The purpose of this thesis has been to analyze the security in VoIP systems as more companies migrate to converged networks consisting of both voice and data.
The security risks and Quality-of-Service issues related to VoIP systems that arise when implementing VoIP have been analyzed in depth. This includes detailed descriptions of attack methods and possible mitigation actions to reduce the risks of the attacks. The mitigation actions provide the motivation and goal of the project - to provide security best practices and general recommendations for securing a VoIP system. Additionally, existing VoIP solutions, offered by vendors today, are examined from a security and functional point of view. The thesis also gives an introduction of a new concept by Voiceline for VoIP systems intended for use in closed networks. To give the thesis a more practical perspective, Elsam A/S, a company considering migrating to a VoIP system, have listed their requirements for such a system. The thesis ends by evaluating whether these requirements can be met by implementing a VoIP system.
[1]
Peter Gutmann,et al.
Plug-and-Play PKI: A PKI Your Mother Can Use
,
2003,
USENIX Security Symposium.
[2]
Mats Näslund,et al.
The Secure Real-time Transport Protocol (SRTP)
,
2004,
RFC.
[3]
Christian Huitema,et al.
STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)
,
2003,
RFC.
[4]
Eric Rescorla,et al.
The Transport Layer Security (TLS) Protocol Version 1.1
,
2006,
RFC.
[5]
Samy Bengio,et al.
Special Uses and Abuses of the Fiat-Shamir Passport Protocol
,
1987,
CRYPTO.
[6]
Henning Schulzrinne,et al.
An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol
,
2004,
Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.
[7]
J. Doug Tygar,et al.
Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0
,
1999,
USENIX Security Symposium.