANS Institute (2007)Google Scholar

  • 33.

    Petraschek, M., Hoeher, T., Jung, O., Hlavacs, H., Gansterer, W.N.: Security and Usability Aspects of Man-in-the-Middle Attacks on ZRTP. Journal of Universal Computer Science 14(5), 673–692 (2008)Google Scholar

  • 34.

    Pörschmann, C., Knospe, H.: Analysis of Spectral Parameters of Audio Signals for the Identification of Spam Over IP Telephony. In: Proceedings of the 5th Conference on Email and Anti-Spam (CEAS) (August 2008)Google Scholar

  • 35.

    Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting SPIT Calls by Checking Human Communication Patterns. In: Proceedings of the IEEE International Conference on Communications (ICC), June 2007, pp. 1979–1984 (2007)Google Scholar

  • 36.

    Rafique, M.Z., Akbar, M.A., Farooq, M.: Evaluating DoS Attacks Against SIP-Based VoIP Systems. In: Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM), November/December (2009)Google Scholar

  • 37.

    Rebahi, Y., Ehlert, S., Dritsas, S., Marias, G.F., Gritzalis, D., Pannier, B., Capsada, O., Golubenco, T., Juell, J.F., Hoffmann, M.: General Anti-Spam Security Framework for VoIP Infrastructures. Technical Report Deliverable WP2/D2.3, SPIDER COOP-32720 (July 2007)Google Scholar

  • 38.

    Rebahi, Y., Ehlert, S., Theoharidou, M., Mallios, J., Dritsas, S., Marias, G.F., Mitrou, L., Dagiuklas, T., Avgoustianakis, M., Gritzalis, D., Pannier, B., Capsada, O., Markl, J.: SPIT Threat Analysis. Deliverable wp2/d2.1, SPIDER COOP-32720 (January 2007)Google Scholar

  • 39.

    Rebahi, Y., Pallares, J.J., Kovacs, G., Minh, N.T., Ehlert, S., Sisalem, D.: Performance Analysis of Identity Management in the Session Initiation Protocol (SIP). In: Proceedings of the IEEE/ACS International Conference on Computer Systems and Applications (AICCSA), March/April 2008, pp. 711–717 (2008)Google Scholar

  • 40.

    Reynolds, B., Ghosal, D.: Secure IP Telephony using Multi-layered Protection. In: Proceedings of the ISOC Symposium on Network and Distributed Systems Security (NDSS) (February 2003)Google Scholar

  • 41.

    Rieck, K., Wahl, S., Laskov, P., Domschitz, P., Müller, K.-R.: A Self-learning System for Detection of Anomalous SIP Messages. In: Proceedings of the 2nd Internation Conference on Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks: Second International Conference (IPTComm), July 2008, pp. 90–106 (2008)Google Scholar

  • 42.

    Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261 (Proposed Standard) (June 2002); Updated by RFCs 3265, 3853, 4320, 4916, 5393Google Scholar

  • 43.

    Salsano, S., Veltri, L., Papalilo, D.: SIP Security Issues: The SIP Authentication Procedure and its Processing Load. IEEE Network 16(6), 38–44 (2002)CrossRefGoogle Scholar

  • 44.

    Schlegel, R., Niccolini, S., Tartarelli, S., Brunner, M.: SPam over Internet Telephony (SPIT) Prevention Framework. In: Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM), November/December 2006, pp. 1–6 (2006)Google Scholar

  • 45.

    Seedorf, J.: Security challenges for peer-to-peer SIP. IEEE Network 20(5), 38–45 (2006)CrossRefGoogle Scholar

  • 46.

    Seedorf, J.: Using Cryptographically Generated SIP-URIs to Protect the Integrity of Content in P2P-SIP. In: Proceedings of the 3rd Workshop on Securing Voice over IP (June 2006)Google Scholar

  • 47.

    Sengar, H., Wang, H., Wijesekera, D., Jajodia, S.: Detecting VoIP Floods Using the Hellinger Distance. IEEE Transactions on Parallel and Distributed Systems 19(6), 794–805 (2008)CrossRefGoogle Scholar

  • 48.

    Sisalem, D., Ehlert, S., Geneiatakis, D., Kambourakis, G., Dagiuklas, T., Markl, J., Rokos, M., Botron, O., Rodriguez, J., Liu, J.: Towards a Secure and Reliable VoIP Infrastructure. Technical Report Deliverable D2.1, SNOCER COOP-005892 (May 2005)Google Scholar

  • 49.

    Srivastava, K., Schulzrinne, H.: Preventing Spam For SIP-based Instant Messages and Sessions. Technical Report CUCS-042-04, Columbia University, Department of Computer Science (2004)Google Scholar

  • 50.

    State, R., Festor, O., Abdelanur, H., Pascual, V., Kuthan, J., Coeffic, R., Janak, J., Floroiu, J.: SIP digest authentication relay attack. draft-state-sip-relay-attack-00 (March 2009)Google Scholar

  • 51.

    The Register. Two charged with VoIP fraud (June 2006), http://www.theregister.co.uk/2006/06/08/voip_fraudsters_nabbed/

  • 52.

    The Register. Fugitive VOIP hacker cuffed in Mexico (February 2009), http://www.theregister.co.uk/2009/02/11/fugitive_voip_hacker_arrested/

  • 53.

    Thermos, P., Takanen, A.: Securing VoIP Networks. Pearson Education, London (2008)Google Scholar

  • 54.

    VoIP Security Alliance. VoIP Security and Privacy Threat Taxonomy, version 1.0 (October 2005), http://www.voipsa.org/Activities/taxonomy.php

  • 55.

    Wang, X., Zhang, R., Yang, X., Jiang, X., Wijesekera, D.: Voice Pharming Attack and the Trust of VoIP. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm), September 2008, pp. 1–11 (2008)Google Scholar

  • 56.

    Wieser, C., Laakso, M., Schulzrinne, H.: Security Testing of SIP Implementations. Technical Report CUCS-024-03, Columbia University, Department of Computer Science (2003)Google Scholar

  • 57.

    Wright, C.V., Ballard, L., Coulls, S., Monrose, F.N., Masson, G.M.: Spot Me If You Can: Recovering Spoken Phrases in Encrypted VoIP Conversations. In: Proceedings of IEEE Symposium on Security and Privacy, May 2008, pp. 35–49 (2008)Google Scholar

  • 58.

    Wright, C.V., Ballard, L., Monrose, F.N., Masson, G.M.: Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? In: Proceedings of 16th USENIX Security Symposium, August 2007, pp. 1–12 (2007)Google Scholar

  • 59.

    Wu, Y., Bagchi, S., Garg, S., Singh, N.: SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments. In: Proceedings of the Conference on Dependable Systems and Networks (DSN), June/July 2004, pp. 433–442 (2004)Google Scholar

  • 60.

    Wu, Y.-S., Apte, V., Bagchi, S., Garg, S., Singh, N.: Intrusion Detection in Voice over IP Environments. International Journal of Information Security 8(3), 153–172 (2009)CrossRefGoogle Scholar

  • 61.

    Zhang, G., Ehlert, S., Magedanz, T., Sisalem, D.: Denial of Service Attack and Prevention on SIP VoIP Infrastructures Using DNS Flooding. In: Proceedings of the 1st International Conference on Principles, Systems and Applications of IP Telecommunications (IPTCOMM), July 2007, pp. 57–66 (2007)Google Scholar

  • 62.

    Zhang, R., Wang, X., Farley, R., Yang, X., Jiang, X.: On the Feasibility of Launching the Man-In-The-Middle Attacks on VoIP from Remote Attackers. In: Proceedings of the 4th International ACM Symposium on Information, Computer, and Communications Security (ASIACCS), March 2009, pp. 61–69 (2009)Google Scholar

  • 63.

    Zhang, R., Wang, X., Yang, X., Jiang, X.: Billing Attacks on SIP-based VoIP Systems. In: Proceedings of the 1st USENIX workshop on Offensive Technologies, August 2007, pp. 1–8 (2007)Google Scholar

  • Voice over IP (VoIP) and Internet Multimedia Subsystem technologies (IMS) are rapidly being adopted by consumers, enterprises, governments and militaries. These technologies offer higher flexibility and more features than traditional telephony (PSTN) infrastructures, as well as the potential for lower cost through equipment consolidation and, for the consumer market, new business models. However, VoIP systems also represent a higher complexity in terms of architecture, protocols and implementation, with a corresponding increase in the potential for misuse.

    In this book, the authors examine the current state of affairs on VoIP security through a survey of 221 known/disclosed security vulnerabilities in bug-tracking databases. We complement this with a comprehensive survey of the state of the art in VoIP security research that covers 245 papers. Juxtaposing our findings, we identify current areas of risk and deficiencies in research focus. This book should serve as a starting point for understanding the threats and risks in a rapidly evolving set of technologies that are seeing increasing deployment and use. An additional goal is to gain a better understanding of the security landscape with respect to VoIP toward directing future research in this and other similar emerging technologies.

    0 Replies to “A Survey Of Voice Over Ip Security Research Paper”

    Lascia un Commento

    L'indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *