Assessing the risk of intercepting VoIP calls

Computer Networks

Volumn 52, Issue 12, 2008, Pages 2432-2446

  Benini, M ^a   Sicari, S ^a  

^a UNIVERSITY OF INSUBRIA   (Italy)

Author keywords

Risk assessment; VoIP security

Indexed keywords

COMPUTER NETWORKS; FORMAL METHODS; INFORMATION TECHNOLOGY; INTERNET PROTOCOLS; INTERNET TELEPHONY; RISK ASSESSMENT; RISK MANAGEMENT; RISKS; SAFETY ENGINEERING; STANDARDS; TECHNOLOGY; TELECOMMUNICATION SYSTEMS; TELEPHONE SETS; VOICE/DATA COMMUNICATION SYSTEMS;

AD-HOC METHODS; ASSESSMENT METHODS; ECONOMICAL BENEFITS; ELSEVIER (CO); ENGINEERING FOUNDATION; GENERAL (CO); PHONE CONVERSATIONS; STRENGTH (IGC: D5/D6); VOIP SERVICES;

TELEPHONE SYSTEMS;

EID: 46449103169     PISSN: 13891286     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.comnet.2008.05.001     Document Type: Article

References (51)

1. S. Garfinkel, VoIP and Skype security, March 2005. URL .
2. A. Godber, P. Dasgupta, Secure wireless gateway, in: Proceedings of the Third ACM Workshop on Wireless Security, ACM Press, New York, NY, USA, 2002, pp. 41-46.
3. E. Barrantes, D. Ackley, T. Palmer, D. Stefanovic, D.D. Zovi, Randomized instruction set emulation to disrupt binary code injection attacks, in: Proceedings of the 10th ACM Conference on Computer and Communications Security, ACM Press, New York, NY, USA, 2003, pp. 281-289.
4. Myerson J. Identifying enterprise network vulnerabilities. International Journal of Network Management 12 3 (2002) 135-144
5. Walsh T., and Kuhn D. Challenges in securing voice over IP. IEEE Security and Privacy 3 3 (2005) 44-49
6. Naccache D. Finding faults. IEEE Security and Privacy 3 5 (2005) 61-65
7. Landau S. Security, wiretapping, and the internet. IEEE Security and Privacy 3 6 (2005) 26-33
8. K. Fiveash, VoIP - open season for hackers, November 2006. URL .
9. Inchiesta Telecom, altri due arresti, Corriere della Sera, January 2007. URL .
10. E. Galli Della Loggia, L'Idra italiana, Corriere della Sera, September 2006. URL .
11. M. Benini, S. Sicari, Risk assessment: intercepting VoIP calls, in: Proceedings of the VIPSI-2007 Venice Conference, International Conferences on Advances in the Internet, Processing, Systems, and Interdisciplinary Research, Venice, Italy, 2007, pp. 1-10.
12. D. Balzarotti, M. Monga, S. Sicari, Assessing the risk of using vulnerable components, in: D. Gollmann, F. Massacci, A. Yautsiukhin (Eds.), Quality of Protection - Security Measurements and Metrics, vol. 23 of Advances in Information Security, Springer, New York, NY, USA, 2006, pp. 65-78.
13. Bakry S. Development of security policies for private networks. International Journal of Network Management 13 3 (2003) 203-210
14. Huang D., Cao Q., Sinha A., Schniederjans M., Beard C., Harn L., and Medhi D. New architecture for intra-domain network security issues. Communications of the ACM 49 11 (2006) 64-72
15. M. Benini, S. Sicari, A mathematical framework for risk assessment, in: Proceedings of the First NTMS International Conference, 2007.
16. Howard M., and Leblanc D. Writing Secure Code (2003), Microsoft Press
17. Schneier B. Attack trees. Dr. Dobb's Journal 24 12 (1999) 21-29
18. J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, E. Schooler, RFC 3261: SIP: Session initiation protocol, Junuary 2002. URL .
19. J. Postel, RFC 791: Internet protocol, September 1981. URL .
20. Hardy W. VoIP Service Quality: Measuring and Evaluating Packet-Switched Voice (2003), McGraw-Hill
21. P. Mehta, S. Udani, Overview of voice over IP, Technical report MS-CIS-01-31, Department of Computer and Information Science, University of Pennsylvania, February 2001.
22. Goode B. Voice over internet protocol (VoIP). Proceedings of the IEEE 90 9 (2002) 1495-1517
23. La Corte A., and Sicari S. Assessed quality of service and voice and data integration: a case study. Computer Communications 29 11 (2006) 1992-2003
24. Varshney U., Snow A., McGivern M., and Horward C. Voice over IP. Communications of the ACM 45 1 (2002) 89-96
25. Decina M., and Vlack D. Voice by the packet?. IEEE Journal on Selected Areas in Communications SAC-1 6 (1983) 26-33
26. D. Kuhn, T. Walsh, S. Fries, Security considerations of voice over IP Systems, National Institute of Standards and Technology (NIST), Gaithersburs, MD, USA, Computer Security Division, Special Publication 800-58, January 2005.
27. The voice over IP security alliance. URL .
28. M. Tanase, Voice over IP security, Security Focus (Mar. 2004). URL .
29. R. Barbieri, D. Bruschi, E. Rosti, Voice over IPSec: Analysis and solutions, in: Proceedings of the 18th Annual Computer Security Applications Conference, IEEE Computer Society, Washington, DC, USA, 2002, pp. 261-270.
30. J. Halpern, IP Telephony Security in Depth, Cisco Systems Inc., White paper, 2002.
31. M. Marjalaakso, Security requirements and constraints of VoIP, Tech. Rep., Department of Electrical Engineering and Telecommunications, Helsinki University of Technology, 2000. URL .
32. J. Larson, T. Dawson, M. Evans, J. Straley, Defending VoIP networks from distributed DoS (DDoS) attacks, in: Proceedings of the Voice over IP Workshop, IEEE Global Telecommunications Conference, 2004.
33. W. Rippon, Threat assessment of IP based voice systems., in: Proceedings of the 1st IEEE Workshop on VoIP Management and Security, Vancouver, Canada, 2006, pp. 19-28.
34. P. Hochmuth, T. Greene, Firewall limits vex VoIP users, Network World, July 2002. URL .
35. X. Wang, S. Chen, S. Jajodia, Tracking anonymous peer-to-peer VoIP calls on the Internet, in: Proceedings of the 12th ACM Conference on Computer and Communications Security, ACM Press, New York, NY, USA, 2005, pp. 81-91.
36. Peng T., Leckie C., and Ramamohanarao K. Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys 39 1 (2007) 1-42
37. Baskerville R. Information system security design methods: implications for information systems development. ACM Computing Survey 25 4 (1993) 375-412
38. C. Salter, O. Saydjari, B. Schneier, J. Wallner, Toward a secure system engineering methodology, in: Proceedings of the 1998 Workshop on New Security Paradigms, ACM Press, New York, NY, USA, 1998, pp. 2-10.
39. H. Abdelnur, V. Cridlig, R. State, O. Festor, VoIP security assessment: Method and tools, in: Proceedings of the 1st IEEE Workshop on VoIP Management and Security, Vancouver, Canada, 2006, pp. 29-34.
40. H.Schulzrinne, S. Casner, R. Frederick, V. Jacobson, RFC 3550: RTP: A transport protocol for real-time applications, July 2003. URL .
41. I. Moskowitz, M. Kang, An insecurity flow model, in: Proceedings of the 1997 Workshop on New Security Paradigms, ACM Press, New York, NY, USA, 1997, pp. 61-74.
42. C. Alberts, A. Dorofee, J. Stevens, C. Woody, Introduction to the Octave approach, October 2003. URL .
43. B. Jenkins, Risk analysis helps establish a good security posture; risk management keeps it that way. White Paper, 1998. URL .
44. T. Siu, Risk-eye for the IT security guy, February 2004. URL .
45. G. Sharp, P. Enslow, S. Navathe, F. Farahmand, Managing vulnerabilities of information system to security incidents, in: Proceedings of the 5th International Conference on Electronic Commerce, ACM Press, New York, NY, USA, 2003, pp. 348-354.
46. Fenton N., and Neil M. Making decisions: Bayesian nets and MCDA. Knowledge-Based Systems 14 7 (2001) 307-325
47. den Braber F., Dimitrakos T., Gran B., Lund M., Stølen K., and Aagedal J. The CORAS methodology: model-based risk management using UML and UP. In: Favre L. (Ed). UML and the Unified Process (2003), IRM Press 332-357
48. Y. Stamatiou, E. Skipenes, E. Henriksen, N. Stathiakis, A. Sikianakis, E. Charalambous, N. Antonakis, K. Stølen, F. den Braber, M. Soldal Lund, K. Papadaki, G. Valvis, The CORAS approach for model-based risk management applied to a telemedicine service, in: Proceedings of Medical Informatics Europe, IOS Press, 2003, pp. 206-211.
49. N. Stathiakis, C. Chronaki, E. Skipenes, E. Henriksen, E. Charalambous, A. Sykianakis, G. Vrouchos, N. Antonakis, M. Tsiknakis, S. Orphanoudakis, Risk assessment of a cardiology eHealth service in HYGEIAnet, in: Proceedings of Computers in Cardiology, IEEE, 2003, pp. 201-204.
50. G. Biswas, K. Debelak, K. Kawamura, Application of qualitative modelling to knowledge-based risk assessment studies, in: Second International Conference on Industrial Engineering Applications of Artificial Intelligence Expert Systems, ACM Press, New York, NY, USA, 1989, pp. 92-101.
51. Sahinoglu M. Security meter: a practical decision-tree model to quantify risk. IEEE Security and Privacy 3 3 (2005) 18-24