Security Patterns for Voice over IP Networks

Voice over IP (VoIP) has had a strong effect on global communications by allowing human voice and fax information to travel over existing packet data networks along with traditional data packets. The convergence of voice and data in the same network brings both benefits and constraints to users. Among the several issues that need to be addressed when deploying this technology, security is one of the most critical. We give an overview of VoIP and provide UML models of some aspects of its infrastructure, including architectures and basic use cases. We present some security patterns that describe mechanisms that can control many of the possible attacks and which could be used to design secure systems.

[1]  William Yurcik,et al.  Multiple design patterns for voice over IP (VoIP) security , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[2]  A. Karimi,et al.  Master‟s thesis , 2011 .

[3]  Ricardo Dahab,et al.  Tropyc: A Pattern Language for Cryptographic Software , 1998 .

[4]  Shihong Huang,et al.  Defining Security Requirements Through Misuse Actions , 2006, IFIP Workshop on Advanced Software Engineering.

[5]  Eduardo B. Fernandez,et al.  The Authenticator Pattern , 1999 .

[6]  Eduardo B. Fernandez,et al.  Misuse patterns in VoIP , 2007, PLOP '07.

[7]  Eduardo B. Fernández,et al.  Patterns for VoIP Signaling Protocol Architectures , 2007, EuroPLoP.

[8]  Eduardo B. Fernández,et al.  Attack Patterns: A New Forensic and Design Tool , 2007, IFIP Int. Conf. Digital Forensics.

[9]  William Stallings,et al.  Network Security Essentials: Applications and Standards , 1999 .

[10]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[11]  D. Richard Kuhn,et al.  Challenges in securing voice over IP , 2005, IEEE Security & Privacy Magazine.