A Trust-based Strategy for Addressing Residual Attacks in the RELOAD Architecture

Telephony over IP has undergone a large-scale deployment thanks to the development of high-speed broadband access and the standardization of signaling protocols. A particular attention is currently given to P2PSIP networks which are exposed to many security threats. The RELOAD protocol defines a peer-to-peer signaling overlay designed to support these networks. It introduces a security framework based on certification mechanisms, but P2PSIP networks are still exposed to residual attacks, such as refusals of service. We propose in this work to address these residual attacks by integrating into the RELOAD architecture a dedicated trust model coupled with prevention countermeasures. We mathematically defines this trust-based strategy, and describe the considered prevention mechanisms implemented by safeguards and watchmen. We quantify the benefits and limits of our solution through an extensive set of experiments

A Broad-Spectrum Strategy for Runtime Risk Management in VoIP Enterprise Architectures

International audienceTelephony over IP has known a large scale deployment and is supported by the standardization of dedicated signalling protocols. This service is less confined than traditional telephony and is exposed to multiple security attacks. In the meantime, protection mechanisms may seriously impact on its performance. Risk management provides new opportunities for dynamically controlling the service exposure while maintaining low security costs. We propose in this paper a broad-spectrum strategy for runtime risk management in VoIP networks and services. We first analyse and model VoIP attacks based on their observability properties.We then generalize a runtime risk model capable of automatically assessing and treating risks based on dynamic safeguards. In particular, we quantify the potentiality of VoIP attacks and the induced risks with respect to their observability. We evaluate the benefits as well as the limits of our solution through an implementation prototype and an extensive set of simulations