Securing VoIP: A Framework to Mitigate or Manage Risks

In Australia, the past few years have seen Voice over IP (VoIP) move from a niche communications medium used by organisations with the appropriate infrastructure and capabilities to a technology that is available to any one with a good broadband connection. Driven by low cost and no cost phone calls, easy to use VoIP clients and increasingly reliable connections, VoIP is replacing the Public Switch Telephone Network (PSTN) in a growing number of households. VoIP adoption appears to be following a similar path to early Internet adoption, namely little awareness by users of the security implications. Lack of concern about security by VoIP users is probably due to the relatively risk free service provided by the PSTN. However, VoIP applications use the Internet as their communications medium and therefore the risk profile is significantly different to the PSTN. This paper reviews the risks for two VoIP implementation models now being increasingly used in Australian homes; the PC softphone and the Analogue Telephony Adaptor (ATA). An overview of each of the VoIP implementation models is given together with a description of the respective technologies and protocols utilised. The VoIP security threats, applicable to the two VoIP implementation models considered, are enumerated and vulnerabilities that could be exploited are considered. Available security mechanisms that address the identified vulnerabilities are discussed. A practical and pragmatic VoIP security framework is proposed that will enable a user to mitigate or manage the risks associated with using the VoIP implementation models considered. By applying the VoIP security framework a user will be able to deploy a secure VoIP solution appropriate for residential use

Voice over IP

The area that this thesis covers is Voice over IP (or IP Telephony as it is sometimes called) over Private networks and not over the Internet. There is a distinction to be made between the two even though the term is loosely applied to both. IP Telephony over Private Networks involve calls made over private WANs using IP telephony protocols while IP Telephony over the Internet involve calls made over the public Internet using IP telephony protocols. Since the network is private, service is reliable because the network owner can control how resources are allocated to various applications, such as telephony services. The public Internet on the other hand is a public, largely unmanaged network that offers no reliable service guarantee. Calls placed over the Internet can be low in quality, but given the low price, some find this solution attractive. What started off as an Internet Revolution with free phone calls being offered to the general public using their multimedia computers has turned into a telecommunication revolution where enterprises are beginning to converge their data and voice networks into one network. In retrospect, an enterprise\u27s data networks are being leveraged for telephony. The communication industry has come full circle. Earlier in the decade data was being transmitted over the public voice networks and now voice is just another application which is/will be run over the enterprises existing data networks. We shall see in this thesis the problems that are encountered while sending Voice over Data networks using the underlying IP Protocol and the corrective steps taken by the Industry to resolve these multitudes of issues. Paul M. Zam who is collaborating in this Joint Thesis/project on VoIP will substantiate this theoretical research with his practical findings. On reading this paper the reader will gain an insight in the issues revolving the implementation of VoIP in an enterprises private network as well the technical data, which sheds more light on the same. Thus the premise of this joint thesis/project is to analyze the current status of the technology and present a business case scenario where an organization will be able to use this information

SIP based IP-telephony network security analysis

Masteroppgave i informasjons- og kommunikasjonsteknologi 2004 - Høgskolen i Agder, GrimstadThis thesis evaluates the SIP Protocol implementation used in the Voice over IP (VoIP) solution at the fibre/DSL network of Èlla Kommunikasjon AS. The evaluation focuses on security in the telephony service, and is performed from the perspective of an attacker trying to find weaknesses in the network. For each type of attempt by the malicious attacker, we examined the security level and possible solutions to flaws in the system. The conclusion of this analysis is that the VoIP service is exploitable, and that serious improvements are needed to achieve a satisfying level of security for the system

Understanding the factors that influence trust in e-services: a case study of a wireless mesh network implementation in Mankosi, South Africa

>Magister Scientiae - MScThis thesis deals with the design of a business model for rural telephony based on a wireless mesh network for a rural community, the Mankosi community, located in the Eastern Cape Province of South Africa. Its aim is to understand the social, economic and technical issues that are involved in the adoption of information and communication technologies for development and how they relates to trust in e-services. Externally funded projects tend to be expensive and are often unsustainable once the external funding ceases. The cost of a mesh network (once implemented) is almost negligible, apart from its maintenance. The pillars of the project are sustainability and community ownership, and the aim was to design the wireless mesh network, provide telephony service to the community and use solar power to charge mobile phones. The community leaders of Mankosi indicated that they do not want the service to be completely free, but would charge a small fee for each call in order to generate the funds needed for the maintenance of the system. In order to do so, a prototype billing system was configured and adapted to the needs and expectations of the community. The principles and steps of soft systems methodology were used to manage the research process of this case study. This methodology was a powerful tool to carry out the research and address the research problem in a participative way with the stakeholders. The participatory design process used in the design phase of the project had the added advantage that the community understood the purpose of the network, and since they contributed to its design, they felt that they owned it and could trust its billing system. A further benefit was that a core group of participants were committed to the project and felt that the overall quality of community members' lives would be improved by it and similar projects. The process contributed to the personal development of the participants by giving the community a voice and sense of power – the ability to change things – and it vastly expanded community members’ vision of what they are capable of. It was found that the current means of communication, i.e. using mobile phones, is expensive for local users in relation to their average income. The proposed billing system – designed with the help of the community – will be trusted by the community and provide Mankosi with a low-cost communication system by making use of the existing experimental mesh network. The community will be able to sustain their network with the income generated. The network will in future provide access to the Internet and will be able to handle breakout calls to external networks

Study, Analysis and Modeling of IP Multimedia systems on next generation networks providing mobile and fixed multimedia services

Not availabl