Security Issues in VoIP Telecommunication Networks

As VoIP telecommunication networks are becoming popular, more and more VoIP calls are being made to accomplish security critical activities, e.g., E911 services, phone banking. However, the security ramifications of using VoIP have not been fully recognized, and there exists a substantial gap in the understanding of the potential impact of VoIP exploits on the VoIP users. In this chapter, we describe the components and functionalities of non-P2P and P2P VoIP networks and discuss the potential attacks to them such as MITM, spoofing, wiretapping, pharming, etc. We also illustrate a mechanism of using small world network to improve call performance of a P2P VoIP system and evaluate it over the currently deployed OpenVoIP system.

[1]  Jonathan D. Rosenberg,et al.  Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols , 2010, RFC.

[2]  Feng Cao,et al.  Providing Secure Services in Peer-to-Peer Communications Networks with Central Security Servers , 2006, Advanced Int'l Conference on Telecommunications and Int'l Conference on Internet and Web Applications and Services (AICT-ICIW'06).

[3]  Cullen Jennings,et al.  SOSIMPLE: A Serverless, Standards-based, P2P SIP Communication System , 2005, First International Workshop on Advanced Architectures and Algorithms for Internet Delivery and Applications (AAA-IDEA'05).

[4]  Henning Schulzrinne,et al.  Peer-to-peer internet telephony using SIP , 2005, NOSSDAV '05.

[5]  Christian Huitema,et al.  STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) , 2003, RFC.

[6]  Anne-Marie Kermarrec,et al.  Peer-to-Peer Membership Management for Gossip-Based Protocols , 2003, IEEE Trans. Computers.

[7]  Ram Dantu,et al.  Achieving Peer-to-Peer Telecommunication Services through Social Hashing , 2009, 2009 6th IEEE Consumer Communications and Networking Conference.

[8]  Nilanjan Banerjee,et al.  Anti-vamming trust enforcement in peer-to-peer VoIP networks , 2006, IWCMC '06.

[9]  Henning Schulzrinne,et al.  Requirements for Emergency Context Resolution with Internet Technologies , 2008, RFC.

[10]  Henning Schulzrinne,et al.  REsource LOcation And Discovery (RELOAD) Base Protocol , 2014, RFC.

[11]  Ram Dantu,et al.  A society-integrated testbed architecture for peer-to-peer telecommunications , 2009, 2009 5th International Conference on Testbeds and Research Infrastructures for the Development of Networks & Communities and Workshops.

[12]  Henning Schulzrinne,et al.  Using an External DHT as a SIP Location Service , 2006 .

[13]  Jan Seedorf Security challenges for peer-to-peer SIP , 2006, IEEE Network.

[14]  Ram Dantu,et al.  Small World VoIP , 2010, MobiCASE.

[15]  Eytan Adar,et al.  Free Riding on Gnutella , 2000, First Monday.

[16]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[17]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[18]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[19]  Xuxian Jiang,et al.  On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers , 2009, ASIACCS '09.

[20]  Marcin Matuszewski,et al.  P2PSIP Security Overview and Risk Analysis , 2009 .

[21]  Henning Schulzrinne,et al.  Framework for Emergency Calling Using Internet Multimedia , 2011, RFC.

[23]  Ram Dantu,et al.  Efficiency of social connection-based routing in P2P VoIP networks , 2010, 2010 Second International Conference on COMmunication Systems and NETworks (COMSNETS 2010).

[24]  Xuxian Jiang,et al.  Voice pharming attack and the trust of VoIP , 2008, SecureComm.

[25]  Jan Seedorf,et al.  Lawful Interception in P2P-Based VoIP Systems , 2008, IPTComm.

[26]  Mukesh Singhal,et al.  Trust Management in Distributed Systems , 2007, Computer.

[27]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[28]  Xuxian Jiang,et al.  Billing Attacks on SIP-Based VoIP Systems , 2007, WOOT.

[29]  Bruce Lowekamp,et al.  The design of a versatile, secure P2PSIP communications architecture for the public internet , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing.

[30]  Stavros Kotsopoulos,et al.  Security Mechanisms and Key Refresh for P2PSIP Overlays , 2010 .

[31]  Henning Schulzrinne,et al.  REsource LOcation And Discovery (RELOAD) , 2008 .

[32]  Henning Schulzrinne,et al.  LoST: A Protocol for Mapping Geographic Locations to Public Safety Answering Points , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.