A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems

The impact of implementation of VOIP in call centres : A Western Australia perspective

By fostering the finalization of open standards and the convergence of voice, video and data, the internet protocol provides an ideal driver for the definition of the infrastructure of new multimedia and advanced communications applications (Adams & Bhalla, 2005). The key advantages of Voice over Internet Protocol (VoiP) for enterprises have been the promise of lower costs, infrastructure consolidation and increased flexibility. Carriers are also positioning VoiP as a cost-saving business solution. It is an application which seemed like a godsend to business and people alike who rely on telephony services (Blood, 2005). The aim of this study was to investigate what factors may influence the adoption of VoiP as a technology as a West Australia context. Specifically the research undertook a case study using an establish call centre in a government agency, City of Melville. The company is a provider of wide range of services including recreation centres, aquatic centres, libraries, creches, pre-school centres, community centres, food inspection services, citizenships, recycling, planning and building services, maintenance, streetscapes, landscaping disability services, immunisation clinics, cultural and educational centres, environmental preservation and management. This study analysed the steps through to adoption of VoiP and IP telephony from the original technology for the Melville City Council call centre. Also, the procedures towards acquisition and installation of the supporting framework that eases the implementation and day to day running are depicted. The main impacts on the company as a result of the implementation in terms of cost reduction and implications, staff satisfaction and benefits, ease of business operations has been reported in this study. Statistics of the business functions and operations based on VoiP solutions were critically analyzed. Results from the research suggested further research needs to be undertaken on factor affecting the adoption of VoiP in a Western Australia context

The influence of standardisation and regulation on the development of intelligent networks

In today’s global economy a flexible and responsive telecommunications infrastructure is essential to the maintenance and development of a country’s economy. Within a free market, such an infrastructure depends upon the use of common standards; either imposed as a consequence of regulation or evolved through the operation of the market. This thesis investigates the influence of regulation and standardisation on Intelligent Network telecommunications technology by addressing the hypothesis: Tight architecture-based regulation is inappropriate for a rapidly changing telecommunications environment, since that environment is continually challenging and redefining the boundaries of technological change. The multi-method approach adopted is based upon triangulation to identify multiple viewpoints. A Stakeholder Analysis was employed to help categorise those with an interest in Intelligent Networks and provide a basis for data collection. The primary data was gathered using a combination of surveys and interviews. The thesis illustrates a wide range of original research. A unique analysis framework was constructed to identify a number of factors, including technical and commercial influences and their impact on the choice of IN architecture and the implementation of regulations. This framework offers a new perspective with which to view IN architectures; leading to the development and implementation of alternative IN architecture models. A number of these architectures have been constructed, together with some novel services, to demonstrate what could be achieved by employing flexible, less detailed standards, or making use of proprietary protocols. The research concludes that tight regulation is not appropriate for Intelligent Network technology. Instead, encouragement for implementation and interconnection is better shaped through the development and adoption of de-jure standards

From Understanding Telephone Scams to Implementing Authenticated Caller ID Transmission

abstract: The telephone network is used by almost every person in the modern world. With the rise of Internet access to the PSTN, the telephone network today is rife with telephone spam and scams. Spam calls are significant annoyances for telephone users, unlike email spam, spam calls demand immediate attention. They are not only significant annoyances but also result in significant financial losses in the economy. According to complaint data from the FTC, complaints on illegal calls have made record numbers in recent years. Americans lose billions to fraud due to malicious telephone communication, despite various efforts to subdue telephone spam, scam, and robocalls. In this dissertation, a study of what causes the users to fall victim to telephone scams is presented, and it demonstrates that impersonation is at the heart of the problem. Most solutions today primarily rely on gathering offending caller IDs, however, they do not work effectively when the caller ID has been spoofed. Due to a lack of authentication in the PSTN caller ID transmission scheme, fraudsters can manipulate the caller ID to impersonate a trusted entity and further a variety of scams. To provide a solution to this fundamental problem, a novel architecture and method to authenticate the transmission of the caller ID is proposed. The solution enables the possibility of a security indicator which can provide an early warning to help users stay vigilant against telephone impersonation scams, as well as provide a foundation for existing and future defenses to stop unwanted telephone communication based on the caller ID information.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Creation of value with open source software in the telecommunications field

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200

Quality of media traffic over Lossy internet protocol networks: Measurement and improvement.

Voice over Internet Protocol (VoIP) is an active area of research in the world of communication. The high revenue made by the telecommunication companies is a motivation to develop solutions that transmit voice over other media rather than the traditional, circuit switching network. However, while IP networks can carry data traffic very well due to their besteffort nature, they are not designed to carry real-time applications such as voice. As such several degradations can happen to the speech signal before it reaches its destination. Therefore, it is important for legal, commercial, and technical reasons to measure the quality of VoIP applications accurately and non-intrusively. Several methods were proposed to measure the speech quality: some of these methods are subjective, others are intrusive-based while others are non-intrusive. One of the non-intrusive methods for measuring the speech quality is the E-model standardised by the International Telecommunication Union-Telecommunication Standardisation Sector (ITU-T). Although the E-model is a non-intrusive method for measuring the speech quality, but it depends on the time-consuming, expensive and hard to conduct subjective tests to calibrate its parameters, consequently it is applicable to a limited number of conditions and speech coders. Also, it is less accurate than the intrusive methods such as Perceptual Evaluation of Speech Quality (PESQ) because it does not consider the contents of the received signal. In this thesis an approach to extend the E-model based on PESQ is proposed. Using this method the E-model can be extended to new network conditions and applied to new speech coders without the need for the subjective tests. The modified E-model calibrated using PESQ is compared with the E-model calibrated using i ii subjective tests to prove its effectiveness. During the above extension the relation between quality estimation using the E-model and PESQ is investigated and a correction formula is proposed to correct the deviation in speech quality estimation. Another extension to the E-model to improve its accuracy in comparison with the PESQ looks into the content of the degraded signal and classifies packet loss into either Voiced or Unvoiced based on the received surrounding packets. The accuracy of the proposed method is evaluated by comparing the estimation of the new method that takes packet class into consideration with the measurement provided by PESQ as a more accurate, intrusive method for measuring the speech quality. The above two extensions for quality estimation of the E-model are combined to offer a method for estimating the quality of VoIP applications accurately, nonintrusively without the need for the time-consuming, expensive, and hard to conduct subjective tests. Finally, the applicability of the E-model or the modified E-model in measuring the quality of services in Service Oriented Computing (SOC) is illustrated