Security challenge and defense in VoIP infrastructures

IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews

Volumn 37, Issue 6, 2007, Pages 1152-1162

  Butcher, David ^a   Li, Xiangyang ^b   Guo, Jinhua ^b  

^a Tumbleweed Communications Corporation   (United States)

^b University of Michigan Dearborn   (United States)

Author keywords

Computer attacks; Computer crime; Internet telephony; IP networks; Network security; Security; Voice over Internet Protocol (VoIP)

Indexed keywords

COMPUTER CRIME; INTERNET TELEPHONY; NETWORK PROTOCOLS; NETWORK SECURITY;

COMPUTER ATTACKS; DATA NETWORKS; VOICE OVER INTERNET PROTOCOL;

INTERNET PROTOCOLS;

EID: 36248938188     PISSN: 10946977     EISSN: None     Source Type: Journal    
DOI: 10.1109/TSMCC.2007.905853     Document Type: Article

References (29)

1. P. Mehta and S. Udani, "Overview of voice over IP", Dept. Comput. Inf. Sci., Univ. Pennsylvania, Philadelphia, PA, Rep. MS-CIS-01-31, Feb. 2001.
2. R. G. Bace, Intrusion Detection. Scotts Valley, CA: Macmillan, 1999.
3. M. Bishop, Computer Security: Art and Science. Boston, MA: Addison-Wesley, 2003.
4. D. Denning, Information Warfare and Security. Boston, MA: Addison-Wesley, 2004.
5. D. Gollmann, Computer Security. New York: Wiley, 1999.
6. W. Stallings, Cryptography and Network Security. Upper Saddle River, NJ: Prentice-Hall, 2003.
7. S. McGann and D. Sicker, "An analysis of security threats and tools in SIP-based VoIP systems," presented at the 2nd Annu. Workshop VoIP Secur., Washington, DC, Jun. 2005.
8. D. Sicker and T. Lookabaugh, "VoIP security: Not an afterthought," ACM Queue, vol. 2, no. 6, pp. 56-64, Sep. 2004.
9. M. Collier. (2007, Feb. 20). VoIP vulnerabilities: Denial of service. [Online]. Available: http://www.voip-magazine.com/ index.php?option=com_content&task=view&id=328.
10. P. Hunter, "VoIP the latest security concern: DoS attack the greatest threat," Netw. Secur., no. 11, pp. 5-7, Nov. 2002.
11. E. Edelson, "Voice over IP: Security pitfalls," Netw. Secur., no. 2, pp. 4-7, Feb. 2005.
12. P. Rowe, "VoIP - extra threats in the converged environment," Netw. Secur., no. 7, pp. 12-16, Jul. 2005.
13. P. Thermos and G. Hadsall, "Vulnerabilities in SOHO VoIP gateways," in Proc. 1st IEEE/CREATE-NET Workshop Secur. QoS Commun. Netw. (SecQoS 2005), Athens, Greece, Sep. 2005, pp. 236-245.
14. J. Coffman, "Not your father's PBX?," ACM Queue, vol. 2, no. 6, pp. 40-47, Sep. 2004.
15. J. Thalhammer, "Security in VoIP-telephony systems," M.S. thesis, Graz Univ. Technol., Graz, Austria, 2004.
16. C. Garretson. (2005, Jul.). VoIP security threats: Fact or fiction? Netw. World. [Online]. Available: http://www.networkworld.com/news/2005/072505-voip-security.html.
17. SIP: Session initiation protocol, The Internet Society RFC-3261. [Online]. Available: http://rfc-ref.org/RFC-TEXTS/3261/index.html.
18. Cisco Systems. (2007, Feb. 20). How to secure Internet telephony media with SRTP and SDP [Online]. Available: http://www.cisco.com/en/us/about/ security/intelligence/05_07_voip.html.
19. J. Bartlomiejczyk and M. Phipps. (2007, Feb. 20). Preventing Layer 2 security threats [Online]. Available: http:// searchnetworking.techtarget.com/tip/1289483,sid7_gci1009100,00.html.
20. N. Dadoun, "Security framework for IP telephony," ANSI Accredited Eng. Committee TR41.4 Standards Commission, Rep. TR-41.4-02-02-12, Feb. 2002.
21. A. James. (2007, Feb. 20). Using IEEE 802.1x to enhance network security. [Online]. Available: http://www.foundrynet.com/pdf/ wp-ieee-802.1x-enhance-network.pdf.
22. S. Axelsson, Intrusion Detection Systems: A survey and Taxonomy, Dept. Comput. Eng., Chalmers Univ., Goteborg, Sweden, Rep. 99-15, 2000.
23. H. Debar, M. Dacier, and A. Wespi, "Towards a taxonomy of intrusion-detection systems," Comput. Netw., vol. 31, pp. 805-822, 1999.
24. J. Bilien, E. Eliasson, J. Orrblad, and J.O. Vatn, "Secure VoIP: Call establishment and media protection," presented at the 2nd Workshop Secur. Voice IP, Washington, DC, Jun. 2005.
25. J. Kaavi, "Group key distribution in ad-hoc networks using MIKEY," presented at the Helsinki Univ. Technol. Semin. Internetw., Apr. 2005.
26. Cisco Systems. (2007, Feb. 20). Security in SIP-based networks. [Online]. Available: http://www.cisco.com/warp/public/cc/techno/tyvdve/ sip/prodlit/sipsc_wp.pdf.
27. Cisco Systems. (2007, Feb. 20). SAFE: IP telephony security in depth. [Online]. Available: http://www.cisco.com/warp/public/cc/so/cuso/epso/ sqfr/safip_wp.pdf.
28. Nortel Networks "Secure telephony solution," Nortel Networks, San Ramon, CA, Rep. NN104820-071403, 2003.
29. Nortel Networks, "Secure telephony solution appendices," Nortel Networks, San Ramon, CA, Rep. NN105080-071103, 2003.