593 research outputs found
AN ANALYSIS OF VOICE OVER INTERNET PROTOCOL (VOIP) AND ITS SECURITY IMPLEMENTATION
Voice over Internet Protocol (VoIP) has been in existence for a number of years but only
quite recently has it developed into mass adoption. As VoIP technology penetrates
worldwide telecommunications markets, the advancements achieved in performance, cost
reduction, and feature supportmake VoIP a convincingproposition for service providers,
equipment manufacturers, and end users. Since the introduction of mass-market VoIP
services over broadband Internet in 2004, security and safeguarding are becoming a more
important obligation in VoIP solutions. The purpose of this final year project is to study
and analyze VoIP and implement the security aspect using Secure Real-time Transport
Protocol (SRTP) end-to-end media encryption in the Universiti Teknologi PETRONAS
(UTP) laboratory. Extensive research, evaluation of case studies, literature reviews,
network analysis, as well as testing and experimentation are the methods employed in
achieving a secure and reliable VoIP network. With the given time frame and adequate
resources, the study and analysis of VoIP and implementation of SRTP should prove to
be very successful
Reflections on security options for the real-time transport protocol framework
The Real-time Transport Protocol (RTP) supports a range of video conferencing, telephony, and streaming video ap- plications, but offers few native security features. We discuss the problem of securing RTP, considering the range of applications. We outline why this makes RTP a difficult protocol to secure, and describe the approach we have recently proposed in the IETF to provide security for RTP applications. This approach treats RTP as a framework with a set of extensible security building blocks, and prescribes mandatory-to-implement security at the level of different application classes, rather than at the level of the media transport protocol
Securing media streams in an Asterisk-based environment and evaluating the resulting performance cost
When adding Confidentiality, Integrity and Availability (CIA) to a multi-user VoIP (Voice over IP) system, performance and quality are at risk. The aim of this study is twofold. Firstly, it describes current methods suitable to secure voice streams within a VoIP system and make them available in an Asterisk-based VoIP environment. (Asterisk is a well established, open-source, TDM/VoIP PBX.) Secondly, this study evaluates the performance cost incurred after implementing each security method within the Asterisk-based system, using a special testbed suite, named DRAPA, which was developed expressly for this study. The three security methods implemented and studied were IPSec (Internet Protocol Security), SRTP (Secure Real-time Transport Protocol), and SIAX2 (Secure Inter-Asterisk eXchange 2 protocol). From the experiments, it was found that bandwidth and CPU usage were significantly affected by the addition of CIA. In ranking the three security methods in terms of these two resources, it was found that SRTP incurs the least bandwidth overhead, followed by SIAX2 and then IPSec. Where CPU utilisation is concerned, it was found that SIAX2 incurs the least overhead, followed by IPSec, and then SRTP
Options for Securing RTP Sessions
The Real-time Transport Protocol (RTP) is used in a large number of
different application domains and environments. This heterogeneity
implies that different security mechanisms are needed to provide
services such as confidentiality, integrity, and source
authentication of RTP and RTP Control Protocol (RTCP) packets
suitable for the various environments. The range of solutions makes
it difficult for RTP-based application developers to pick the most
suitable mechanism. This document provides an overview of a number
of security solutions for RTP and gives guidance for developers on
how to choose the appropriate security mechanism
Securing the RTP framework: why RTP does not mandate a single media security solution
This memo discusses the problem of securing real-time multimedia
sessions, and explains why the Real-time Transport Protocol (RTP),
and the associated RTP control protocol (RTCP), do not mandate a
single media security mechanism. Guidelines for designers and
reviewers of future RTP extensions are provided, to ensure that
appropriate security mechanisms are mandated, and that any such
mechanisms are specified in a manner that conforms with the RTP
architecture
Using Transcoding for Hidden Communication in IP Telephony
The paper presents a new steganographic method for IP telephony called
TranSteg (Transcoding Steganography). Typically, in steganographic
communication it is advised for covert data to be compressed in order to limit
its size. In TranSteg it is the overt data that is compressed to make space for
the steganogram. The main innovation of TranSteg is to, for a chosen voice
stream, find a codec that will result in a similar voice quality but smaller
voice payload size than the originally selected. Then, the voice stream is
transcoded. At this step the original voice payload size is intentionally
unaltered and the change of the codec is not indicated. Instead, after placing
the transcoded voice payload, the remaining free space is filled with hidden
data. TranSteg proof of concept implementation was designed and developed. The
obtained experimental results are enclosed in this paper. They prove that the
proposed method is feasible and offers a high steganographic bandwidth.
TranSteg detection is difficult to perform when performing inspection in a
single network localisation.Comment: 17 pages, 16 figures, 4 table
- …