75,173 research outputs found
Recommended from our members
A Comprehensive Survey of Voice over IP Security Research
We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems
Evaluation of users’ perspective on VOIP’s security vulnerabilities
Voice over Internet protocol (VoIP) represents a major newish trend in telecommunications and an alternative to traditional phone systems. VoIP uses IP networks and therefore inherits their vulnerabilities. Adding voice traffic to IP networks complicates security issues and introduces a range of vulnerabilities. A VoIP system may face either an exclusive attack or an attack to the underlying IP network. The significance of security and privacy in VoIP communications are well known, and many studies mostly from the technical perspective have been published. However to date, no known research has been conducted to evaluate users’ perspectives on these issues. In light of this scarcity, we carried out a survey to evaluate users’ awareness of VoIP security vulnerabilities, and their attitudes towards privacy in VoIP communications. An overall finding highlights the fact that the majority of participants are neither concerned about VoIP privacy (eavesdropping) or VoIP security
The Future of the Internet III
Presents survey results on technology experts' predictions on the Internet's social, political, and economic impact as of 2020, including its effects on integrity and tolerance, intellectual property law, and the division between personal and work lives
Hidden and Uncontrolled - On the Emergence of Network Steganographic Threats
Network steganography is the art of hiding secret information within innocent
network transmissions. Recent findings indicate that novel malware is
increasingly using network steganography. Similarly, other malicious activities
can profit from network steganography, such as data leakage or the exchange of
pedophile data. This paper provides an introduction to network steganography
and highlights its potential application for harmful purposes. We discuss the
issues related to countering network steganography in practice and provide an
outlook on further research directions and problems.Comment: 11 page
Using Transcoding for Hidden Communication in IP Telephony
The paper presents a new steganographic method for IP telephony called
TranSteg (Transcoding Steganography). Typically, in steganographic
communication it is advised for covert data to be compressed in order to limit
its size. In TranSteg it is the overt data that is compressed to make space for
the steganogram. The main innovation of TranSteg is to, for a chosen voice
stream, find a codec that will result in a similar voice quality but smaller
voice payload size than the originally selected. Then, the voice stream is
transcoded. At this step the original voice payload size is intentionally
unaltered and the change of the codec is not indicated. Instead, after placing
the transcoded voice payload, the remaining free space is filled with hidden
data. TranSteg proof of concept implementation was designed and developed. The
obtained experimental results are enclosed in this paper. They prove that the
proposed method is feasible and offers a high steganographic bandwidth.
TranSteg detection is difficult to perform when performing inspection in a
single network localisation.Comment: 17 pages, 16 figures, 4 table
Intrusion detection mechanisms for VoIP applications
VoIP applications are emerging today as an important component in business
and communication industry. In this paper, we address the intrusion detection
and prevention in VoIP networks and describe how a conceptual solution based on
the Bayes inference approach can be used to reinforce the existent security
mechanisms. Our approach is based on network monitoring and analyzing of the
VoIP-specific traffic. We give a detailed example on attack detection using the
SIP signaling protocol
- …