Key exchange with the help of a public ledger

Blockchains and other public ledger structures promise a new way to create globally consistent event logs and other records. We make use of this consistency property to detect and prevent man-in-the-middle attacks in a key exchange such as Diffie-Hellman or ECDH. Essentially, the MitM attack creates an inconsistency in the world views of the two honest parties, and they can detect it with the help of the ledger. Thus, there is no need for prior knowledge or trusted third parties apart from the distributed ledger. To prevent impersonation attacks, we require user interaction. It appears that, in some applications, the required user interaction is reduced in comparison to other user-assisted key-exchange protocols

Socio-economic issues in future generation internet

Socio-Economic Issues in Future Generation Interne

A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems

VOIP End-To-End Security using S/MIME and a Security Toolbox

Voice Over Internet Protocol (VOIP) is a rapidlygrowing Internet service for telephone communication. However, while it offers a number of cost advantages over traditional telephone service, it can pose a security threat, especially when used over public networks. In the absence of sufficient security, users of public networks are open to threats such as identity theft, man-in-the-middle attack, interception of messages/eavesdropping, DOS attacks, interruption of service and spam. S/MIME adds security to the message itself and can be used to provide end-to-end security to SIP. S/MIME can also offer confidentiality or integrity, or both, but it does not provide any anti-replay protection. However, we propose to use a unified architecture for the implementation of security protocols in the form of a security toolbox system. It will prevent an attack against anti-replay

Analysis of Security Threats in Voice Over Internet Protocol (VOIP)

The VoIP system is build on the IP network, so it is affected by the IP network security problem. It has many security problems because of the security mechanism of VoIP system and other external factors. These effects relate to the following three aspects: confidentiality, integrity and availability. This paper makes a detailed analysis discussed several security potential threats by dividing it into several categories like social, eavesdropping, service abuse, etc. and finally shows how this threats are harmful to VoIP. Keywords-VoIP; Security threat

A comparative study of in-band and out-of-band VOIP protocols in layer 3 and layer 2.5 environments

For more than a century the classic circuit-switched telephony in the form of PSTN (Public Service Telephone Network) has dominated the world of phone communications (Varshney et al., 2002). The alternative solution of VoIP (Voice over Internet Protocol) or Internet telephony has increased dramatically its share over the years though. Originally started among computer enthusiasts, nowadays it has become a huge research area in both the academic community as well as the industry (Karapantazis and Pavlidou, 2009). Therefore, many VoIP technologies have emerged in order to offer telephony services. However, the performance of these VoIP technologies is a key issue for the sound quality that the end-users receive. When making reference to sound quality PSTN still stands as the benchmark.Against this background, the aim of this project is to evaluate different VoIP signalling protocols in terms of their key performance metrics and the impact of security and packet transport mechanisms on them. In order to reach this aim in-band and out-of-band VoIP signalling protocols are reviewed along with the existing security techniques which protect phone calls and network protocols that relay voice over packet-switched systems. In addition, the various methods and tools that are used in order to carry out performance measurements are examined together with the open source Asterisk VoIP platform. The findings of the literature review are then used in order to design and implement a novel experimental framework which is employed for the evaluation of the in-band and out-of-band VoIP signalling protocols in respect to their key performance networks. The major issue of this framework though is the lack of fine-grained clock synchronisation which is required in order to achieve ultra precise measurements. However, valid results are still extracted. These results show that in-band signalling protocols are highly optimised for VoIP telephony and outperform out-of-band signalling protocols in certain key areas. Furthermore, the use of VoIP specific security mechanisms introduces just a minor overhead whereas the use of Layer 2.5 protocols against the Layer 3 routing protocols does not improve the performance of the VoIP signalling protocols

Segurança em voz sobre IP: apresentação e análise dos protocolos SRTP, ZRTP, e IPSec

Elucidate the relation between security and performance and her aim is to show the importance of the implement protocols that make the security of VoIP traffic possible. To clear up this question, this work begins with a historic about VoIP technology, showing her advantages and disadvantages. Next this work is showing SRTP, ZRTP and IPSec security protocols, explaining their operation, displaying their features and functionalities. Finally, this work analyses the application of the security protocols with VoIP traffic.Elucida a relação entre segurança e desempenho e tem por objetivo mostrar a importância de implementar protocolos que viabilizam a segurança do tráfego VoIP. Para esclarecer tal questão, este trabalho inicia com um histórico sobre a tecnologia VoIP, mostrando suas vantagens e desvantagens. A seguir são apresentados os protocolos de segurança SRTP, ZRTP e IPSec, explicando seus funcionamentos, mostrando suas características e suas funcionalidades. Por fim, este trabalho analisa a aplicação dos protocolos citados em conjunto com o tráfego VoIP