A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems

Network Neutrality: A Research Guide

The conclusion in a research handbook should emphasise the complexity of the problem than trying to claim a one-size-fits-all solution. I have categorised net neutrality into positive and negative (content discrimination) net neutrality indicating the latter as potentially harmful. Blocking content without informing customers appropriately is wrong: if it says ‘Internet service’, it should offer an open Internet (alongside walled gardens if that is expressly advertised as such). The issue of uncontrolled Internet flows versus engineered solutions is central to the question of a ‘free’ versus regulated Internet. A consumer- and citizen-orientated intervention depends on passing regulations to prevent unregulated nontransparent controls exerted over traffic via DPI equipment, whether imposed by ISPs for financial advantage or by governments eager to use this new technology to filter, censor and enforce copyright against their citizens. Unraveling the previous ISP limited liability regime risks removing the efficiency of that approach in permitting the free flow of information for economic and social advantage. These conclusions support a light-touch regulatory regime involving reporting requirements and co-regulation with, as far as is possible, market-based solutions. Solutions may be international as well as local, and international coordination of best practice and knowledge will enable national regulators to keep up with the technology ‘arms race’

Evaluating the Performance of VoIP Over Different Wireless Environment

WiFi and WiMAX are the most technologies for broadband wireless access are used nowadays. The excessive demand for providing mobile users with broadband wireless access has attracted tremendous investment from the telecommunications industry in the development and deployment of WiMAX and WiFi networks. Voice over IP (VoIP) over these technologies will be one of the killer applications for rapid deployment of WiMAX and WiFi networks. The legal desire for bundling voice and data will increase the portion of voice traffic in these networks. Therefore, VoIP, as the current technology for making voice calls through packet switch networks, will be a key application in WiMAX and WiFi networks. The increase of Voice over IP (VoIP) applications such as Skype, Google Talk, and MSN Messenger along with emerging deployment of WiMAX networks is making VoIP over WiMAX an attractive market and a driving force for both carriers and equipment suppliers in capturing and spurring the next wave of telecommunications innovation, though challenges remain. However, the enhancement on the hardware and application sides only seems inadequate. The chosen of proper network environment is also crucial in order to deliver the voice communication and multimedia session over the Internet. Optimization of the VoIP call capacity over WiMAX and WiFi networks is one such crucial challenge and remains an open research issue. Hence, in this project, we present the performance evaluation of VoIP in two wireless network protocols, WiMAX and WiFi as a baseline to evaluate the VoIP performance

From Understanding Telephone Scams to Implementing Authenticated Caller ID Transmission

abstract: The telephone network is used by almost every person in the modern world. With the rise of Internet access to the PSTN, the telephone network today is rife with telephone spam and scams. Spam calls are significant annoyances for telephone users, unlike email spam, spam calls demand immediate attention. They are not only significant annoyances but also result in significant financial losses in the economy. According to complaint data from the FTC, complaints on illegal calls have made record numbers in recent years. Americans lose billions to fraud due to malicious telephone communication, despite various efforts to subdue telephone spam, scam, and robocalls. In this dissertation, a study of what causes the users to fall victim to telephone scams is presented, and it demonstrates that impersonation is at the heart of the problem. Most solutions today primarily rely on gathering offending caller IDs, however, they do not work effectively when the caller ID has been spoofed. Due to a lack of authentication in the PSTN caller ID transmission scheme, fraudsters can manipulate the caller ID to impersonate a trusted entity and further a variety of scams. To provide a solution to this fundamental problem, a novel architecture and method to authenticate the transmission of the caller ID is proposed. The solution enables the possibility of a security indicator which can provide an early warning to help users stay vigilant against telephone impersonation scams, as well as provide a foundation for existing and future defenses to stop unwanted telephone communication based on the caller ID information.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

Evidence-informed regulatory practice: an adaptive response, 2005‑15

Overview: In this occasional paper, the ACMA reflects on its regulatory practice over the past 10 years; specifically, the role of research in evidence-informed decision-making and regulation. It looks at how the ACMA has used research in an environment of ongoing change to document and build evidence, inform public debate about regulation, and build capability among our stakeholders to make communications and media work in Australia’s national interest

Efficient detection of spam over internet telephony by machine learning algorithms

Recent trends show a growing interest in VoIP services and indicate that guaranteeing security in VoIP services and preventing hacker communities from attacking telecommunication solutions is a challenging task. Spam over Internet Telephony (SPIT) is a type of attack which is a significant detriment to the user's experience. A number of techniques have been produced to detect SPIT calls. We reviewed these techniques and have proposed a new approach for quick, efficient and highly accurate detection of SPIT calls using neural networks and novel call parameters. The performance of this system was compared to other state-of-art machine learning algorithms on a real-world dataset, which has been published online and is publicly available. The results of the study demonstrated that new parameters may help improve the effectiveness and accuracy of applied machine learning algorithms. The study explored the entire process of designing a SPIT detection algorithm, including data collection and processing, defining suitable parameters, and final evaluation of machine learning models.Web of Science1013342613341