Prevalent Network Threats and Telecommunication Security Challenges and Countermeasures in VoIP Networks

Due to the recent global popularity gained by VoIP network while many organisations/industries are employing it for their voice communication needs, optimal security assurance has to be provided to guarantee security of their data/information against present day teeming security threats and attacks prevalent in IP-based networks. This research paper has critically investigated and analysed most of the security challenges associated with VoIP systems and traditional IP data networks; and has proposed several defence measures which if designed and implemented will prevent most (if not all) of the security threats plaguing these networks. Keywords: Network security, VoIP, Computer attack, Security threats, SIP, H.323, Defence measures, IPSec

Side-Channel VoIP Profiling Attack against Customer Service Automated Phone System

In many VoIP systems, Voice Activity Detection (VAD) is often used on VoIP traffic to suppress packets of silence in order to reduce the bandwidth consumption of phone calls. Unfortunately, although VoIP traffic is fully encrypted and secured, traffic analysis of this suppression can reveal identifying information about calls made to customer service automated phone systems. Because different customer service phone systems have distinct, but fixed (pre-recorded) automated voice messages sent to customers, VAD silence suppression used in VoIP will enable an eavesdropper to profile and identify these automated voice messages. In this paper, we will use a popular enterprise VoIP system (Cisco CallManager), running the default Session Initiation Protocol (SIP) protocol, to demonstrate that an attacker can reliably use the silence suppression to profile calls to such VoIP systems. Our real-world experiments demonstrate that this side-channel profiling attack can be used to accurately identify not only what customer service phone number a customer calls, but also what following options are subsequently chosen by the caller in the phone conversation.Comment: 6 pages, 12 figures. Published in IEEE Global Communications Conference (GLOBECOM), 202

A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems

Consumer-facing technology fraud : economics, attack methods and potential solutions

The emerging use of modern technologies has not only benefited society but also attracted fraudsters and criminals to misuse the technology for financial benefits. Fraud over the Internet has increased dramatically, resulting in an annual loss of billions of dollars to customers and service providers worldwide. Much of such fraud directly impacts individuals, both in the case of browser-based and mobile-based Internet services, as well as when using traditional telephony services, either through landline phones or mobiles. It is important that users of the technology should be both informed of fraud, as well as protected from frauds through fraud detection and prevention systems. In this paper, we present the anatomy of frauds for different consumer-facing technologies from three broad perspectives - we discuss Internet, mobile and traditional telecommunication, from the perspectives of losses through frauds over the technology, fraud attack mechanisms and systems used for detecting and preventing frauds. The paper also provides recommendations for securing emerging technologies from fraud and attacks

A Study of Scams and Frauds using Social Engineering in “The Kathmandu Valley” of Nepal

Social Engineering scams are common in Nepal. Coupled with inability of government to enforce policies over technology giants and large swaths of population that are uneducated, social engineering scams and frauds are a real issue. The purpose of the thesis is to find out the extent and impact of social engineering attacks in “The Kathmandu valley” of Nepal. The Kathmandu valley consists of 3 cities including the capital city of Nepal. To conduct the research, the newspaper “The Kathmandu Post” from the year 2019 to 2022 was downloaded and searched for keywords “scam” and “fraud”. After which the results were manually examined to separate news reports of social engineering attacks in Nepal and other countries. Also, a survey was conducted by visiting parks in the Kathmandu valley. A total of 149 people were interviewed to collect data by asking 21 questions regarding social engineering attack faced by the interviewee. Further, literature review of the research papers published related to social engineering and phishing was conducted. The main finding of the thesis was that public awareness program are effective reducing the extent and impact of social engineering attacks in Nepal. The survey suggests large percentage of population have become victims of social engineering attack attempts. More than 70 percent have received messages on WhatsApp regarding fake lottery wins

Establishing Confidence Level Measurements for Remote User Authentication in Privacy-Critical Systems

User Authentication is the process of establishing confidence in the User identities presented to an information system. This thesis establishes a method of assigning a confidence level to the output of a user authentication process based on what attacks and threats it is vulnerable to. Additionally, this thesis describes the results of an analysis where the method was performed on several different authentication systems and the confidence level in the authentication process of these systems determined. Final conclusions found that most systems lack confidence in their ability to authenticate users as the systems were unable to operate in the face of compromised authenticating information. Final recommendations were to improve on this inadequacy, and thus improve the confidence in the output of the authentication process, through the verification of both static and dynamic attributes of authenticating information. A system that operates confidently in the face of compromised authenticating information that utilizes voice verification is described demonstrating the ability of an authentication system to have complete confidence in its ability to authenticate a user through submitted data

Toward a phishing attack ontology

Phishing attacks are the most common form of social engineering where attackers intend to deceive targeted people into revealing sensitive information or installing malware. To understand the dynamics of phishing attacks and design suitable countermeasures, particularly the promotion of phishing awareness, cybersecurity researchers have proposed several domain conceptual models and lightweight ontologies. Despite the growing literature in ontology engineering highlighting the advantages of employing upper and reference ontologies for domain modeling, current phishing attack models lack ontological foundations. As a result, they suffer from a number of shortcomings, such as false agreements, informality, and limited interoperability. To address this gap, we propose a Phishing Attack Ontology (PHATO) grounded in the Reference Ontology for Security Engineering (ROSE) and the Common Ontology of Value and Risk (COVER), which are both founded in the Unified Foundational Ontology (UFO). Our proposal is represented through the OntoUML ontology-driven conceptual modeling language, benefiting from its ecosystem of tools and domain ontologies. We also discuss some implications of PHATO for the design of anti-phishing countermeasures.</p

Cyber Security: Basics in Fighting Computer Attacks and Crimes

It is clear that computers and information systems are central in daily business operations in both public and private sectors. E-commerce and eGovernance have gained international attention as substitutes for the human riddled snail pace management systems. However, computers and ICTs do not only replace the human inefficiencies but also assume human attacks and sicknesses known as cyber attacks and computer crimes. They range from hacker’s activities to malwares. This paper explored the occurrences and efforts in mitigating them through thorough literature review and desk research. Keywords: Cyber Security, Computer Crimes, Data Breache

Artificial Intelligence\u27s Impact on Social Engineering Attacks

This research paper aims to explore the concept of social engineering attacks and the impact of artificial intelligence on them. Security threats posed by Social Engineering have escalated significantly in recent years. Despite the availability of advanced security software and hardware mechanisms, a vulnerability still exists in the organization\u27s or individual\u27s defense system. In this paper we look at types of social engineering attacks and the basic techniques used by attackers will be described. The primary areas of study are how AI impacts social engineering and is used to detect and prevent social engineering attacks. The application of automated systems is rapidly growing in every lifestyle we imagine – social media, merchandise apps, driverless cars, and cybersecurity companies. Even though AI has improved cybersecurity, it is giving cybercriminals a position to unleash advanced attacks. The employment of chatbots is rising. Chances are we have had an interaction with a Chatbot already, it may well be on Facebook Messenger. Unfortunately, many of us do not realize that we are talking to a bot. This paper also discusses the concepts of voice spoofing, deep fakes and automated social engineering