A Trust-based Strategy for Addressing Residual Attacks in the RELOAD Architecture

Telephony over IP has undergone a large-scale deployment thanks to the development of high-speed broadband access and the standardization of signaling protocols. A particular attention is currently given to P2PSIP networks which are exposed to many security threats. The RELOAD protocol defines a peer-to-peer signaling overlay designed to support these networks. It introduces a security framework based on certification mechanisms, but P2PSIP networks are still exposed to residual attacks, such as refusals of service. We propose in this work to address these residual attacks by integrating into the RELOAD architecture a dedicated trust model coupled with prevention countermeasures. We mathematically defines this trust-based strategy, and describe the considered prevention mechanisms implemented by safeguards and watchmen. We quantify the benefits and limits of our solution through an extensive set of experiments

Artemisa: an Open-Source Honeypot Back-end to Support Security in VoIP Domains

International audienceVoice over IP (VoIP) and the Session Initiation Protocol (SIP) are establishing themselves as strong players in the field of multimedia communications over IP, leveraged by low cost services and easy management. Nevertheless, the security aspects are not yet fully mastered. In this paper we present an open-source implementation of a VoIP SIP-specific honeypot named Artemisa. The honeypot is designed to connect to a VoIP enterprise domain as a back-end user-agent in order to detect malicious activity at an early stage. Moreover, the honeypot can play a role in the real time adjustment of the security policies of the enterprise domain where it is deployed. We aim, by this contribution, to encourage the deployment of such honeypots at large scale and the collection of attack traces. We test the capacity of the honeypot to handle a series of known SIP attacks and present results from diverse scenarios

Risk Management in VoIP Infrastructures using Support Vector Machines

International audienceTelephony over IP is exposed to multiple security threats. Conventional protection mechanisms do not fit into the highly dynamic, open and large-scale settings of VoIP infrastructures, and may significantly impact on the performance of such a critical service. We propose in this paper a runtime risk management strategy based on anomaly detection techniques for continuously adapting the VoIP service exposure. This solution relies on support vector machines (SVM) and exploits dynamic security safeguards to reduce risks in a progressive manner. We describe how SVM parameters can be integrated into a runtime risk model, and show how this framework can be deployed into an Asterisk VoIP server. We evaluate the benefits and limits of our solution through a prototype and an extensive set of experimental results

Consumer-facing technology fraud : economics, attack methods and potential solutions

The emerging use of modern technologies has not only benefited society but also attracted fraudsters and criminals to misuse the technology for financial benefits. Fraud over the Internet has increased dramatically, resulting in an annual loss of billions of dollars to customers and service providers worldwide. Much of such fraud directly impacts individuals, both in the case of browser-based and mobile-based Internet services, as well as when using traditional telephony services, either through landline phones or mobiles. It is important that users of the technology should be both informed of fraud, as well as protected from frauds through fraud detection and prevention systems. In this paper, we present the anatomy of frauds for different consumer-facing technologies from three broad perspectives - we discuss Internet, mobile and traditional telecommunication, from the perspectives of losses through frauds over the technology, fraud attack mechanisms and systems used for detecting and preventing frauds. The paper also provides recommendations for securing emerging technologies from fraud and attacks

A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems

Consumer-facing technology fraud: Economics, attack methods and potential solutions

The emerging use of modern technologies has not only benefited society but also attracted fraudsters and criminals to misuse the technology for financial benefits. Fraud over the Internet has increased dramatically, resulting in an annual loss of billions of dollars to customers and service providers worldwide. Much of such fraud directly impacts individuals, both in the case of browser-based and mobile-based Internet services, as well as when using traditional telephony services, either through landline phones or mobiles. It is important that users of the technology should be both informed of fraud, as well as protected from frauds through fraud detection and prevention systems. In this paper, we present the anatomy of frauds for different consumer-facing technologies from three broad perspectives - we discuss Internet, mobile and traditional telecommunication, from the perspectives of losses through frauds over the technology, fraud attack mechanisms and systems used for detecting and preventing frauds. The paper also provides recommendations for securing emerging technologies from fraud and attacks.N/

From Understanding Telephone Scams to Implementing Authenticated Caller ID Transmission

abstract: The telephone network is used by almost every person in the modern world. With the rise of Internet access to the PSTN, the telephone network today is rife with telephone spam and scams. Spam calls are significant annoyances for telephone users, unlike email spam, spam calls demand immediate attention. They are not only significant annoyances but also result in significant financial losses in the economy. According to complaint data from the FTC, complaints on illegal calls have made record numbers in recent years. Americans lose billions to fraud due to malicious telephone communication, despite various efforts to subdue telephone spam, scam, and robocalls. In this dissertation, a study of what causes the users to fall victim to telephone scams is presented, and it demonstrates that impersonation is at the heart of the problem. Most solutions today primarily rely on gathering offending caller IDs, however, they do not work effectively when the caller ID has been spoofed. Due to a lack of authentication in the PSTN caller ID transmission scheme, fraudsters can manipulate the caller ID to impersonate a trusted entity and further a variety of scams. To provide a solution to this fundamental problem, a novel architecture and method to authenticate the transmission of the caller ID is proposed. The solution enables the possibility of a security indicator which can provide an early warning to help users stay vigilant against telephone impersonation scams, as well as provide a foundation for existing and future defenses to stop unwanted telephone communication based on the caller ID information.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Privacy in location-based services

Während der letzten Jahre erfuhren mobile Geräte durch grössere Speicher, der Entwicklung schnellerer Prozessoren und höherer Übertragungsraten, um nur einige der wichtigsten Performanceparameter zu nennen, einen enormen Entwicklungsschub. Gleichzeitig sind die unterschiedlichen Positionierungssysteme mittlerweile ausgereift und klein genug, um in mobile Geräte verbaut werden zu können. Erst durch die Möglichkeit der Zusammenführung von solchen ausgereiften Positionierungs- mit existierenden Telekommunikationstechnologien kann die Basis für eine neue Generation kontextsensitiver Anwendungen und entsprechender Geschaeftsmodelle geschaffen werden. Abgesehen von den technischen Massnahmen die zum Schutz gegen Attacken, Verfaelschungen und Missbrauch sensitiver Daten eingesetzt werden, müssen diese auch allen rechtlichen Aspekten und Rahmenbedingungen von Telekommunikationssystemen entsprechen. In diesem Sinne muss das Ziel von Forschungen im Bereich neuer kontext-sensitiver Systeme und Anwendungen die mit Positionsdaten operieren der Schutz der Privatheit jedes einzelnen Nutzers sein. Diese Dissertation beginnt mit einer Diskussion über verschiedene Aspekte von Location-Based Systemen. Es werden weiters unterschiedliche Anforderungen aufgezeigt deren Erfüllung notwendig sind, um flexible Systeme anbieten zu können und die zudem den Schutz der Privatheit der Nutzer garantieren können. Der wohl wichtigste Beitrag dazu ist ein Mechanismus der auf dem Begriff des Pseudonyms basiert.Dieses Verfahren garantiert maximale Sicherheit und Schutz der Privatheit der Benutzer während der Nutzung von Diensten. Der zweite Beitrag der Dissertation ist eine Telekom Service Architektur die den erwähnten Pseudonym-basierten Mechanismus integriert. Durch Einbeziehen dedizierter Dienste von Telekommunikationsanbietern bildet diese Architektur die Basis für die Realisierung neuer Geschäftsmodelle und ermöglicht die Implementierung des pay-as-you-go Konzeptes. Dieses ermöglicht Kunden anonym mobile Dienste von Drittanbietern zu konsumieren, ähnlich dem anonymen Kauf von Gütern mit realem Geld. Schliesslich wird mit der Implementierung einer Service Platform sowohl die Funktionsweise des Pseudonym Mechanismus sowie die Interaktionen der in der System Architektur vorgesehenen Dienste und Komponenten die zur Realisierung von Location-Based Anwendungen benötigt werden demonstriert.During the last years the development of mobile devices has gained significant progress with respect to memory capabilities, advanced processing power and higher transfer rates to name only a few performance parameters. At the same time eclectic positioning and localization technologies are meanwhile mature enough to be integrated into mobile devices. Not until positioning, localization and telecommunication technologies can be combined, seamlessly the basis for the proliferation of a new generation of context-aware applications and business models can be build. In this respect, location and position information foster novel future context-awareapplications. But, if this information is in the wrong hands such applications may by the same token pose severe threat. Therefore, apart from technical means against attacks, forgery and misuse of sensitive user information the interaction of all these systems must comply with legal requirements that precisely prescribe all aspects of telecommunication systems. In this spirit, the main research ob jective addressed for the design of new context- aware and location-based systems must be the protection of the user’s privacy. This dissertation discusses first various aspects of location-based systems and out of it the various needs that have to be addressed to be able to provide flexible location-based services to mobile users by preserving privacy. The main contribution of this work is a mechanism that is based on the notion of pseudonyms. The use of this kind of pseudonyms provides maximum security and privacy for users during communication. The second contribution is a telecommunication service architecture that is tightly coupled with the pseudonym mechanism. It allows new business models to be applied by leveraging the use of some services of the telcos’ infrastructure. This service application further allows the implementation of the so called pay-as-you-go concept. This allows customers to anonymously consume mobile services that are offered by third party application providers similarly to buying physical goods with cash. Finally, we demonstrate the implementation of a service platform that allows us to illustrate the operation of the pseudonym mechanism and the interworking of the system architecture’s components that are tailored for the realization of location-based applications