Security Challenge and Defense in VoIP Infrastructures

Voice over Internet protocol (VoIP) has become a popular alternative to traditional public-switched telephone network (PSTN) networks that provides advantages of low cost and flexible advanced ldquodigitalrdquo features. The flexibility of the VoIP system and the convergence of voice and data networks brings with it additional security risks. These are in addition to the common security concerns faced by the underlying IP data network facilities that a VoIP system relies on. The result being that the VoIP network further complicates the security assurance mission faced by enterprises employing this technology. It is time to document various security issues that a VoIP infrastructure may face and analyze the challenges and solutions that may guide future research and development efforts. In this paper, we examine and investigate the concerns and requirements of VoIP security. After a thorough review of security issues and defense mechanisms, we focus on attacks and countermeasures unique to VoIP systems that are essential for current and future VoIP implantations. Then, we analyze two popular industry best practices for securing VoIP networks and conclude this paper with further discussion on future research directions. This paper aims to direct future research efforts and to offer helpful guidelines for practitioners.     

云计算安全对高校云服务的影响探讨

云计算的应用将数据存储、网络服务由用户桌面推向了Web,实现了高校各项事务的快速高效运行,也降低了硬件资源成本.但同时,随着云计算的拓展,其安全问题越来越受到关注.如用户信息在云端更易受到黑客攻击、蓄意窃取等非法利用.为此,基于云计算安全现状,探讨高校云计算安全性分析及参考模型,并从相关技术来提出解决云计算安全的对策和思路.     

VoIP网络信息安全研究

VoIP是基于分组交换的话音传输技术,与基于电路交换的传统电话架构有很大的不同。导致了VoIP网络特有的安全问题。另外,VoIP网络的实时性要求高,由于IP网络服务自身的特性以及各种安全策略的应用,给VoIP网络的性能和服务质量提出了挑战。对VoIP网络存在的安全威胁及各种安全措施进行分析,并对VoIP系统的部署和VoIP管理政策的制定提出建议。     

Vulnerability analysis and best practices for adopting IP telephony in critical infrastructure sectors

IP telephony has been rapidly introduced to replace the traditional circuit switched infrastructure for telephony services. This change has had an enormous impact on critical-infrastructure (CI) sectors, which are expected to become increasingly dependent on IP telephony services. Reliable and secure telephony service is a key concern confronting most organizations in the critical-infrastructure sector today. With the proliferation of voice over IP (VoIP) services in these organizations, it is important for them to understand the security vulnerabilities and come up with a set of best practices during the evolution of the IP telephony services. This article outlines the potential security issues faced by CI sectors as they transform their traditional phone systems into VoIP systems. Vulnerability analyses are conducted to understand the impact of VoIP security challenges in the new convergent network paradigm. The most common security measures are analyzed to identify their strengths and limitations in combating these new security challenges. A set of recommendations and best practices are offered to address the key issues of VoIP security as IP telephony is being introduced into critical infrastructure.     

漫谈VoIP技术发展趋势——H.325:第三代多媒体系统

目前在Internet或IP网络上应用的VoIP技术主要是基于H．323或者SIP开发的。随着技术和需求的发展,VoIP要求能够同时提供话音、数据和视频等多种业务,向下一代网络NGN演进。为了更好地满足NGN的需求,弥补现有系统的不足,ITU提出了下一代多媒体系统H．325协议的概念,它的重点在于实现控制单元和服务单元的分离,更好地支持多种媒体编码协议的互通,提高系统的QoS以及安全性。H．325有望成为下一代VoIP技术的支撑协议。     

A Novel Approach to Analyzing for Detecting Malicious Network Activity Using a Cloud Computing Testbed

Recent developments have caused the expansion of various cloud computing environments and services. Cloud computing environments have led to research in the areas of data processing, virtual environments, and access control. Information security is the most important research area for these environments security. In this study, we analyzed typical example of network testbeds, which have been used for malicious activity data collection and its subsequent analysis. Further, we propose an effective malicious network application testbed, which is based on a cloud system. We also verified the performance of our new testbed by comparing real malicious activity with the cloud-based testbed results.     

Supporting multimedia applications through network redesign

Recent evolutions in high‐performance computing and high speed broadband Internet access have paved a way to enterprise‐wide multimedia applications, which require stern QoS from the underlying networks. In this paper, we have explored threefold studies on existing enterprise network, whereby we proposed an analytical approach to evaluate the performance of the existing network; we have examined the feasibility of existing enterprise networks to accommodate voice over Internet protocol (VoIP) services with acceptable QoS, and we have redesigned the enterprise network to accommodate VoIP services to comply with the user defined QoS. The network performance is evaluated by number of VoIP calls sustained by the network, bandwidth utilization, loss rate and latency through Network Simulation (NS‐2) tool. We have derived a cost model to show the cost‐effectiveness of VoIP services over telephonic network. For a medium‐size enterprise network of 200 clients and 9 servers, our simulation results show that the redesign improves the network performance by increasing the number of VoIP calls by 57% and decreasing bandwidth utilization and packet loss rate by 20% and 7%, respectively. Moreover, the proposed network redesign demonstrates that the network can be scalable and it can handle up to 4% increased voice calls in the future maintaining QoS standards. Copyright © 2012 John Wiley & Sons, Ltd.     

Blocking attacks on SIP VoIP proxies caused by external processing

As Voice over IP (VoIP) applications become increasingly popular, they are more and more facing security challenges that have not been present in the traditional Public Switched Telephone Network (PSTN). One of the reasons is that VoIP applications rely heavily on external Internet-based infrastructures (e.g., DNS server, web server), so that vulnerabilities of these external infrastructures have an impact on the security of VoIP systems as well. This article presents a Denial of Service (DoS) attack on VoIP systems by exploiting long response times of external infrastructures. This attack can lead the whole VoIP system in a blocked state thus reducing the availability of its provided signalling services. The results of our experiments prove the feasibility of blocking attacks. Finally, we also discuss several defending methods and present an improved protection mechanism against blocking attacks.     

实施VoIP过程中的安全性考虑

随着 VoIP(Voice over IP)技术在全球电信市场的不断普及,VoIP的安全问题迫切需要得到解决,而这也是运营商开展业务的前提.VoIP安全可以分为业务的正常提供、业务内容的保密、呼叫者身份确认和系统安全等.文章分析了VoIP目前存在的安全威胁及其相应的防范措施.     

A framework for critical security factors that influence the decision of cloud adoption by Saudi government agencies

Cloud computing technologies can play an essential role in public organisations and companies while it reduces the cost of using information technology services. It allows users to access the service anytime and anywhere, with paying for what they use. In developing countries, such as Saudi Arabia, the cloud computing is still not extensively adopted, compared to countries in the west. In order to encourage the adoption of cloud services, it is considerable to understand an important and particular complications regarding to cloud computing is the potential and perceived security risks and benefits posed by implementing such technology.This paper investigates the critical security factors that influence the decision to adopt cloud computing by Saudi government agencies. A framework was proposed for three categories, Social Factors category, Cloud Security Risks Category and Perceived Cloud Security Benefits that includes well-known cloud security features. The framework factors were identified by critically reviewing studies found in the literature together with factors from the industrial standards within the context of Saudi Arabia. An experiment study was conducted in five government agencies in Saudi Arabia by interview and questionnaire with experts in order to improve and confirm the framework. All the factors in the proposed framework were found to be statistically significant. An additional factor identified was Failure of client side encryption. Moreover, they suggested including this factor as a potential risk under Security Risk Factors Category. The initial framework was updated based on the expert reviews and questionnaires. The results were analysed via one-sample t-test with the data integrity analysed via Cronbach’s alpha. The outcome indicated the majority of cloud security adoption framework categories were statistically significant. Potential future study directions and contributions are discussed.     

SoftMAC: Layer 2.5 Collaborative MAC for Multimedia Support in Multihop Wireless Networks

In this paper, we present the challenges in supporting multimedia, in particular, VoIP services over multihop wireless networks using commercial IEEE 802.11 MAC DCF hardware, and propose a novel software solution, called Layer 2.5 SoftMAC. Our proposed SoftMAC resides between the IEEE 802.11 MAC layer and the IP layer to coordinate the real-time (RT) multimedia and best-effort (BE) data packet transmission among neighboring nodes in a multihop wireless network. To effectively ensure acceptable VoIP services, channel busy time and collision rate need to be well controlled below appropriate levels. Targeted at this, our SoftMAC architecture employs three key mechanisms: 1) distributed admission control for regulating the load of RT traffic, 2) rate control for minimizing the impact of BT traffic on RT one, and 3) nonpreemptive priority queuing for providing high priority service to VoIP traffic. To evaluate the efficacy of these mechanisms, extensive simulations are conducted using the network simulator NS2. We also implement our proposed SoftMAC as a Windows network driver interlace specification (NDIS) driver and build a multihop wireless network testbed with 32 wireless nodes equipped with IEEE 802.11 a/b/g combo cards. Our evaluation and testing results demonstrate the effectiveness of our proposed software solution. Our proposed collaborative SoftMAC framework can also provide good support for A/V streaming in home networks where the network consists of hybrid WLAN (wireless LAN) and Ethernet     

Implementing a secure VoIP communication over SIP-based networks

Recent years the Session Initiation Protocol (SIP) is commonly used in establishing Voice over IP (VoIP) calls and has become the centerpiece for most VoIP architecture. As wireless and mobile all-IP networks become prosperous, free VoIP applications are utilized in all places. Consequently, the security VoIP is a crucial requirements for its adoption. Many authentication and key agreement schemes are proposed to protect the SIP messages, however, lacking concrete implementations. The performance of VoIP is critical for users’ impressions. In view of this, this paper studies the performance impact of using key agreements, elliptic curve Diffie–Hellman and elliptic curve Menezes–Qu–Vanstone, for making a SIP-based VoIP call. We evaluate the key agreement cost using spongycastle.jce.provider package in Java running on android-based mobile phones, the effect of using different elliptic curves and analyze the security of both key agreements. Furthermore, we design a practical and efficient authentication mechanism to deploy our VoIP architecture and show that a VoIP call can be established in an acceptable interval. As a result, this paper provides a concrete and feasible architecture to secure a VoIP call.     

VoIP insecurity

As voice over Internet Protocol (VoIP) moves into the mainstream in the UK, and new IP-based services such as IIPTV become available, there is a serious need to secure these systems. With the public switched telephone network (PSTN), users at all levels have peace of mind that the lines are not only reliable and available, but highly secure. A proactive security strategy which addresses security at multiple levels and understands the unique nature of telecommunication networks is critical to enable organizations and service providers to maximize the true potential of VoIP technology, create cost savings and deliver highly available and reliable services to their customers and employees     

面向SaaS云平台的安全漏洞评分方法研究

对不同的第三方提供的云服务进行漏洞评分是一项充满挑战的任务。针对一些基于云平台的重要因素,例如业务环境（业务间的依赖关系等）,提出了一种新的安全框架VScorer,用于对基于不同需求的云服务进行漏洞评分。通过对VScorer输入具体的业务场景和安全需求,云服务商可以在满足安全需求的基础上获得一个漏洞排名。根据漏洞排名列表,云服务提供商可以修补最关键的漏洞。在此基础上开发了VScorer的原型,并且证实它比现有最具有代表性的安全漏洞评分系统CVSS表现得更为出色。     

移动云计算安全问题及安全度量方法浅析

移动云计算安全度量是云计算安全中的一个研究领域,主要是研究采用手机等移动终端设备,通过移动互联网使用云计算服务过程中的安全问题及安全度量方法。本文分析了目前移动云计算行业发展过程中存在的安全问题,指出了这些安全问题是阻碍用户使用云计算服务的关键,分析了传统的安全度量方法在移动云计算中的应用的优缺点,并在此基础上提出了一种基于场景的移动云计算安全度量方法,该方法可以有效度量和展示用户正在使用的云计算服务的安全情况,可以解除用户对于安全的顾虑,让用户放心使用。     

面向固定移动融合环境的P2PSIP系统设计

全业务运营是电信市场继语音和宽带接入服务之后的下一个增长点,而基于IP的融合有线网络和无线网络的语音服务则是全业务的重点之一。本文通过分析现有VoIP网络存在的问题以及固定移动融合网络环境下VoIP的特点,提出一种新型双层重叠网架构的P2PSIP架构,并阐述了新型架构的优点及双层重叠网之间的通信机制。新型架构能有效提高系统的安全性、健壮性和用户节点资源利用效率,更好的满足固定移动融合网络环境下VoIP对带宽、网络质量和安全性的要求。     

云网融合背景下的网络安全与数据保护

随着信息技术的飞速发展,云网融合已经成为当下的热门话题。它不仅提供了新的应用模式,还深刻地改变了网络安全的格局。文中探讨了云网融合的基本概念、其对网络安全的影响以及在此背景下数据安全面临的风险。同时,文中也提出了一系列对策,以应对这些风险和挑战。     

VoIP基础电信服务的运营环境探讨

从普遍服务、互联互通、用户名/编号、执法监听、紧急呼叫与基于位置的监管等六方面介绍了政府管制的内容,并分析了其对VoIP运营环境的影响.阐明了VoIP运营环境中可能的资费组成具有的特征：VoIP业务使用与承载网络资源使用分别计费;同一运营商内部实行低廉的VoIP基础资费;不同运营商之间的业务互通支付单独费用;服务质量和安全保障将成为附加的VoIP服务.     

A simplified deniable authentication scheme in cloud‐based pay‐TV system with privacy protection

Cloud computing is a milestones for computing model, which enables on‐demand, flexible, and low‐cost usage of computing resources, especially for cloud storage. Nowadays, the services of cloud‐based pay‐TV systems are emerging endlessly. But these pay‐TV systems' privacy is not given enough attention. The users not only care about their information revealed during transmission processes but are also concerned about whether the video contents that they have seen were recorded by the pay‐TV systems or not. In this work, I propose a novel deniable authentication protocol in a cloud‐based pay‐TV system, named DAP‐TV, aiming to achieve mutual authentication, deniability, and privacy protection in cloud‐based pay‐TV systems. The unique feature of our scheme is deniability which means a pay‐TV system to identify a user is a legal user, but the pay‐TV system cannot prove video contents that the user has seen to any third party over an unsecured network. In additon, our scheme is based on chaotic maps, which is a highly efficient cryptosystem and is firstly used to construct a deniable authentication scheme in pay‐TV systems. Finally, we give the formal security proof and efficiency comparison with recently related works.     

A dynamic fog service provisioning approach for IoT applications

Internet of Things (IoT) is an ecosystem that can improve the life quality of humans through smart services, thereby facilitating everyday tasks. Connecting to cloud and utilizing its services are now public and common, and the experts seek to find some ways to complete cloud computing to use it in IoT, which in next decades will make everything online. Fog computing, where the cloud computing expands to the edge of the network, is one way to achieve the objectives of delay reduction, immediate processing, and network congestion. Since IoT devices produce variations of workloads over time, IoT application services will experience traffic trace fluctuations. So knowing about the distribution of future workloads required to handle IoT workload while meeting the QoS constraint. As a result, in the context of fog computing, the main objective of resource management is dynamic resource provisioning such that it avoids the excess or dearth of provisioning. In the present work, we first propose a distributed computing framework for autonomic resource management in the context of fog computing. Then, we provide a customized version of a provisioning system for IoT services based on control MAPE‐k loop. The system makes use of a reinforcement learning technique as decision maker in planning phase and support vector regression technique in analysis phase. At the end, we conduct a family of simulation‐based experiments to assess the performance of our introduced system. The average delay, cost, and delay violation are decreased by 1.95%, 11%, and 5.1%, respectively, compared with existing solutions.