A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems

Using decoys to block SPIT in the IMS

Includes bibliographical references (leaves 106-111)In recent years, studies have shown that 80-85% of e-mails sent were spam. Another form of spam that has just surfaced is VoIP (Voice over Internet Telephony) spam. Currently, VoIP has seen an increasing numbers of users due to the cheap rates. With the introduction of the IMS (IP Multimedia Subsystem), the number of VoIP users are expected to increase dramatically. This calls for a cause of concern, as the tools and methods that have been used for blocking email spam may not be suitable for real-time voice calls. In addition, VoIP phones will have URI type addresses, so the same methods that were used to generate automated e-mail spam messages can be employed for unsolicited voice calls. Spammers will always be present to take advantage of and adapt to trends in communication technology. Therefore, it is important that IMS have structures in place to alleviate the problems of spam. Recent solutions proposed to block SPIT (Spam over Internet Telephony) have the following shortcomings: restricting the users to trusted senders, causing delays in voice call set-up, reducing the efficiency of the system by increasing burden on proxies which have to do some form of bayesian or statistical filtering, and requiring dramatic changes in the protocols being used. The proposed decoying system for the IMS fits well with the existing protocol structure, and customers are oblivious of its operation

From Understanding Telephone Scams to Implementing Authenticated Caller ID Transmission

abstract: The telephone network is used by almost every person in the modern world. With the rise of Internet access to the PSTN, the telephone network today is rife with telephone spam and scams. Spam calls are significant annoyances for telephone users, unlike email spam, spam calls demand immediate attention. They are not only significant annoyances but also result in significant financial losses in the economy. According to complaint data from the FTC, complaints on illegal calls have made record numbers in recent years. Americans lose billions to fraud due to malicious telephone communication, despite various efforts to subdue telephone spam, scam, and robocalls. In this dissertation, a study of what causes the users to fall victim to telephone scams is presented, and it demonstrates that impersonation is at the heart of the problem. Most solutions today primarily rely on gathering offending caller IDs, however, they do not work effectively when the caller ID has been spoofed. Due to a lack of authentication in the PSTN caller ID transmission scheme, fraudsters can manipulate the caller ID to impersonate a trusted entity and further a variety of scams. To provide a solution to this fundamental problem, a novel architecture and method to authenticate the transmission of the caller ID is proposed. The solution enables the possibility of a security indicator which can provide an early warning to help users stay vigilant against telephone impersonation scams, as well as provide a foundation for existing and future defenses to stop unwanted telephone communication based on the caller ID information.Dissertation/ThesisDoctoral Dissertation Computer Science 201

System and Methods for Detecting Unwanted Voice Calls

Voice over IP (VoIP) is a key enabling technology for the migration of circuit-switched PSTN architectures to packet-based IP networks. However, this migration is successful only if the present problems in IP networks are addressed before deploying VoIP infrastructure on a large scale. One of the important issues that the present VoIP networks face is the problem of unwanted calls commonly referred to as SPIT (spam over Internet telephony). Mostly, these SPIT calls are from unknown callers who broadcast unwanted calls. There may be unwanted calls from legitimate and known people too. In this case, the unwantedness depends on social proximity of the communicating parties. For detecting these unwanted calls, I propose a framework that analyzes incoming calls for unwanted behavior. The framework includes a VoIP spam detector (VSD) that analyzes incoming VoIP calls for spam behavior using trust and reputation techniques. The framework also includes a nuisance detector (ND) that proactively infers the nuisance (or reluctance of the end user) to receive incoming calls. This inference is based on past mutual behavior between the calling and the called party (i.e., caller and callee), the callee's presence (mood or state of mind) and tolerance in receiving voice calls from the caller, and the social closeness between the caller and the callee. The VSD and ND learn the behavior of callers over time and estimate the possibility of the call to be unwanted based on predetermined thresholds configured by the callee (or the filter administrators). These threshold values have to be automatically updated for integrating dynamic behavioral changes of the communicating parties. For updating these threshold values, I propose an automatic calibration mechanism using receiver operating characteristics curves (ROC). The VSD and ND use this mechanism for dynamically updating thresholds for optimizing their accuracy of detection. In addition to unwanted calls to the callees in a VoIP network, there can be unwanted traffic coming into a VoIP network that attempts to compromise VoIP network devices. Intelligent hackers can create malicious VoIP traffic for disrupting network activities. Hence, there is a need to frequently monitor the risk levels of critical network infrastructure. Towards realizing this objective, I describe a network level risk management mechanism that prioritizes resources in a VoIP network. The prioritization scheme involves an adaptive re-computation model of risk levels using attack graphs and Bayesian inference techniques. All the above techniques collectively account for a domain-level VoIP security solution

The Role of Islands in the Migration of Bats Across Lake Erie and Lake Ontario: Lasiurus borealis, Lasiurus cinereus and Perimyotis subflavus

Large bodies of water, such as the Great Lakes in North America, are potential barriers to migrating bats. Islands may be used as stopover sites by bats crossing the Great Lakes as stopover sites, or included in crossing routes to reduce the distance flown over open water. I predicted that stopover use by migrating bats would result in higher activity on Great Lakes islands during late-season migration than at mainland sites. I monitored acoustic activity at 11 sites across four locations in Ontario: Amherst and Pelee islands, Kingston and Pinery Provincial Park during the summer (June and July), and during the putative late-season migration period (August and September). I found some evidence of migration by Lasiurus borealis and Perimyotis subflavus at Amherst Island, and by Perimyotis subflavus at Pelee Island. Islands may have occasional roles as stopover sites for migrating bats

Security for Decentralised Service Location - Exemplified with Real-Time Communication Session Establishment

Decentralised Service Location, i.e. finding an application communication endpoint based on a Distributed Hash Table (DHT), is a fairly new concept. The precise security implications of this approach have not been studied in detail. More importantly, a detailed analysis regarding the applicability of existing security solutions to this concept has not been conducted. In many cases existing client-server approaches to security may not be feasible. In addition, to understand the necessity for such an analysis, it is key to acknowledge that Decentralised Service Location has some unique security requirements compared to other P2P applications such as filesharing or live streaming. This thesis concerns the security challenges for Decentralised Service Location. The goals of our work are on the one hand to precisely understand the security requirements and research challenges for Decentralised Service Location, and on the other hand to develop and evaluate corresponding security mechanisms. The thesis is organised as follows. First, fundamentals are explained and the scope of the thesis is defined. Decentralised Service Location is defined and P2PSIP is explained technically as a prototypical example. Then, a security analysis for P2PSIP is presented. Based on this security analysis, security requirements for Decentralised Service Location and the corresponding research challenges -- i.e. security concerns not suitably mitigated by existing solutions -- are derived. Second, several decentralised solutions are presented and evaluated to tackle the security challenges for Decentralised Service Location. We present decentralised algorithms to enable availability of the DHTs lookup service in the presence of adversary nodes. These algorithms are evaluated via simulation and compared to analytical bounds. Further, a cryptographic approach based on self-certifying identities is illustrated and discussed. This approach enables decentralised integrity protection of location-bindings. Finally, a decentralised approach to assess unknown identities is introduced. The approach is based on a Web-of-Trust model. It is evaluated via prototypical implementation. Finally, the thesis closes with a summary of the main contributions and a discussion of open issues

An approach to preventing spam using Access Codes with a combination of anti-spam mechanisms

Spam is becoming a more and more severe problem for individuals, networks, organisations and businesses. The losses caused by spam are billions of dollars every year. Research shows that spam contributes more than 80% of e-mails with an increased in its growth rate every year. Spam is not limited to emails; it has started affecting other technologies like VoIP, cellular and traditional telephony, and instant messaging services. None of the approaches (including legislative, collaborative, social awareness and technological) separately or in combination with other approaches, can prevent sufficient of the spam to be deemed a solution to the spam problem. The severity of the spam problem and the limitations of the state-of-the-Art solutions create a strong need for an efficient anti-spam mechanism that can prevent significant volumes of spam without showing any false positives. This can be achieved by an efficient anti-spam mechanism such as the proposed anti-spam mechanism known as "Spam Prevention using Access Codes", SPAC. SPAC targets spam from two angles i.e. to prevent/block spam and to discourage spammers by making the infrastructure environment very unpleasant for them. In addition to the idea of Access Codes, SPAC combines the ideas behind some of the key current technological anti-spam measures to increase effectiveness. The difference in this work is that SPAC uses those ideas effectively and combines them in a unique way which enables SPAC to acquire the good features of a number of technological anti-spam approaches without showing any of the drawbacks of these approaches. Sybil attacks, Dictionary attacks and address spoofing have no impact on the performance of SPAC. In fact SPAC functions in a similar way (i.e. as for unknown persons) for these sorts of attacks. An application known as the "SPAC application" has been developed to test the performance of the SPAC mechanism. The results obtained from various tests on the SPAC application show that SPAC has a clear edge over the existing anti-spam technological approaches

A Theoretically-Based Mixed Methods Approach to Examining Mental Health Disorders and Help-Seeking Behaviors among University-Enrolled African American Men

Recent studies show that African American men in college are disproportionately experiencing high levels of psychological distress, increasing their risk of developing mental health symptoms associated with depression and anxiety. Despite being at higher risk for developing mental health symptoms, university-enrolled, African American men are not seeking help even when experiencing high levels of stress and anxiety, impacting their academic performance. The evidence base describing mental health symptom prevalence and evidence-based prevention strategies among university-enrolled, African American men is limited. To that end, this dissertation work utilized a concurrent, mixed methods approach, theoretically-based in the Social Ecological Model (SEM), to examine the prevalence and correlates of anxiety and depressive symptoms among university-enrolled, African American men, and the contextual factors that impact their perceptions of mental health-related help-seeking. Overall, findings showed that: 1) African American men on this campus are reporting endorsement of anxiety and depressive symptoms at lower rates compared to their male and female counterparts; 2) African American men are utilizing campus health services at lower rates compared to their male and female counterparts; 3) stressful life events are a robust predictor of anxiety and depressive symptoms among this population; and 4) formal therapeutic services may not be preferred or suitable for these men. Researchers, campus-based practitioners, and policymakers who wish to develop effective mental health prevention programs that attenuate mental health risk and increase help-seeking behavior among African American men should aim to expand on these findings and considerations. Importantly, future programming efforts should aim to promote peer-to-peer support and informal, nontraditional methods as viable points for future scientific inquiry, as well as for the development, implementation and evaluation of effective mental health prevention programs. This dissertation study is one of the first to focus specifically on mental health risk and help-seeking behaviors among African American men on a college campus. Hence, further quantitative and qualitative research is needed to improve mental health among this severely marginalized and vulnerable population. Implications for future research are discussed in the following chapters