[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

A Survey of Voice over IP Security Research

  • Conference paper
Information Systems Security (ICISS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5905))

Included in the following conference series:

Abstract

We present a survey of Voice over IP security research. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and, and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We also briefly discuss the implications of our findings with respect to actual vulnerabilities reported in a variety VoIP products.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abdelnur, H., Avanesov, T., Rusinowitch, M., State, R.: Abusing SIP Authentication. In: Proceedings of the 4th International Conference on Information Assurance and Security (ISIAS), September 2008, pp. 237–242 (2008)

    Google Scholar 

  2. Adelsbach, A., Alkassar, A., Garbe, K.-H., Luzaic, M., Manulis, M., Scherer, E., Schwenk, J., Siemens, E.: Voice over IP: Sichere Umstellung der Sprachkommunikation auf IP-Technologie. Bundesanzeiger Verlag (2005)

    Google Scholar 

  3. Anwar, Z., Yurcik, W., Johnson, R.E., Hafiz, M., Campbell, R.H.: Multiple Design Patterns for Voice over IP (VoIP) Security. In: Proceedings of the IEEE Workshop on Information Assurance (WIA), held in conjunction with the 25th IEEE International Performance Computing and Communications Conference (IPCCC) (April 2006)

    Google Scholar 

  4. Balasubramaniyan, V., Ahamad, M., Park, H.: CallRank: Combating SPIT Using Call Duration, Social Networks and Global Reputation. In: Proceedings of the 4th Conference on Email and Anti-Spam (CEAS) (August 2007)

    Google Scholar 

  5. Barbieri, R., Bruschi, D., Rosti, E.: Voice over IPsec: Analysis and Solutions. In: Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC), December 2002, pp. 261–270 (2002)

    Google Scholar 

  6. Bilien, J., Eliasson, E., Orrblad, J., Vatn, J.-O.: Secure VoIP: Call Establishment and Media Protection. In: Proceedings of the 2nd Workshop on Securing Voice over IP (June 2005)

    Google Scholar 

  7. Butcher, D., Li, X., Guo, J.: Security Challenge and Defense in VoIP Infrastructures. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews 37(6), 1152–1162 (2007)

    Article  Google Scholar 

  8. Cao, F., Malik, S.: Vulnerability Analysis and Best Practices for Adopting IP Telephony in Critical Infrastructure Sectors. IEEE Communications Magazine 44(4), 138–145 (2006)

    Article  Google Scholar 

  9. Conner, W., Nahrstedt, K.: Protecting SIP Proxy Servers from Ringing-based Denial-of-Service Attacks. In: Proceedings of the 10th IEEE International Symposium on Multimedia (ISM), December 2008, pp. 340–347 (2008)

    Google Scholar 

  10. Cretu, G.F., Stavrou, A., Locasto, M.E., Stolfo, S.J., Keromytis, A.D.: Casting out Demons: Sanitizing Training Data for Anomaly Sensors. In: Proceedings of the IEEE Security and Privacy Symposium, May 2008, pp. 81–95 (2008)

    Google Scholar 

  11. Dagiuklas, T., Geneiatakis, D., Kambourakis, G., Sisalem, D., Ehlert, S., Fiedler, J., Markl, J., Rokis, M., Botron, O., Rodriguez, J., Liu, J.: General Reliability and Security Framework for VoIP Infrastructures. Technical Report Deliverable D2.2, SNOCER COOP-005892 (September 2005)

    Google Scholar 

  12. Dantu, R., Fahmy, S., Schulzrinne, H., Cangussu, J.: Issues and Challenges in Securing VoIP. Computers & Security (to appear, 2009)

    Google Scholar 

  13. Geneiatakis, D., Lambrinoudakis, C.: An Ontology Description for SIP Security Flaws. Computer Communications 30(6), 1367–1374 (2007)

    Article  Google Scholar 

  14. Guo, J.-I., Yen, J.-C., Pai, H.-F.: New Voice over Internet Protocol Technique with Hierarchical Data Security Protection. IEE Proceedings — Vision, Image and Signal Processing 149(4), 237–243 (2002)

    Article  Google Scholar 

  15. Gupta, P., Shmatikov, V.: Security Analysis of Voice-over-IP Protocols. In: Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSFW), July 2007, pp. 49–63 (2007)

    Google Scholar 

  16. Keromytis, A.D.: Voice over IP: Risks, Threats and Vulnerabilities. In: Proceedings of the Cyber Infrastructure Protection (CIP) Conference (June 2009)

    Google Scholar 

  17. Kolan, P., Dantu, R.: Socio-technical Defense Against Voice Spamming. ACM Transactions on Autonomous and Adaptive Systems (TAAS) 2(1) (March 2007)

    Google Scholar 

  18. Kolan, P., Dantu, R., Cangussu, J.W.: Nuisance of a Voice Call. ACM Transactions on Multimedia Computing, Communications and Applications (TOMCCAP) 5(1), 6:1–6:22 (2008)

    Google Scholar 

  19. Krebs, B.: Security Fix: Default Passwords Led to $55 Million in Bogus Phone Charges (June 2009)

    Google Scholar 

  20. Kuhn, D.R., Walsh, T.J., Fries, S.: Security Considerations for Voice Over IP Systems. US National Institute of Standards and Technology (NIST) Special Publication SP 800-58 (January 2005)

    Google Scholar 

  21. Kuntze, N., Schmidt, A.U., Hett, C.: Non-Repudiation in Internet Telephony. In: Proceedings of the IFIP International Information Security Conference, May 2007, pp. 361–372 (2007)

    Google Scholar 

  22. Larson, J., Dawson, T., Evans, M., Straley, J.C.: Defending VoIP Networks from DDoS Attacks. In: Proceedings of the 2nd Workshop on Securing Voice over IP (June 2005)

    Google Scholar 

  23. Li, C., Li, S., Zhang, D., Chen, G.: Cryptanalysis of a Data Security Protection Scheme for VoIP. IEE Proceedings—Vision, Image and Signal Processing 153(1), 1–10 (2006)

    Article  Google Scholar 

  24. Luo, M., Peng, T., Leckie, C.: CPU-based DoS Attacks Against SIP Servers. In: Proceedings of the IEEE Network Operations and Management Symposium (NOMS), April 2008, pp. 41–48 (2008)

    Google Scholar 

  25. Marias, G.F., Dritsas, S., Theoharidou, M., Mallios, J., Mitrou, L., Gritzalis, D., Dagiuklas, T., Rebahi, Y., Ehlert, S., Pannier, B., Capsada, O., Juell, J.F.: SPIT Detection and Handling Strategies for VoIP Infrastructures. Technical Report Deliverable WP2/D2.2, SPIDER COOP-32720 (March 2007)

    Google Scholar 

  26. Marshall, W., Faryar, A.F., Kealy, K., de los Reyes, G., Rosencrantz, I., Rosencrantz, R., Spielman, C.: Carrier VoIP Security Architecture. In: Proceedings of the 12th International Telecommunications Network Strategy and Planning Symposium, November 2006, pp. 1–6 (2006)

    Google Scholar 

  27. Mathieu, B., Niccolini, S., Sisalem, D.: SDRS: A Voice-over-IP Spam Detection and Reaction System. IEEE Security & Privacy Magazine 6(6), 52–59 (2008)

    Article  Google Scholar 

  28. Nassar, M., State, R., Festor, O.: VoIP Honeypot Architecture. In: Proceedings of the 10th IFIP/IEEE International Symposium on Integrated Network Management, May 2007, pp. 109–118 (2007)

    Google Scholar 

  29. Niccolini, S.: SPIT Prevention: State of the Art and Research Challenges. In: Proceedings of the 3rd Workshop on Securing Voice over IP (June 2006)

    Google Scholar 

  30. Niccolini, S., Garroppo, R.G., Giordano, S., Risi, G., Ventura, S.: SIP Intrusion Detection and Prevention: Recommendations and Prototype Implementation. In: Proceedings of the 1st IEEE Workshop on VoIP Management and Security (VoIP MaSe), April 2006, pp. 47–52 (2006)

    Google Scholar 

  31. Ormazabal, G., Nagpal, S., Yardeni, E., Schulzrinne, H.: Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems. In: Proceedings of the 2nd International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm), July 2008, pp. 107–132 (2008)

    Google Scholar 

  32. Persky, D.: VoIP Security Vulnerabilities. White paper, SANS Institute (2007)

    Google Scholar 

  33. Petraschek, M., Hoeher, T., Jung, O., Hlavacs, H., Gansterer, W.N.: Security and Usability Aspects of Man-in-the-Middle Attacks on ZRTP. Journal of Universal Computer Science 14(5), 673–692 (2008)

    Google Scholar 

  34. Pörschmann, C., Knospe, H.: Analysis of Spectral Parameters of Audio Signals for the Identification of Spam Over IP Telephony. In: Proceedings of the 5th Conference on Email and Anti-Spam (CEAS) (August 2008)

    Google Scholar 

  35. Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting SPIT Calls by Checking Human Communication Patterns. In: Proceedings of the IEEE International Conference on Communications (ICC), June 2007, pp. 1979–1984 (2007)

    Google Scholar 

  36. Rafique, M.Z., Akbar, M.A., Farooq, M.: Evaluating DoS Attacks Against SIP-Based VoIP Systems. In: Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM), November/December (2009)

    Google Scholar 

  37. Rebahi, Y., Ehlert, S., Dritsas, S., Marias, G.F., Gritzalis, D., Pannier, B., Capsada, O., Golubenco, T., Juell, J.F., Hoffmann, M.: General Anti-Spam Security Framework for VoIP Infrastructures. Technical Report Deliverable WP2/D2.3, SPIDER COOP-32720 (July 2007)

    Google Scholar 

  38. Rebahi, Y., Ehlert, S., Theoharidou, M., Mallios, J., Dritsas, S., Marias, G.F., Mitrou, L., Dagiuklas, T., Avgoustianakis, M., Gritzalis, D., Pannier, B., Capsada, O., Markl, J.: SPIT Threat Analysis. Deliverable wp2/d2.1, SPIDER COOP-32720 (January 2007)

    Google Scholar 

  39. Rebahi, Y., Pallares, J.J., Kovacs, G., Minh, N.T., Ehlert, S., Sisalem, D.: Performance Analysis of Identity Management in the Session Initiation Protocol (SIP). In: Proceedings of the IEEE/ACS International Conference on Computer Systems and Applications (AICCSA), March/April 2008, pp. 711–717 (2008)

    Google Scholar 

  40. Reynolds, B., Ghosal, D.: Secure IP Telephony using Multi-layered Protection. In: Proceedings of the ISOC Symposium on Network and Distributed Systems Security (NDSS) (February 2003)

    Google Scholar 

  41. Rieck, K., Wahl, S., Laskov, P., Domschitz, P., Müller, K.-R.: A Self-learning System for Detection of Anomalous SIP Messages. In: Proceedings of the 2nd Internation Conference on Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks: Second International Conference (IPTComm), July 2008, pp. 90–106 (2008)

    Google Scholar 

  42. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261 (Proposed Standard) (June 2002); Updated by RFCs 3265, 3853, 4320, 4916, 5393

    Google Scholar 

  43. Salsano, S., Veltri, L., Papalilo, D.: SIP Security Issues: The SIP Authentication Procedure and its Processing Load. IEEE Network 16(6), 38–44 (2002)

    Article  Google Scholar 

  44. Schlegel, R., Niccolini, S., Tartarelli, S., Brunner, M.: SPam over Internet Telephony (SPIT) Prevention Framework. In: Proceedings of the IEEE Global Telecommunications Conference (GLOBECOM), November/December 2006, pp. 1–6 (2006)

    Google Scholar 

  45. Seedorf, J.: Security challenges for peer-to-peer SIP. IEEE Network 20(5), 38–45 (2006)

    Article  Google Scholar 

  46. Seedorf, J.: Using Cryptographically Generated SIP-URIs to Protect the Integrity of Content in P2P-SIP. In: Proceedings of the 3rd Workshop on Securing Voice over IP (June 2006)

    Google Scholar 

  47. Sengar, H., Wang, H., Wijesekera, D., Jajodia, S.: Detecting VoIP Floods Using the Hellinger Distance. IEEE Transactions on Parallel and Distributed Systems 19(6), 794–805 (2008)

    Article  Google Scholar 

  48. Sisalem, D., Ehlert, S., Geneiatakis, D., Kambourakis, G., Dagiuklas, T., Markl, J., Rokos, M., Botron, O., Rodriguez, J., Liu, J.: Towards a Secure and Reliable VoIP Infrastructure. Technical Report Deliverable D2.1, SNOCER COOP-005892 (May 2005)

    Google Scholar 

  49. Srivastava, K., Schulzrinne, H.: Preventing Spam For SIP-based Instant Messages and Sessions. Technical Report CUCS-042-04, Columbia University, Department of Computer Science (2004)

    Google Scholar 

  50. State, R., Festor, O., Abdelanur, H., Pascual, V., Kuthan, J., Coeffic, R., Janak, J., Floroiu, J.: SIP digest authentication relay attack. draft-state-sip-relay-attack-00 (March 2009)

    Google Scholar 

  51. The Register. Two charged with VoIP fraud (June 2006), http://www.theregister.co.uk/2006/06/08/voip_fraudsters_nabbed/

  52. The Register. Fugitive VOIP hacker cuffed in Mexico (February 2009), http://www.theregister.co.uk/2009/02/11/fugitive_voip_hacker_arrested/

  53. Thermos, P., Takanen, A.: Securing VoIP Networks. Pearson Education, London (2008)

    Google Scholar 

  54. VoIP Security Alliance. VoIP Security and Privacy Threat Taxonomy, version 1.0 (October 2005), http://www.voipsa.org/Activities/taxonomy.php

  55. Wang, X., Zhang, R., Yang, X., Jiang, X., Wijesekera, D.: Voice Pharming Attack and the Trust of VoIP. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm), September 2008, pp. 1–11 (2008)

    Google Scholar 

  56. Wieser, C., Laakso, M., Schulzrinne, H.: Security Testing of SIP Implementations. Technical Report CUCS-024-03, Columbia University, Department of Computer Science (2003)

    Google Scholar 

  57. Wright, C.V., Ballard, L., Coulls, S., Monrose, F.N., Masson, G.M.: Spot Me If You Can: Recovering Spoken Phrases in Encrypted VoIP Conversations. In: Proceedings of IEEE Symposium on Security and Privacy, May 2008, pp. 35–49 (2008)

    Google Scholar 

  58. Wright, C.V., Ballard, L., Monrose, F.N., Masson, G.M.: Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? In: Proceedings of 16th USENIX Security Symposium, August 2007, pp. 1–12 (2007)

    Google Scholar 

  59. Wu, Y., Bagchi, S., Garg, S., Singh, N.: SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments. In: Proceedings of the Conference on Dependable Systems and Networks (DSN), June/July 2004, pp. 433–442 (2004)

    Google Scholar 

  60. Wu, Y.-S., Apte, V., Bagchi, S., Garg, S., Singh, N.: Intrusion Detection in Voice over IP Environments. International Journal of Information Security 8(3), 153–172 (2009)

    Article  Google Scholar 

  61. Zhang, G., Ehlert, S., Magedanz, T., Sisalem, D.: Denial of Service Attack and Prevention on SIP VoIP Infrastructures Using DNS Flooding. In: Proceedings of the 1st International Conference on Principles, Systems and Applications of IP Telecommunications (IPTCOMM), July 2007, pp. 57–66 (2007)

    Google Scholar 

  62. Zhang, R., Wang, X., Farley, R., Yang, X., Jiang, X.: On the Feasibility of Launching the Man-In-The-Middle Attacks on VoIP from Remote Attackers. In: Proceedings of the 4th International ACM Symposium on Information, Computer, and Communications Security (ASIACCS), March 2009, pp. 61–69 (2009)

    Google Scholar 

  63. Zhang, R., Wang, X., Yang, X., Jiang, X.: Billing Attacks on SIP-based VoIP Systems. In: Proceedings of the 1st USENIX workshop on Offensive Technologies, August 2007, pp. 1–8 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Keromytis, A.D. (2009). A Survey of Voice over IP Security Research. In: Prakash, A., Sen Gupta, I. (eds) Information Systems Security. ICISS 2009. Lecture Notes in Computer Science, vol 5905. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10772-6_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10772-6_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10771-9

  • Online ISBN: 978-3-642-10772-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics