Misuse patterns in VoIP

Security and Communication Networks

Volumn 2, Issue 6, 2009, Pages 635-653

  Pelaez, Juan C ^a   Fernandez, Eduardo B ^b   Larrondo Petrie, Maria M ^b  

^a U S ARMY RESEARCH LABORATORY   (United States)

^b Florida Atlantic University   (United States)

Author keywords

Forensics; Network attacks; Patterns; Security; VoIP

Indexed keywords

DENIAL-OF-SERVICE ATTACK; DIGITAL FORENSICS; INTERNET TELEPHONY; VOICE/DATA COMMUNICATION SYSTEMS;

FORENSICS; NETWORK ATTACK; PATTERNS; SECURITY; VOIP;

NETWORK SECURITY;

EID: 74849101810     PISSN: 19390114     EISSN: 19390122     Source Type: Journal    
DOI: 10.1002/sec.105     Document Type: Article

References (43)

1. Fernandez EB, Pelaez JC, Larrondo-Petrie MM. Attack patterns: a new forensic and design tool, Proceedings of the Third Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, FL, January 29-31, 2007; Also available in Advances in Digital Forensics III, P. Craiger and S. Shenoi (eds.). Springer/IFIP, 2007, 345-357.
2. Buschmann F, Meunier R, Rohnert H, Sommerlad P, Stal M. Pattern-Oriented Software Architecture: A System of Patterns (Vol. 1). Wiley: New York, 1996.
3. Schumacher M, Fernandez EB, Hybertson D, Buschmann F, Sommerlad P. Security Patterns: Integrating Security and Systems Engineering. Wiley: West Sussex, England 2006.
4. CERT Coordination Center, Carnegie Mellon University. 2007. http://www.cert.org
5. Symantec Corporation, Antivirus Research Center, 2008. http://www.symantec.com
6. Wieser C, Roning J, Takanen A. Security analysis and experiments for voice over IP RTP media streams Proceedings of the 8th International Symposium on System and Information Security (SSI'2006).
7. Collier M. 2004. The value of VoIP security. http://www. call-centermagazine.com/shared/printableArticle.jhtml?articleID= 22103933 [Accessed 10 June, 2007].
8. The Communications Research Network (CRN). VoIP loop-holeaidsservicedeniers?February2006.http://www.ssi.org.br/ english/
9. Anwar Z, Yurcik W, Johnson R, Hafiz M, Campbell R. Multiple design patterns for voice over IP (VoIP) security. Proceedings of the IEEE Workshop on Information Assurance (WIA 2006), Phoenix, AZ, April 2006.
10. Ellis J. Voice, Video and Data Network. Academic Press: Amsterdam, 2003.
11. Vuong S, Bai Y. A survey of VoIP intrusions and intru-sion detection systems. Proceedings of the 6th International Conference on Advanced Communication Technology, August 2004.
12. Fernandez EB, Kumar A. A security pattern for rule-based intrusion detection, Proceedings of the Nordic Conference on PatternLanguagesofPrograms,(VikingPLoP2005),Otaniemi, Finland, 23-25 September 2005.
13. Fernandez EB, Pelaez JC, Larrondo-Petrie MM. Security pat-terns for voice over IP networks. Journal of Software 2007; 2(2): 19-29. Also available at http://www.academypublisher. com/jsw
14. Shanmugasundaram K. ForNet: A Distributed Forensics Network. Department of Computer and Information Science, Polytechnic University: Brooklyn, NY, 2003.
15. Pelaez JC. Security in VoIP networks. Master's thesis, Florida Atlantic University, August 2004.
16. Mihai A. 2006. Voice over IP security: a layered approach. www.xmcopartners.com/whitepapers/voip-security-layered-approach.pdf [Accessed 25 May, 2007].
17. Schulzrinne H, Casner S, Frederick R, Jacobson V. 1996. Request for comments: 1889, RTP: a transport protocol for real-time applications. http://www.ietf.org/rfc/rfc1889.txt [Accessed 28 April, 2008].
18. Niccolini S. VoIP security threats. Internet draft, NEC SPEER-MINT Working Group. March 1, 2007.
19. Pogar N. 2003. Data security in a converged network. http:// www.computerworld.com/printthis/2003/0,4814,83624,00.html [Accessed 18 June, 2007].
20. Scoggins S. 2004. Security challenges for CALEA in voice over packet networks. www.interesting-people.org/archives/interesting-people/200412/msg00044.html [Accessed 7 June, 2007].
21. Klein A. Security analysis: traditional telephony and IP telephony Assignment: v.1.4b, SANS Institute, April 2003.
22. National Institute of Standards and Technology. Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response, August 2005.
23. Moore T, Meehan A, Manes G, Shenoi S. Using signaling information in telecom network forensics. Advances in Digital Forensics: IFIP International Conference on Digital Forensics, National Center for Forensic Science, Orlando, Florida, February 13-16, 2005.
24. Wikipedia, the free encyclopedia. http://en.wikipedia.org/ wiki/Hepting vs. AT&T [Accessed 17 June, 2007].
25. Drew P. 2003. Next-generation VoIP network architecture. http://www.msforum.org/YaBB.pl?num=1077906803/0 [Accessed 24 May, 2007].
26. The International Engineering Consortium. Fraud analysis in IP and Next Generation Networks. http://www.iec.org/tutorials/ fraud analysis/ [Accessed 16 May, 2007].
27. Searcey D, Young S. Arrests reveal vulnerability of Web phone service to fraud." The Wall Street Journal, June 8, 2006.
28. Sutherland B. Stealing minutes. Newsweek International, March 19, 2007.
29. Collier M. 2005. Basic vulnerability issues for SIP. http://voipsecurityblog.typepad.com/marks voip security blog/ 2007/03/index.html [Accessed 1 June, 2007].
30. Defense Information Systems Agency. IP Telephony & Voice over Internet protocol--Security Technical Implementation Guide, Version 2, Release 0. 30 December 2004.
31. Thermos P. 2004. Two attacks against VoIP. http://www.securityfocus.com/infocus/1862 [Accessed24May, 2007].
32. Gurbani V, Jeffrey A. The use of transport layer security (TLS) in the session initiation protocol (SIP). SIP WG Internet draft, February 26, 2006.
33. Fernandez EB, Pelaez JC, Larrondo-Petrie MM. Security patterns for voice over IP networks. Journal of Software 2007; 2(2): 19-29. Also available at: http://www.academypublisher.com/jsw
34. Schumacher M, Fernandez EB, Hybertson D, Buschmann F, Sommerlad P. Security Patterns: Integrating Security and Systems Engineering. Wiley: Sussex, England, 2006.
35. Fernandez EB, Kumar A. A security pattern for rule-based intrusion detection. Proceedings of the Nordic Conference on PatternLanguagesofPrograms,(VikingPLoP2005),Otaniemi, Finland, 23-25 September 2005.
36. Hensell L.2003. The new security risk of VoIP. http://www.ecommercetimes.com/story/31731.html [Accessed 17 May, 2007].
37. Leveson NG, Heimdahl MPE, Hildreth H, Reese JD. Requirements specification for process control systems. IEEE Transactions on Software Engineering, Vol. 20, No. 9, September 1994, IEEE Computer Society Press, Los Alamitos, California, USA (1994) 684-707.
38. Wang L, Singhal A, Jajodia S. An attack graph based prob-abilistic security metrics? Proceedings of 22nd IFIP WG 11.3 Working Conference on Data and Application Security (DBSEC 2008), London, UK, July 2008.
39. Geneiatakis D, Lambrinoudakis C. An ontoilogy description for SIP security flaws. Computer Communications 2007; 30(6): 1367-1374.
40. Defense Personnel Security Research Center (PERSEREC). Employees Guide to Security Responsibilities, Version 1.0.
41. Fernandez EB, Larrondo-Petrie MM, Sorgente T, Van-Hilst M. A methodology to devlop secure systems using patterns. In Integrating Security and Software Engineering: Advances and Future Vision(Chapter5),MouratidisH,GiorginiP(eds).IDEA Press, 2006; 107-126.
42. Fernandez EB, Yoshioka N, Washizaki H. Modeling misuse patterns, sent for publication.
43. Fernandez EB, Larrondo-Petrie MM, Sorgente T, Van-Hilst M. A methodology to develop secure systems using patterns. In Integrating Security And Software Engineering: Advances and future Vision, Mouratidis H, Giorgini P (eds). IDEA Press: 2006; 107-126.