Voice over IP Security: A Comprehensive Survey of Vulnerabilities and Academic Research (SpringerBriefs in Computer Science)
Format: PDF / Kindle (mobi) / ePub
Voice over IP (VoIP) and Internet Multimedia Subsystem technologies (IMS) are rapidly being adopted by consumers, enterprises, governments and militaries. These technologies offer higher flexibility and more features than traditional telephony (PSTN) infrastructures, as well as the potential for lower cost through equipment consolidation and, for the consumer market, new business models. However, VoIP systems also represent a higher complexity in terms of architecture, protocols and implementation, with a corresponding increase in the potential for misuse.
In this book, the authors examine the current state of affairs on VoIP security through a survey of 221 known/disclosed security vulnerabilities in bug-tracking databases. We complement this with a comprehensive survey of the state of the art in VoIP security research that covers 245 papers. Juxtaposing our findings, we identify current areas of risk and deficiencies in research focus. This book should serve as a starting point for understanding the threats and risks in a rapidly evolving set of technologies that are seeing increasing deployment and use. An additional goal is to gain a better understanding of the security landscape with respect to VoIP toward directing future research in this and other similar emerging technologies.
annotated with the number of items in each category. 4.3 Survey of VoIP Security Research 29 Fig. 16 Classification tree for surveyed research literature 4.3 Survey of VoIP Security Research In the following two sections, we discuss the related work using the extended VoIPSA taxonomy, as described in Subsec. 4.2. For each classification area, we give the paper count as a crude indication of the level of activity. 4.3.1 VoIPSA-based Classification (111 items) We now discuss the work that
protocol used in both SIP and H.323. They analyze six different implementations, discovering confidentiality (eavesdropping a call), integrity (injecting voice into an ongoing call) and availability (performing DoS) compromises. This work assumes that no security mechanism (such as SRTP) is used. Wright et al.  apply machine learning techniques to determine the language spoken in a VoIP conversation, when a variable bit rate (VBR) voice codec is used based on the length of the encrypted
and Sia. And to my dad, Dennis. Preface When I decided to do a sabbatical with Symantec Research Labs Europe in the beautiful French Riviera, I was asked to work on a project about Voice over IP (VoIP) security. The goal of the VAMPIRE Project1 was to understand the threats and vulnerabilities of VoIP systems, and to inform the direction of further research efforts. Although I was interested in this problem space, I only knew the subject from the point of view of a security researcher who has
Magazine 35(1):41–50  Keromytis AD (2010) Voice over IP Security: Research and Practice. IEEE Security & Privacy Magazine 8(2):76–78 References 73  Kolan P, Dantu R (2007) Socio-technical Defense Against Voice Spamming. ACM Transactions on Autonomous and Adaptive Systems (TAAS) 2(1)  Kolan P, Dantu R, Cangussu JW (2008) Nuisance of a Voice Call. ACM Transactions on Multimedia Computing, Communications and Applications (TOMCCAP) 5(1):6:1–6:22  Kong L, Balasubramaniyan VB,
public Internet in a much more intimate fashion. In particular, the security gateway must process IPsec traffic, including the relatively complex IKEv2 protocol, and a number of UMA-related discovery and configuration protocols. These increase the attack surface and overall security exposure of the operators significantly. 2.3 Other VoIP Systems H.323 is an ITU-defined protocol family for VoIP (audio and video) over packetswitched data networks. The various subprotocols are encoded in ASN.1