Voice over IP Security: A Comprehensive Survey of by Angelos D. Keromytis

By Angelos D. Keromytis

Voice over IP (VoIP) and web Multimedia Subsystem applied sciences (IMS) are swiftly being followed via shoppers, organisations, governments and militaries. those applied sciences supply better flexibility and extra gains than conventional telephony (PSTN) infrastructures, in addition to the opportunity of lower price via apparatus consolidation and, for the shopper industry, new company types. notwithstanding, VoIP platforms additionally symbolize a better complexity by way of structure, protocols and implementation, with a corresponding raise within the strength for misuse.

In this e-book, the authors study the present situation on VoIP defense via a survey of 221 known/disclosed defense vulnerabilities in bug-tracking databases. We supplement this with a entire survey of the cutting-edge in VoIP defense learn that covers 245 papers. Juxtaposing our findings, we determine present parts of probability and deficiencies in examine concentration. This publication may still function a place to begin for figuring out the threats and dangers in a quickly evolving set of applied sciences which are seeing expanding deployment and use. an extra target is to achieve a greater figuring out of the safety panorama with admire to VoIP towards directing destiny study during this and different comparable rising applied sciences.

Show description

Read or Download Voice over IP Security: A Comprehensive Survey of Vulnerabilities and Academic Research (SpringerBriefs in Computer Science) PDF

Best security books

Simple Steps to Data Encryption: A Practical Guide to Secure Computing

Every person desires privateness and safety on-line, whatever that the majority laptop clients have roughly given up on so far as their own facts is worried. there's no scarcity of fine encryption software program, and no scarcity of books, articles and essays that purport to be approximately tips to use it. but there's priceless little for traditional clients who wish barely enough information regarding encryption to exploit it correctly and securely and appropriately--WITHOUT having to turn into specialists in cryptography.

Comprehensive Security in Asia: Views from Asia and the West on a Changing Security Environment

This is often an exam of "Comprehensive safeguard" as a coverage that is going past the necessities of army defence opposed to a specific "enemy" to emphasize the necessity to have in mind different elements very important to nationwide balance: nutrition, strength, surroundings, communique and social safeguard.

Protecting Human Security in Africa

Preserving Human defense in Africa discusses essentially the most powerful threats to human defense in Africa. It bargains in particular with these threats to the safety of African humans that are least understood or explored. In subject matters various from corruption, the proliferation of small fingers and lightweight guns, foodstuff protection, the devastation of inner displacement in Africa, the hyperlink among typical assets and human safeguard, to the issues of compelled labour, threatsto women's defense, and environmental protection, the ebook examines the felony and coverage demanding situations of defending human safety in Africa.

Extra resources for Voice over IP Security: A Comprehensive Survey of Vulnerabilities and Academic Research (SpringerBriefs in Computer Science)

Sample text

For example, improper handling of registration requests may allow attackers to receive messages intended for other users (CVE-2007-6095) (2,C1 , I2 ). Other such examples include failure to authenticate server certificates in wireless environments, enabling man-in-the-middle and eavesdropping attacks (CVE-2008-1114) (2,C1 , I2 ). Predictability and lack of proper use (or sources) of randomness is another vulnerability seen in VoIP products. For example, predictable values in SIP header messages (CVE-2002-1935) allows malicious users to avoid registering but continue using the service (4, I1 , I2 ).

The first uses reputation, with users indicating how much “trust” they have in the persons in their contact lists. These lists (and the trust values) are posted in a directory, where others can access them upon receiving a call from a previously unknown (to them) entity. This scheme requires that every user’s contact information be published, and that attackers cannot mask or change their identities. The second scheme is built around the notion of “payment at risk”, wherein a caller may be required to deposit a small amount to a SIP server prior to placing a call, depending on the callee’s or the SIP proxy’s policy.

They develop a signaling protocol for P2P SIP that uses two different Kademlia-based overlay networks for storing information and forwarding traffic, respectively. Their scheme requires a centralized authentication server, which provides verifiable identities at the application/SIP layer. They consider attacks against their scheme, shared with more general anonymity systems (such as Tor). They use analytical models to estimate communication reliability, cryptographic overhead, and end-to-end signaling latency.

Download PDF sample

Rated 4.16 of 5 – based on 21 votes