Ensuring non-repudiation in human conversations over VoIP communications
Pages 315 - 334
Abstract
Nowadays, plenty of sensitive transactions such as home banking and goods and services purchase are provided through call centres. This scenario raises two major issues: 1 both peers should be ensured of each other's identity; 2 each peer should be guaranteed that the other could not cheat about the communication contents. Off-the-shelf solutions addressing communication reliability are mainly based on proprietary technologies which often suffer from scarce interoperability. This paper addresses the achievement of strong peers authentication and non-repudiation of human conversations over VoIP communications. Our solution achieves low costs and high interoperability as it is built on top of open and standard technologies. As proof of concept, prototype implementation is presented and discussed.
References
[1]
3CX (2014) 3CX [online] http://www.3cx.com/ (accessed 17 October 2014).
[2]
Aciicmez, O., Latifi, A., Seifert, J-P. and Zhang, X. (2008) 'A trusted mobile phone prototype', 5th IEEE Consumer Communications and Networking Conference, 2008. CCNC 2008, IEEE, pp.1208-1209.
[3]
Arkko, J., Carrara, E., Lindholm, F., Norrman, K. and Naslund, M. (2004) MIKEY: Multimedia Internet Keying, IETF Request For Comments No. 3830.
[4]
Barkan, E., Biham, E. and Keller, N. (2003) 'Instant ciphertext-only cryptanalysis of GSM encrypted communication', Advances in Cryptology-CRYPTO 2003, Springer, pp.600-616.
[5]
Bassil, C., Serhrouchni, A. and Rouhana, N. (2005) 'Critical analysis and new perspective for securing voice networks', Networking-ICN 2005, Springer, pp.810-818.
[6]
Benoit, O., Dabbous, N., Gauteron, L., Girard, P., Handschuh, H., Naccache, D., Sociè, S. and Whelan, C. (2004) Mobile Terminal Security [online] https://eprint.iacr.org/2004/158.pdf (accessed 20 September 2014).
[7]
Butcher, A. (2015) Libmikey-Sakke Wiki [online] https://bitbucket.org/secollab/libmikeysakke/wiki/Home (accessed 11 September 2015).
[8]
Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C. and Gurle, D. (2002) Session Initiation Protocol (SIP) Extension for Instant Messaging, IETF Request for Comments No. 3261.
[9]
Carullo, G., Castiglione, A., Cattaneo, G., De Santis, A., Fiore, U. and Palmieri, F. (2013) 'Feeltrust: providing trustworthy communications in ubiquitous mobile environment', 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA), IEEE, pp.1113-1120.
[10]
Castiglione, A., Cattaneo, G., Cembalo, M., De Santis, A., Faruolo, P., Petagna, F. and Ferraro Petrillo, U. (2012a) 'Engineering a secure mobile messaging framework', Computers and Security, Vol. 31, No. 6, pp.771-781.
[11]
Castiglione, A., Cattaneo, G., Catuogno, L., Cerrelli, E., Di Giampaolo, C., Marino, F. and Rotondo, R. (2012b) 'Virtual lab: a concrete experience in building multipurpose virtualized labs for computer science education', 2012 20th International Conference on Software, Telecommunications and Computer Networks, SoftCOM 2012.
[12]
Castiglione, A., Cattaneo, G., De Maio, G. and Petagna, F. (2011) 'Secr3t: secure end-to-end communication over 3g telecommunication networks', 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), IEEE, pp.520-526.
[13]
Castiglione, A., Cattaneo, G., De Santis, A., Petagna, F. and Ferraro Petrillo, U. (2006) 'Speech: secure personal end-to-end communication with handheld', ISSE 2006 - Securing Electronic Busines Processes, Springer, pp.287-297.
[14]
Cattaneo, G. and Roscigno, G. (2014) 'A possible pitfall in the experimental analysis of tampering detection algorithms', 17th International Conference on Network-Based Information Systems (NBiS), pp.279-286.
[15]
Cattaneo, G., Catuogno, L., Petagna, F. and Roscigno, G. (2015) 'Reliable voice-based transactions over VoIP communications', Proceeding of the Ninth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), IEEE.
[16]
Cattaneo, G., Catuogno, L., Petagna, F., Di Matteo, G. and Romano, L. (2007) iToken: a wireless smart card reader which provides handhelds with desk top equivalent security', Third International Conference on Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007, IEEE, pp.98-106.
[17]
Cattaneo, G., Roscigno, G. and Ferraro Petrillo, U. (2014a) 'Experimental evaluation of an algorithm for the detection of tampered JPEG images', Information and Communication Technology, Volume 8407 of the series Lecture Notes in Computer Science (LNCS), pp.643-652, Springer Berlin Heidelberg.
[18]
Cattaneo, G., Roscigno, G. and Ferraro Petrillo, U. (2014b) 'A scalable approach to source camera identification over Hadoop', IEEE 28th International Conference on Advanced Information Networking and Applications (AINA), IEEE, pp.366-373.
[19]
Catuogno, L. and Galdi, C. (2014) 'Achieving interoperability between federated identity management systems: a case of study', J. High Speed Networks, Vol. 20, No. 4, pp.209-221.
[20]
Catuogno, L., Dmitrienko, A., Eriksson, K., Kuhlmann, D., Ramunno, G., Sadeghi, A-R., Schulz, S., Schunter, M., Winandy, M. and Zhan, J. (2010) 'Trusted virtual domains - design, implementation and lessons learned', Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 6163 LNCS, pp.156-179.
[21]
Catuogno, L., Gassirà, R., Masullo, M. and Visconti, I. (2013) Smartk: Smart Cards in Operating Systems at Kernel Level, Information Security Technical Report, Vol. 17, No. 3, pp.93-104.
[22]
Cryptech (2014) Cryptech [online] http://www.cryptech.com/ (accessed 20 September 2014).
[23]
CryptoPhone, G. (2014) Gesellschaft für Sichere Mobile Kommunikation mbH [online] http://www.cryptophone.de/ (accessed 20 September 2014).
[24]
Cuccovillo, L., Mann, S., Tagliasacchi, M. and Aichroth, P. (2013) 'Audio tampering detection via microphone classification', IEEE 15th International Workshop on Multimedia Signal Processing (MMSP), IEEE, pp.177-182.
[25]
Dini, P., Portoles-Comeras, M., Nin-Guerrero, J., Mangues-Bafalluy, J., Dai, L. and Addepalli, S. (2010) 'A reconfigurable test platform to experiment with wireless heterogeneous networks in a laboratory', International Journal of Communication Networks and Distributed Systems, Vol. 5, Nos. 1-2, pp.46-66.
[26]
Dittmann, W. (2010) ZRTP for PJSIP [online] https://github.com/wernerd/ZRTP4PJ (accessed 11 September 2015).
[27]
Donovan, S. (2000) The SIP INFO Method, IETF Request For Comments No. 2976.
[28]
Durresi, A., Bulusu, V., Paruchuri, V. and Barolli, L. (2007a) 'Secure emergency communication of cellular phones in ad hoc mode', Ad Hoc Networks, Vol. 5, No. 1, pp.126-133, Security Issues in Sensor and Ad Hoc Networks.
[29]
Durresi, A., Paruchuri, V., Durresi, M. and Barolli, L. (2007b) 'Secure spatial authentication using cell phones', The Second International Conference on Availability, Reliability and Security, 2007. ARES 2007, pp.543-549.
[30]
Golic, J.D. (1997) 'Cryptanalysis of alleged A5 stream cipher', Advances in Cryptology-EUROCRYPT'97 , Springer, pp.239-255.
[31]
Groves, M. (2012) Mikey-Sakke: Sakai-Kasahara Key Encryption in Multimedia Internet Keying (MIKEY), IETF Request For Comments No. 6509.
[32]
Handley, M., Perkins, C. and Jacobson, V. (2006) SDP: Session Description Protocol, IETF Request For Comments No. 4566.
[33]
Hett, C., Kuntze, N. and Schmidt, A.U. (2006) Security and Non-Repudiation for Voice-Over-IP Conversations, arXiv preprint cs/0606068, Cornell University Library, Ithaca, NY, USA.
[34]
Hsu, C-C., Hung, T-Y., Lin, C-W. and Hsu, C-T. (2008) 'Video forgery detection using correlation of noise residue', IEEE 10th Workshop on Multimedia Signal Processing, IEEE, pp.170-174.
[35]
Ignjatic, D., Dondeti, L., Audet, F. and Lin, P. (2006) MIKEY-RSA-R: An Additional Mode of Key Distribution in Multimedia Internet KEYing (MIKEY), IETF Request For Comments No. 4738.
[36]
Kaliski, B. (1998) PKCS#7: Cryptographic Message Syntax Version 1.5, IETF Request for Comments No. 2315.
[37]
Kamal, R., Kamal, M.H., Monowar, M.M. and Hong, C.S. (2012) 'A mobile middleware to solve interoperability problems in VoIP streaming session', Int. J. of Communication Networks and Distributed Systems, Vol. 8, Nos. 1/2, pp.85-100.
[38]
Kang, A., Lee, J.D., Kang, W.M., Barolli, L. and Park, J.P. (2014) 'Security considerations for smart phome smishing attacks', Advances in Computer Science and its Applications, Volume 279 of Lecture Notes in Electrical Engineering, pp.467-473, Springer-Verlag, Berlin.
[39]
Kuntze, N., Schmidt, A.U. and Hett, C. (2007) 'New approaches for security, privacy and trust in complex environments', in Venter, I., Eloff, M., Labuschagne, L., Eloff, J. and von Solms, R. (Eds.): IFIP International Federation for Information Processing, Volume 232, pp.361-372, Springer, Boston [online] http://link.springer.com/chapter/10.1007/978-0-387-72367-9_31 (accessed 11 September 2015).
[40]
Marx, R., Kuntze, N. and Lauer, H. (2013) 'Bringing VoIP signatures to mobile devices', Proceedings of Principles, Systems and Applications on IP Telecommunications, ACM, pp.1-7.
[41]
Minisip.org (2014) Minisip.org [online] http://www.minisip.org (accessed 20 September 2014).
[42]
Muhaya, F.T.B. (2015) 'Security analysis and improvement of a mutual authentication scheme under trusted computing', International Journal of Ad Hoc and Ubiquitous Computing, Vol. 18, Nos. 1/2, pp.37-44.
[43]
OpenSSL (2014) OpenSSL Cryptography and SSL/TLS Toolkit [online] https://www.openssl.org/ (accessed 24 October 2014).
[44]
Palmieri, F. (2006) 'Improving authentication in voice over IP infrastructures', Advances in Computer, Information, and Systems Sciences, and Engineering - Proceedings of IETA 2005, TeNe 2005, EIAE 2005, pp.289-296.
[45]
Palmieri, F. and Fiore, U. (2009) 'Providing true end-toend security in converged voice over IP infrastructures', Computers and Security, Vol. 28, No. 6, pp.433-449.
[46]
Polito, S.G., Schulzrinne, H. and Forte, A. (2007) 'Interprovider aaa and billing of VoIP users with token-based method', Global Information Infrastructure Symposium, 2007. GIIS 2007, First International, IEEE, pp.159-166.
[47]
Privatewave Spa (2010) Zorg [online] http://support.privatewave.com (accessed 11 September 2015).
[48]
Rahnema, M. (1993) 'Overview of the GSM system and protocol architecture', Communications Magazine, IEEE, Vol. 31, No. 4, pp.92-100.
[49]
Safarik, J., Voznak, M., Rezac, F. and Macura, L. (2013) 'IP telephony server emulation for monitoring and analysis of malicious activity in VoIP network', Komunikacie, Vol. 15, (2 A), pp.191-196.
[50]
Saklikar, S. and Saha, S. (2007) 'Identity federation for VoIP based services', Proceedings of the 2007 ACM Workshop on Digital Identity Management, DIM '07, ACM, New York, NY, USA, pp.62-71.
[51]
SecureGSM (2014) SecureGSM [online] http://www.securegsm.com (accessed 20 September 2014).
[52]
Sierraware (2013) Open Virtualization Sierravisor and Sierra Trusted Execution Environment (TEE) [online] http://www.openvirtualization.org (accessed 11 September 2015).
[53]
Stukas, M. and Sicker, D. (2004) 'An evaluation of VoIP traversal of firewalls and nats within an enterprise environment', Information Systems Frontiers, Vol. 6, No. 3, pp.219-228.
[54]
Teleuu Ltd. (2015) PJSIP [online] http://www.pjsip.org (accessed 11 September 2015).
[55]
Trusted Computing Group (2007) TCG Architecture Overview, Version 1.4 [online] http://www.trustedcomputinggroup.org/resources/tcg_architecture_overview_version_14 (accessed 11 September 2015).
[56]
WINE (2014) WINE [online] http://www.winehq.org (accessed 20 September 2014).
[57]
Zhang, X., Acciiçmez, O. and Seifert, J-P. (2007) 'A trusted mobile phone reference architecturevia secure kernel', Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, STC '07, ACM, New York, NY, USA, pp.7-14.
[58]
Zimmermann, P., Johnston, A. and Callas, J. (2011) ZRTP: Media Path Key Agreement for Unicast Secure RTP, IETF Request for Comments No. 6189.
- Ensuring non-repudiation in human conversations over VoIP communications
Recommendations
Signcryption with Non-interactive Non-repudiation
Signcryption [33] is a public key primitive that achieves the functionality of both an encryption scheme and a signature scheme simultaneously. It does this more efficiently than a composition of public key encryption and public key signature.
We present ...
Efficient proxy signature schemes using self-certified public keys
Elaborating on the merits of self-certified public key systems and message recovery signature schemes, this paper proposed a proxy signature scheme based on discrete logarithms and its variant based on elliptic curve discrete logarithms. The proposed ...
Signcryption with non-interactive non-repudiation without random oracles
Transactions on computational science XNon-repudiation is a very important requirement of sign-cryption. It ensures that a sender cannot deny the fact that he has sign-crypted a message. Non-interactive non-repudiation enables a receiver to settle a repudiation dispute with the help of a ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Publisher
Inderscience Publishers
Geneva 15, Switzerland
Publication History
Published: 01 January 2016
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 30 Dec 2024