A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems.

[1]  Christoph Pörschmann,et al.  Analysis of Spectral Parameters of Audio Signals for the Identification of Spam Over IP Telephony , 2008, CEAS.

[2]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[3]  Jon Postel,et al.  User Datagram Protocol , 1980, RFC.

[4]  Charlie Kaufman,et al.  Internet Key Exchange (IKEv2) Protocol , 2005, RFC.

[5]  Costas Lambrinoudakis,et al.  A framework for protecting a SIP-based infrastructure against malformed message attacks , 2007, Comput. Networks.

[6]  Radu State,et al.  Abusing SIP Authentication , 2008, 2008 The Fourth International Conference on Information Assurance and Security.

[7]  Dipak Ghosal,et al.  STEM: Secure Telephony Enabled Middlebox , 2002 .

[8]  Jinhua Guo,et al.  Security Challenge and Defense in VoIP Infrastructures , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[9]  Vijay K. Gurbani,et al.  A Survey and Analysis of Media Keying Techniques in the Session Initiation Protocol (SIP) , 2011, IEEE Communications Surveys & Tutorials.

[10]  Danny Crookes,et al.  Shoeprint Image Retrieval Based on Local Image Features , 2007 .

[11]  P.C.K. Hung,et al.  Towards a security policy for VoIP applications , 2005, Canadian Conference on Electrical and Computer Engineering, 2005..

[12]  Vijay K. Gurbani,et al.  Statistical Analysis of Self-Similar Session Initiation Protocol (SIP) Messages for Anomaly Detection , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[13]  Wilfried N. Gansterer,et al.  Enhancing ZRTP by using Computational Puzzles , 2008, J. Univers. Comput. Sci..

[14]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[15]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[16]  Franz J. Hauck,et al.  Proxy-based Security for the Session Initiation Protocol (SIP) , 2007, 2007 Second International Conference on Systems and Networks Communications (ICSNC 2007).

[17]  Radu State,et al.  Fuzzing for vulnerabilities in the VoIP space , 2008 .

[18]  D. Richard Kuhn,et al.  Challenges in securing voice over IP , 2005, IEEE Security & Privacy Magazine.

[19]  Muhammad Ali Akbar,et al.  Evaluating DoS Attacks against Sip-Based VoIP Systems , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[20]  Giannis F. Marias,et al.  Threat Analysis of the Session Initiation Protocol Regarding Spam , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[21]  M.A. Akbar,et al.  A comparative study of anomaly detection algorithms for detection of SIP flooding in IMS , 2008, 2008 2nd International Conference on Internet Multimedia Services Architecture and Applications.

[22]  Saurabh Bagchi,et al.  Spam detection in voice-over-IP calls through semi-supervised clustering , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[23]  M. Moh,et al.  Specification-based intrusion detection for H.323-based voice over IP , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[24]  Ashraf D. Elbayoumy,et al.  QoS control using an end-point CPU capability detector in a secure VoIP system , 2005, 10th IEEE Symposium on Computers and Communications (ISCC'05).

[25]  Vitaly Shmatikov,et al.  Security Analysis of Voice-over-IP Protocols , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[26]  Sushil Jajodia,et al.  Fast Detection of Denial-of-Service Attacks on IP Telephony , 2006, 200614th IEEE International Workshop on Quality of Service.

[27]  Hyung-Jong Kim,et al.  DEVS-Based modeling of VoIP spam callers' behavior for SPIT level calculation , 2009, Simul. Model. Pract. Theory.

[28]  Nathan S. Evans,et al.  Pr2-P2PSIP: privacy preserving P2P signaling for VoIP and IM , 2010, IPTComm.

[29]  Keecheon Kim,et al.  Secure Session Management Mechanism in VoIP Service , 2007, ISPA Workshops.

[30]  Ting Wang A VoIP anti-Spam System based on Reverse Turing Test , 2008 .

[31]  Willem van Willigenburg,et al.  Middleboxes: Controllable media firewalls , 2002, Bell Labs Technical Journal.

[32]  Cheng-Chi Lee,et al.  A New Authentication Scheme for Session Initiation Protocol , 2009, J. Digit. Inf. Manag..

[33]  Ge Zhang,et al.  Peer-to-Peer VoIP Communications Using Anonymisation Overlay Networks , 2010, Communications and Multimedia Security.

[34]  Guanrong Chen,et al.  Cryptanalysis of a data security protection scheme for VoIP , 2006 .

[35]  Angelos D. Keromytis,et al.  Towards a Forensic Analysis for Multimedia Communication Services , 2011, 2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications.

[36]  Charles V. Wright,et al.  Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[37]  Nilanjan Banerjee,et al.  Anti-vamming trust enforcement in peer-to-peer VoIP networks , 2006, IWCMC '06.

[38]  Johan Bilien,et al.  Secure VoIP : call establishment and media protection , 2005 .

[39]  Thomas Magedanz,et al.  Denial of service attack and prevention on SIP VoIP infrastructures using DNS flooding , 2007, IPTComm '07.

[40]  Dongwook Shin,et al.  Progressive multi gray-leveling: a voice spam protection algorithm , 2006, IEEE Network.

[41]  Nikos Vrakas,et al.  Utilizing bloom filters for detecting flooding attacks against SIP based services , 2009, Comput. Secur..

[42]  Danny Bradbury The security challenges inherent in VoIP , 2007, Comput. Secur..

[43]  R. Dantu,et al.  Securing VoIP and PSTN from integrated signaling network vulnerabilities , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[44]  Georgios Kambourakis,et al.  Two layer Denial of Service prevention on SIP VoIP infrastructures , 2008, Comput. Commun..

[45]  Distributed Computing Group, ETH Zurich , 2006 .

[46]  Thomas Magedanz,et al.  Intrusion Detection System for Denial-of-Service flooding attacks in SIP communication networks , 2009, Int. J. Secur. Networks.

[47]  Dorgham Sisalem,et al.  SDRS: A Voice-over-IP Spam Detection and Reaction System , 2008, IEEE Security & Privacy.

[48]  Muhammad Sher,et al.  Detecting flooding attacks against IP Multimedia Subsystem (IMS) networks , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.

[49]  Eric Rescorla,et al.  Datagram Transport Layer Security , 2006, RFC.

[50]  Lyndon Ong,et al.  An Introduction to the Stream Control Transmission Protocol (SCTP) , 2002, RFC.

[51]  Matt Blaze,et al.  The real national-security needs for VoIP , 2005, CACM.

[52]  Giannis F. Marias,et al.  SIP Vulnerabilities and Anti-SPIT Mechanisms Assessment , 2007, 2007 16th International Conference on Computer Communications and Networks.

[53]  Kumar Srivastava,et al.  Preventing Spam For SIP-based Instant Messages and Sessions , 2004 .

[54]  Ashraf D. Elbayoumy,et al.  Stream or Block Cipher for Securing VoIP? , 2007, Int. J. Netw. Secur..

[55]  T. Dagiuklas,et al.  Novel Protecting Mechanism for SIP-Based Infrastructure against Malformed Message Attacks : Performance Evaluation Study , 2022 .

[56]  Julien Iguchi-Cartigny,et al.  Closed-Circuit Unobservable Voice over IP , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[57]  Ernest Foo,et al.  A new authentication mechanism and key agreement protocol for SIP using identity-based cryptography , 2006 .

[58]  Marit Hansen,et al.  Developing a Legally Compliant Reachability Management System as a Countermeasure against SPIT 1 , 2006 .

[59]  A. Bremler-Barr,et al.  Unregister Attacks in SIP , 2006, 2006 2nd IEEE Workshop on Secure Network Protocols.

[60]  Antonino Mazzeo,et al.  Title of the deliverable: Towards a Secure and Reliable VoIP Infrastructure , 2005 .

[61]  Costas Lambrinoudakis,et al.  A Mechanism for Ensuring the Validity and Accuracy of the Billing Services in IP Telephony , 2008, TrustBus.

[62]  Dipak Ghosal,et al.  Secure IP Telephony using Multi-layered Protection , 2003, NDSS.

[63]  Xinyuan Wang,et al.  VoIP Security: Vulnerabilities, Exploits, and Defenses , 2011, Adv. Comput..

[64]  Ram Dantu,et al.  Detecting Spam in VoIP Networks , 2005, SRUTI.

[65]  Rasool Jalili,et al.  A Robust and Efficient SIP Authentication Scheme , 2008 .

[66]  E. Chang,et al.  Secure and Mobile VoIP , 2007, 2007 International Conference on Convergence Information Technology (ICCIT 2007).

[67]  Ralf Steinmetz,et al.  Vulnerabilities and Security Limitations of current IP Telephony Systems , 2001, Communications and Multimedia Security.

[68]  Liam Kilmartin,et al.  Performance analysis of secure session initiation protocol based VoIP networks , 2003, Comput. Commun..

[69]  Muhammad Ali Akbar,et al.  Application of evolutionary algorithms in detection of SIP based flooding attacks , 2009, GECCO '09.

[70]  Chou Chen Yang,et al.  Secure authentication scheme for session initiation protocol , 2005, Comput. Secur..

[71]  Chi Zhou,et al.  Sketch-Based SIP Flooding Detection Using Hellinger Distance , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[72]  Thomas Magedanz,et al.  Increasing SIP firewall performance by ruleset size limitation , 2008, 2008 IEEE 19th International Symposium on Personal, Indoor and Mobile Radio Communications.

[73]  S. McGann An Analysis of Security Threats and Tools in SIP-Based VoIP Systems , 2005 .

[74]  Muhammad Younus Javed,et al.  Attack analysis & bio-inspired security framework for IP multimedia subsystem , 2008, GECCO '08.

[75]  Sushil Jajodia,et al.  VoIP Intrusion Detection Through Interacting Protocol State Machines , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[76]  Radu State,et al.  Monitoring SIP Traffic Using Support Vector Machines , 2008, RAID.

[77]  Costas Lambrinoudakis,et al.  A Cost-Effective Mechanism for Protecting SIP Based Internet Telephony Services Against Signaling Attacks , 2008, MobiMedia.

[78]  Jiun-In Guo,et al.  New voice over Internet protocol technique with hierarchical data security protection , 2002 .

[79]  Jürgen Quittek,et al.  On Spam over Internet Telephony (SPIT) Prevention , 2008, IEEE Communications Magazine.

[80]  T. Magedanz,et al.  Protecting IP Multimedia Subsystem (IMS) Service Delivery Platform from Time Independent Attacks , 2007 .

[81]  Miika Komu,et al.  Cure for Spam Over Internet Telephony , 2007, 2007 4th IEEE Consumer Communications and Networking Conference.

[82]  S. Ehlert,et al.  Specification-Based Denial-of-Service Detection for SIP Voice-over-IP Networks , 2008, 2008 The Third International Conference on Internet Monitoring and Protection.

[83]  Mark Handley,et al.  SDP: Session Description Protocol , 1998, RFC.

[84]  Ram Dantu,et al.  Socio-technical defense against voice spamming , 2007, TAAS.

[85]  Wojciech Mazurczyk,et al.  New security and control protocol for VoIP based on steganography and digital watermarking , 2006, Ann. UMCS Informatica.

[86]  Alexander L. Stolyar,et al.  Load characterization and anomaly detection for voice over IP traffic , 2005, IEEE Trans. Neural Networks.

[87]  Mudhakar Srivatsa,et al.  Preserving Caller Anonymity in Voice-over-IP Networks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[88]  Cheng-Chi Lee On Security of An Efficient Nonce-based Authentication Scheme for SIP , 2009, Int. J. Netw. Secur..

[89]  Vijay K. Gurbani,et al.  A secure and lightweight scheme for media keying in the session initiation protocol (SIP): work in progress , 2010, IPTComm.

[90]  Takehiro Takahashi,et al.  An assessment of VoIP covert channel threats , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[91]  Mark Handley,et al.  Internet Denial-of-Service Considerations , 2006, RFC.

[92]  Patrick C. K. Hung,et al.  THROUGH THE LOOKING GLASS : SECURITY ISSUES IN VOIP APPLICATIONS , 2006 .

[93]  Chita R. Das,et al.  Exploring Anti-Spam Models in Large Scale VoIP Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[94]  Xuxian Jiang,et al.  On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers , 2009, ASIACCS '09.

[95]  Sushil Jajodia,et al.  On the anonymity and traceability of peer-to-peer VoIP calls , 2006, IEEE Network.

[96]  Gregory S. Tucker Voice Over Internet Protocol (VoIP) and Security , 2005 .

[97]  Johan Bilien Key Agreement for Secure Voice over IP , 2003 .

[98]  Samir Saklikar,et al.  Identity federation for voip-based services , 2007, DIM '07.

[99]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[100]  Costas Lambrinoudakis,et al.  Survey of security vulnerabilities in session initiation protocol , 2006, IEEE Communications Surveys & Tutorials.

[101]  Blake Ramsdell,et al.  Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification , 2004, RFC.

[102]  M. Ahamad,et al.  A lightweight scheme for securely and reliably locating SIP users , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[103]  Salvatore J. Stolfo,et al.  Casting out Demons: Sanitizing Training Data for Anomaly Sensors , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[104]  Thomas J. Walsh,et al.  Security Considerations for Voice Over IP Systems , 2005 .

[105]  Son T. Vuong,et al.  BLAZE: A Mobile Agent Paradigm for VoIP Intrusion Detection Systems , 2004, ICETE.

[106]  Y. Rebahi,et al.  SIP Service Providers and The Spam Problem , 2005 .

[107]  Byeong-Hee Roh,et al.  Detection of SIP De-Registration and Call-Disruption Attacks Using a Retransmission Mechanism and a Countermeasure Scheme , 2008, 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems.

[108]  Xuxian Jiang,et al.  Billing Attacks on SIP-Based VoIP Systems , 2007, WOOT.

[109]  Nikos Vrakas,et al.  Performance Evaluation of a Flooding Detection Mechanism for VoIP Networks , 2009, 2009 16th International Conference on Systems, Signals and Image Processing.

[110]  Patrick McDaniel,et al.  Voice-over-IP Security: Research and Practice , 2010 .

[111]  R. State,et al.  VoIP security assessment: methods and tools , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[112]  V. Vaidehi,et al.  Authentication of Signaling in VoIP Applications , 2005, 2005 Asia-Pacific Conference on Communications.

[113]  Klaus-Robert Müller,et al.  A Self-learning System for Detection of Anomalous SIP Messages , 2008, IPTComm.

[114]  Feng Cao,et al.  Vulnerability analysis and best practices for adopting IP telephony in critical infrastructure sectors , 2006, IEEE Communications Magazine.

[115]  Jan Seedorf Security challenges for peer-to-peer SIP , 2006, IEEE Network.

[116]  Henning Schulzrinne,et al.  Issues and challenges in securing VoIP , 2009, Comput. Secur..

[117]  Ram Dantu,et al.  Defense against SPIT using community signals , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[118]  William Yurcik,et al.  Multiple design patterns for voice over IP (VoIP) security , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[119]  Saurabh Bagchi,et al.  Spacedive: a Distributed Intrusion Detection System for Voice-over-ip Environments Spacedive: a Distributed Intrusion Detection System for Voice-over-ip Environments , 2005 .

[120]  Henning Schulzrinne,et al.  Security testing of SIP implementations , 2003 .

[121]  Costas Lambrinoudakis,et al.  A lightweight protection mechanism against signaling attacks in a SIP-based VoIP environment , 2007, Telecommun. Syst..

[122]  SisalemD.,et al.  Denial of service attacks targeting a SIP VoIP infrastructure , 2006 .

[123]  Haesun Park,et al.  CallRank: Combating SPIT Using Call Duration, Social Networks and Global Reputation , 2007, CEAS.

[124]  Utz Roedig,et al.  Intrusion detection systems for IP telephony networks , 2002 .

[125]  G. Me,et al.  An overview of some techniques to exploit VoIP over WLAN , 2006, International Conference on Digital Telecommunications (ICDT'06).

[126]  Rauli Kaksonen,et al.  System Security Assessment through Specification Mutations and Fault Injection , 2001, Communications and Multimedia Security.

[127]  Ralf Steinmetz,et al.  Evaluating and improving firewalls for IP-telephony environments , 2000 .

[128]  Jia Lun Tsai Efficient Nonce-based Authentication Scheme for Session Initiation Protocol , 2009, Int. J. Netw. Secur..

[129]  Adrian Rishi Madhosingh The Design of a Differentiated Session Initiation Protocol to Control VoIP Spam , 2006 .

[130]  Eve Edelson VoIP: Voice over IP: security pitfalls , 2005 .

[131]  Sushil Jajodia,et al.  Detecting VoIP Floods Using the Hellinger Distance , 2008, IEEE Transactions on Parallel and Distributed Systems.

[132]  Philip S. Yu,et al.  Finding "Who Is Talking to Whom" in VoIP Networks via Progressive Stream Clustering , 2006, Sixth International Conference on Data Mining (ICDM'06).

[133]  Radu State,et al.  Holistic VoIP intrusion detection and prevention system , 2007, IPTComm '07.

[134]  Henning Schulzrinne,et al.  Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems , 2008, IPTComm.

[135]  Yuqing Zhang,et al.  A new provably secure authentication and key agreement mechanism for SIP using certificateless public-key cryptography , 2008, Comput. Commun..

[136]  P. Thermos,et al.  Vulnerabilities in SOHO VoIP gateways , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[137]  Jacqui Chau Security issues around the deployment of VoIP and multimedia protocols in wireless and firewalled environments , 2006 .

[138]  Radu State,et al.  KiF: a stateful SIP fuzzer , 2007, IPTComm '07.

[139]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[140]  Andrew Woodward,et al.  Network Security - Is IP Telephony helping the cause? , 2007 .

[141]  Title of the deliverable : Spit detection and handling strategies for VoIP infrastructures , .

[142]  Saurabh Bagchi,et al.  SCIDIVE: a stateful and cross protocol intrusion detection architecture for voice-over-IP environments , 2004, International Conference on Dependable Systems and Networks, 2004.

[143]  D Keromytis Angelos,et al.  VOICE OVER IP: RISKS, THREATS AND VULNERABILITIES , 2009 .

[144]  Dimitris Gritzalis,et al.  A SIP-oriented SPIT Management Framework , 2008, Comput. Secur..

[145]  R. MacIntosh,et al.  Detection and mitigation of spam in IP telephony networks using signaling protocol analysis , 2005, IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communication, 2005..

[146]  Guiping Su,et al.  Intrusion detection system for signal based SIP attacks through timed HCPN , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[147]  Saverio Niccolini,et al.  Protecting SIP-Based Networks and Services from Unwanted Communications , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[148]  Dimitris Gritzalis,et al.  OntoSPIT: SPIT management through ontologies , 2009, Comput. Commun..

[149]  W.J. Rippon Threat assessment of IP based voice systems , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[150]  Saverio Niccolini,et al.  A policy framework for personalized and role-based SPIT prevention , 2009, IPTComm.

[151]  Sandra L. Murphy,et al.  BGP Security Vulnerabilities Analysis , 2006, RFC.

[152]  Andrew Woodward,et al.  Securing VoIP - a framework to mitigate or manage risks , 2007 .

[153]  A.F. Faryar,et al.  Carrier VoIP Security Architecture , 2006, Networks 2006. 12th International Telecommunications Network Strategy and Planning Symposium.

[154]  Hong Yan,et al.  Incorporating Active Fingerprinting into SPIT Prevention Systems , 2006 .

[155]  Henning Schulzrinne,et al.  An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol , 2004, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[156]  Dimitris Gritzalis,et al.  SPIT Identification Criteria Implementation: Effectiveness and Lessons Learned , 2008, SEC.

[157]  Humberto Abdelnur,et al.  SIP digest authentication relay attack , 2009 .

[158]  Sushil Jajodia,et al.  Tracking anonymous peer-to-peer VoIP calls on the internet , 2005, CCS '05.

[159]  David G. Messerschmitt,et al.  The Impact of Confidentiality on Quality of Service in Heterogeneous Voice over IP Networks , 2001, MMNS.

[160]  Thomas Magedanz,et al.  VoIP defender: highly scalable SIP-based security architecture , 2007, IPTComm '07.

[161]  T. Dagiuklas,et al.  SIP Security Mechanisms : A state-ofthe-art review , 2005 .

[162]  Christoph Sorge,et al.  A Provider-Level Reputation System for Assessing the Quality of SPIT Mitigation Algorithms , 2009, 2009 IEEE International Conference on Communications.

[163]  Costas Lambrinoudakis,et al.  A framework for detecting malformed messages in SIP networks , 2005, 2005 14th IEEE Workshop on Local & Metropolitan Area Networks.

[164]  P. Biondi,et al.  Silver Needle in the Skype , 2006 .

[165]  Patrick C. K. Hung,et al.  Security Issues in VOIP Applications , 2006, 2006 Canadian Conference on Electrical and Computer Engineering.

[166]  Douglas C. Sicker,et al.  VoIP Security: Not an Afterthought , 2004, ACM Queue.

[167]  Ingemar Johansson,et al.  Support for Reduced-Size Real-Time Transport Control Protocol (RTCP): Opportunities and Consequences , 2009, RFC.

[168]  Costas Lambrinoudakis,et al.  An ontology description for SIP security flaws , 2007, Comput. Commun..

[169]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[170]  Yan Bai,et al.  A survey of VoIP intrusions and intrusion detection systems , 2004, The 6th International Conference on Advanced Communication Technology, 2004..

[171]  Elizabeth Chang,et al.  Secure mobile VoIP , 2007 .

[172]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[173]  Tei-Wei Kuo,et al.  Design and Implementation of SIP Security , 2005, ICOIN.

[174]  Radu State,et al.  Assessing the security of VoIP Services , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[175]  Mudhakar Srivatsa,et al.  Privacy in VoIP Networks: A k-Anonymity Approach , 2009, IEEE INFOCOM 2009.

[176]  Ram Dantu,et al.  Nuisance level of a voice call , 2008, TOMCCAP.

[177]  Antonino Mazzeo,et al.  Security design and evaluation in a VoIP secure infrastracture: a policy based approach , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[178]  Jörg Schwenk,et al.  Voice over IP - Sichere Umstellung der Sprachkommunikation auf IP-Technologie , 2005 .

[179]  Nicolai Kuntze,et al.  Non-Repudiation in Internet Telephony , 2007, SEC.

[180]  D. Sisalem,et al.  SIP Spam Detection , 2006, International Conference on Digital Telecommunications (ICDT'06).

[181]  Henning Schulzrinne,et al.  Have I met you before?: using cross-media relations to reduce SPIT , 2009, IPTComm.

[182]  Jeff Hodges,et al.  Using SAML to protect the session initiation protocol (SIP) , 2006, IEEE Network.

[183]  Wojciech Mazurczyk,et al.  New VoIP Traffic Security Scheme with Digital Watermarking , 2006, SAFECOMP.

[184]  Dorgham Sisalem,et al.  A comparative analysis of the security aspects of the multimedia key exchange protocols , 2009, IPTComm.

[185]  Luca Veltri,et al.  SIP security issues: the SIP authentication procedure and its processing load , 2002, IEEE Netw..

[186]  Ibrahim Sogukpinar,et al.  SIP Authentication Scheme using ECDH , 2007 .

[187]  Erik Eliasson,et al.  Call establishment delay for secure VoIP , 2004 .

[188]  Dorgham Sisalem,et al.  Denial of service attacks targeting a SIP VoIP infrastructure: attack scenarios and prevention mechanisms , 2006, IEEE Network.

[189]  Dimitris Gritzalis,et al.  An Adaptive Policy-Based Approach to SPIT Management , 2008, ESORICS.

[190]  Eun-Chul Cha,et al.  Evaluation of Security Protocols for the Session Initiation Protocol , 2007 .

[191]  Ashraf D. Elbayoumy,et al.  A Comprehensive Secure VoIP Solution , 2007, Int. J. Netw. Secur..

[192]  Jürgen Quittek,et al.  Detecting SPIT Calls by Checking Human Communication Patterns , 2007, 2007 IEEE International Conference on Communications.

[193]  Vijay K. Gurbani,et al.  Cryptographically Transparent Session Initiation Protocol (SIP) Proxies , 2007, 2007 IEEE International Conference on Communications.

[194]  Patrick Battistello Inter-domain and DoS-resistant call establishment protocol (IDDR-CEP): work in progress , 2010, IPTComm.

[195]  Saverio Niccolini,et al.  Prevention of Spam over IP Telephony (SPIT) , 2006 .

[196]  Matthias Frank,et al.  Present and future challenges concerning DoS-attacks against PSAPs in VoIP networks , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[197]  Gaurav Shah,et al.  Keyboards and Covert Channels , 2006, USENIX Security Symposium.

[198]  E.Y. Chen,et al.  Detecting DoS attacks on SIP systems , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[199]  Danilo Bruschi,et al.  Voice over IPsec: analysis and solutions , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[200]  Angelos D. Keromytis A Look at VoIP Vulnerabilities , 2010, login Usenix Mag..

[201]  Vijay K. Gurbani,et al.  Session initiation protocol firewall for the IP multimedia subsystem core , 2011, Bell Labs Technical Journal.

[202]  Joachim Posegga,et al.  Voice Over IP : Unsafe at any Bandwidth ? , 2005 .

[203]  Christopher Leckie,et al.  CPU-based DoS attacks against SIP servers , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[204]  Philip Hunter Feature: VOIP the latest security concern: DoS attack the greatest threat , 2002 .

[205]  Johnson I. Agbinya,et al.  Security issues in SIP signaling in wireless networks and services , 2005, International Conference on Mobile Business (ICMB'05).

[206]  Heison Chak VoIP Security , 2006, USENIX Annual Technical Conference, General Track.

[207]  Feng Cao,et al.  Security analysis and solutions for deploying IP telephony in the critical infrastructure , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[208]  Charles V. Wright,et al.  Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? , 2007, USENIX Security Symposium.

[209]  Holly Xiao,et al.  Quality effects of wireless VoIP using security solutions , 2004, IEEE MILCOM 2004. Military Communications Conference, 2004..

[210]  Wilfried N. Gansterer,et al.  Security and Usability Aspects of Man-in-the-Middle Attacks on ZRTP , 2008, J. Univers. Comput. Sci..

[211]  Klara Nahrstedt,et al.  Protecting SIP Proxy Servers from Ringing-Based Denial-of-Service Attacks , 2008, 2008 Tenth IEEE International Symposium on Multimedia.

[212]  Radu State,et al.  VoIP Honeypot Architecture , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[213]  H. Anthony Chan,et al.  On the performance of a hybrid intrusion detection architecture for voice over IP systems , 2008, SecureComm.

[214]  Henning Schulzrinne,et al.  The Impact of TLS on SIP Server Performance: Measurement and Modeling , 2010, IEEE/ACM Transactions on Networking.

[215]  Ge Zhang,et al.  Hidden VoIP calling records from networking intermediaries , 2010, IPTComm.

[216]  Costas Lambrinoudakis,et al.  An ontology-based policy for deploying secure SIP-based VoIP services , 2008, Comput. Secur..

[217]  S. Ventura,et al.  SIP intrusion detection and prevention: recommendations and prototype implementation , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[218]  Francesco Palmieri,et al.  Providing true end-to-end security in converged voice over IP infrastructures , 2009, Comput. Secur..

[219]  Zhao Hong,et al.  SPIT Detection and Prevention Method Based on Signal Analysis , 2008, 2008 Third International Conference on Convergence and Hybrid Information Technology.

[220]  M. Brunner,et al.  ISE03-2: SPam over Internet Telephony (SPIT) Prevention Framework , 2006, IEEE Globecom 2006.

[221]  Peter Martini,et al.  Detecting VoIP based DoS attacks at the public safety answering point , 2008, ASIACCS '08.

[222]  Aiko Pras,et al.  Analysis of Techniques for Protection Against Spam over Internet Telephony , 2007, EUNICE.

[223]  Wojciech Mazurczyk,et al.  Covert Channel for Improving VoIP Security , 2007, Advances in Information Processing and Protection.

[224]  Muhammad Ali Akbar,et al.  RTP-miner: a real-time security framework for RTP fuzzing attacks , 2010, NOSSDAV.

[225]  Saurabh Bagchi,et al.  Intrusion detection in voice over IP environments , 2009, International Journal of Information Security.

[226]  Wanjiun Liao,et al.  A Distributed Key-Changing Mechanism for Secure Voice Over IP (VoIP) Service , 2007, 2007 IEEE International Conference on Multimedia and Expo.

[227]  Xuxian Jiang,et al.  Voice pharming attack and the trust of VoIP , 2008, SecureComm.

[228]  Jon Postel,et al.  Transmission Control Protocol , 1981, RFC.

[229]  Saverio Niccolini,et al.  SPam over Internet Telephony (SPIT) Prevention Framework. , 2006 .

[230]  Patrick C. K. Hung,et al.  Overview of security issues of VoIP , 2007 .

[231]  Vijay K. Gurbani,et al.  On the inefficacy of Euclidean classifiers for detecting self-similar Session Initiation Protocol (SIP) messages , 2011, 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops.

[232]  Jan Seedorf,et al.  Using Cryptographically Generated SIP-URIs to Protect the Integrity of Content in P2P-SIP , 2006 .

[233]  Feng Cao,et al.  Providing response identity and authentication in IP telephony , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[234]  Eric Rescorla,et al.  The Design and Implementation of Datagram TLS , 2004, NDSS.

[235]  Heejo Lee,et al.  Detecting More SIP Attacks on VoIP Services by Combining Rule Matching and State Transition Models , 2008, SEC.

[236]  Radu State,et al.  Monitoring SIP Tra c Using Support Vector Machines , 2008 .

[237]  Hui-Feng Huang A New Efficient Authentication Scheme for Session Initiation Protocol , 2006, JCIS.

[238]  Yacine Rebahi,et al.  Performance analysis of identity management in the Session Initiation Protocol (SIP) , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.