A Trust-based Strategy for Addressing Residual Attacks in the RELOAD Architecture

Abstract—Telephony over IP has undergone a large-scale deployment thanks to the development of high-speed broadband access and the standardization of signalling protocols. A particular attention is currently given to P2PSIP networks which are exposed to many security threats. The RELOAD protocol defines a peer-to-peer signalling overlay designed to support these networks. It introduces a security framework based on certification mechanisms, but P2PSIP networks are still exposed to residual attacks, such as refusals of service. We propose in this work to address these residual attacks by integrating into the RELOAD architecture a dedicated trust model coupled with prevention countermeasures. We mathematically defines this trust-based strategy, and describe the considered prevention mechanisms implemented by safeguards and watchmen. We quantify the benefits and limits of our solution through an extensive set of experiments. I

Monitoring and Security for the Internet of Things

Abstract. The concept of Internet of Things involves the deployment of Low power and Lossy Networks (LLN) allowing communications amongst pervasive devices such as embedded sensors. A dedicated routing protocol called RPL has been designed to consider the constraints of these LLN networks. However, the RPL protocol remains exposed to many security attacks that can be very costly in time and energy. In this paper, we propose to exploit risk management methods and techniques to evaluate the potentiality of attacks and to dynamically reduce the exposure of the RPL protocol while minimizing resources consumption.

Risk Management in VoIP Infrastructures using Support Vector Machines

Telephony over IP is exposed to multiple security threats. Conventional protection mechanisms do not fit into the highly dynamic, open and large-scale settings of VoIP infrastructures, and may significantly impact on the performance of such a critical service. We propose in this paper a runtime risk management strategy based on anomaly detection techniques for continuously adapting the VoIP service exposure. This solution relies on support vector machines (SVM) and exploits dynamic security safeguards to reduce risks in a progressive manner. We describe how SVM parameters can be integrated into a runtime risk model, and show how this framework can be deployed into an Asterisk VoIP server. We evaluate the benefits and limits of our solution through a prototype and an extensive set of experimental results