Dynamic Exposure Control in P2PSIP Networks

Voice over IP services have undergone a large-scale deployment thanks to the development of high-speed broadband access and the standardization of dedicated signaling protocols. They offer new opportunities, in particular in the context of peer-to-peer networks. However they are exposed to multiple security attacks due to a lower confinement in comparison to traditional networks. Protection mechanisms are available, but may significantly impact the service performance. We propose in this paper a risk management strategy for dynamically adapting the exposure of P2PSIP networks. We describe the underlying mechanisms for mitigating risks based on a portfolio of countermeasures. We also detail the mathematical modeling which supports our solution based on the analysis of a case study. Finally we quantify the benefits and limits of this approach through an extensive set of experiments performed with the OMNET++ simulator

Managing Risks at Runtime in VoIP Networks and Services

International audienceIP telephony is less confined than traditional PSTN telephony. As a consequence, it is more exposed to security attacks. These attacks are specific to VoIP protocols such as SPIT, or are inherited from the IP layer such as ARP poisoning. Protection mechanisms are often available, but they may seriously impact on the quality of service of such critical environments. We propose to exploit and automate risk management methods and techniques for VoIP infrastructures. Our objective is to dynamically adapt the exposure of a VoIP network with regard to the attack potentiality while minimizing the impact for the service. This paper describes the challenges of risk management for VoIP, our runtime strategy for assessing and treating risks, preliminary results based on Monte-Carlo simulations and future work

A Trust-based Strategy for Addressing Residual Attacks in the RELOAD Architecture

Telephony over IP has undergone a large-scale deployment thanks to the development of high-speed broadband access and the standardization of signaling protocols. A particular attention is currently given to P2PSIP networks which are exposed to many security threats. The RELOAD protocol defines a peer-to-peer signaling overlay designed to support these networks. It introduces a security framework based on certification mechanisms, but P2PSIP networks are still exposed to residual attacks, such as refusals of service. We propose in this work to address these residual attacks by integrating into the RELOAD architecture a dedicated trust model coupled with prevention countermeasures. We mathematically defines this trust-based strategy, and describe the considered prevention mechanisms implemented by safeguards and watchmen. We quantify the benefits and limits of our solution through an extensive set of experiments

Econometric Feedback for Runtime Risk Management in VoIP Architectures

Part 1: Security ManagementInternational audienceVoIP infrastructures are exposed to a large variety of security attacks, but the deployment of security safeguards may deteriorate their performance. Risk management provides new perspectives for addressing this issue. Risk models permit to reduce these attacks while maintaining the quality of such a critical service. These models often suffer from their complexity due to the high number of parameters to be configured. We therefore propose in this paper a self-configuration strategy for support- ing runtime risk management in VoIP architectures. This strategy aims at automatically adapting these parameters based on an econometric feedback mechanism. We mathematically describe this self-configuration strategy, show how it can be integrated into our runtime risk model. We then evaluate its deployment based on a proof-of-concept prototype, and quantify its performance through an extensive set of simulation results

Automated Runtime Risk Management for Voice over IP Networks and Services

International audienceVoice over IP (VoIP) has become a major paradigm for providing telephony services at a lower cost and with a higher flexibility. VoIP infrastructures are however exposed to multiple security issues both inherited from the IP layer and specific to the application layer. In the meantime, protection mechanisms are available but may seriously impact on the continuity and quality of such critical services. We propose in this paper an automated risk management schema for continuously adapting VoIP equipment exposure by activating security safeguards in a dynamic and progressive manner. We describe the architecture supporting our solution, the considered risk model taking into account VoIP properties and the algorithms for restricting and relaxing the risk level of the VoIP service at runtime. The benefits and limits of our solution are evaluated through an implementation prototype and an extensive set of experimental results in the case scenario of SPIT attacks

Risk Management in VoIP Infrastructures using Support Vector Machines

International audienceTelephony over IP is exposed to multiple security threats. Conventional protection mechanisms do not fit into the highly dynamic, open and large-scale settings of VoIP infrastructures, and may significantly impact on the performance of such a critical service. We propose in this paper a runtime risk management strategy based on anomaly detection techniques for continuously adapting the VoIP service exposure. This solution relies on support vector machines (SVM) and exploits dynamic security safeguards to reduce risks in a progressive manner. We describe how SVM parameters can be integrated into a runtime risk model, and show how this framework can be deployed into an Asterisk VoIP server. We evaluate the benefits and limits of our solution through a prototype and an extensive set of experimental results

Risk management in VoIP infrastructures

La téléphonie sur IP est devenue un nouveau paradigme pour établir et transmettre les communications téléphoniques directement sur les réseaux IP de manière flexible et à faible coût. Toutefois, les services VoIP sont confrontés à plusieurs problèmes de sécurité qui sont soit hérités de la couche IP soit spécifiques au service lui-même. Une grande variété de mécanismes de protection est disponible pour y faire face. Cependant, ces services nécessitent des performances et une disponibilité du réseau élevé, et les mécanismes de protection peuvent nuire à ces performances. La gestion des risques offre de nouvelles perspectives à l'égard de cette problématique. Nos contributions portent sur l'application et l'automatisation de la gestion de risques dans les infrastructures VoIP selon trois axes. Le premier axe porte sur l'automatisation du processus de gestion des risques dans un réseau VoIP d'entreprise. Dans ce cadre, nous avons développé un modèle pour évaluer les risques, un ensemble de contremesures progressives et des algorithmes de mitigation. Nous l'avons couplé à un système de détection d'anomalies basé sur les SVM et un mécanisme d'auto-configuration qui peut fournir un retour d'expérience sur l'efficacité des contremesures. Le deuxième axe concerne l'extension de notre stratégie dans les réseaux P2PSIP. Nous avons mis en place une solution adaptée à la nature distribuée des environnements pair-à-pair. Nous nous sommes aussi intéressés à l'architecture RELOAD et avons étudié comment traiter les attaques résiduelles à travers des mécanismes de confiance. Nous avons enfin étudié les services VoIP dans le cloud où nous proposons plusieurs stratégies pour le déploiement et l'application des contremesuresIP telephony has become a new paradigm that permits to establish and transmit voice communications with IP networks. Its deployment has been accelerated by the standardization of dedicated signaling protocols. However, VoIP services are faced to several security issues which are inherited from the IP layer or specific to the service. A large variety of protection mechanisms are available to deal with them. However, IP telephony is a real-time service which requires high network performance. The application of countermeasures may significantly affect such a critical service. Risk management provides new perspectives for this issue. This thesis deals with the application of risk management in VoIP infrastructures. The first axis consists in the automation of the risk management process in VoIP enterprise network. In this context, we have developed a mathematical model for assessing risk, a set of progressive countermeasures to counter attackers and mitigation algorithms that evaluate the risk level and takes the decision to activate a subset of countermeasures. To improve our strategy, we have coupled it with an anomaly detection system based on SVM and a self-configuration mechanism which provides feedback about countermeasure efficiency. The second axis deals with the extension of our adaptive risk strategy to P2PSIP infrastructures. We have implemented a specific risk model and a dedicated set of countermeasures with respect to its peer-to-peer nature. For that, we have identified attack sources and established different threat scenarios. We have analyzed the RELOAD framework and proposed trust mechanisms to address its residual attacks. Finally, the third axis focuses on VoIP services in the cloud where we have proposed a risk strategy and several strategies to deploy and apply countermeasure

Intégration d'un modèle de risques à un outil de gestion automatique

Rapport de Projet de Fin d'EtudesLa téléphonie sur IP est soumise à des attaques multiples incluant celles héritées de la couche IP. De nouvelles approches de gestion de risque sont requises pour permettre de prévenir ces attaques tout en garantissant la continuité opérationnelle et la qualité de services voix sur IP. Ce rapport porte plus spécifiquement sur l'intégration d'un modèle de risque à un outil de configuration automatique. En particulier, l'auteur s'intéresse au cadre de la lutte contre les attaques SPIT, et décrit les bénéfices et limites que peuvent apporter un modèle de risques par rapport aux mécanismes de prévention habituels. La solution est prototypée et évaluée à travers un ensemble d'expérimentations

Gestion des Risques dans les Infrastructures VoIP

IP telephony has become a new paradigm that permits to establish and transmit voice communications with IP networks. Its deployment has been accelerated by the standardization of dedicated signaling protocols. However, VoIP services are faced to several security issues which are inherited from the IP layer or specific to the service. A large variety of protection mechanisms are available to deal with them. However, IP telephony is a real-time service which requires high network performance. The application of countermeasures may significantly affect such a critical service. Risk management provides new perspectives for this issue. This thesis deals with the application of risk management in VoIP infrastructures. The first axis consists in the automation of the risk management process in VoIP enterprise network. In this context, we have developed a mathematical model for assessing risk, a set of progressive countermeasures to counter attack- ers and mitigation algorithms that evaluate the risk level and takes the decision to activate a subset of countermeasures. To improve our strategy, we have coupled it with an anomaly detection system based on SVM and a self-configuration mechanism which provides feedback about countermeasure efficiency. The second axis deals with the extension of our adaptive risk strat- egy to P2PSIP infrastructures. We have implemented a specific risk model and a dedicated set of countermeasures with respect to its peer-to-peer nature. For that, we have identified attack sources and established different threat scenarios. We have analysed the RELOAD framework and proposed trust mechanisms to address its residual attacks. Finally, the third axis focuses on VoIP services in the cloud where we have proposed a risk strategy and several strategies to deploy and apply countermeasures.La téléphonie sur IP est devenue un nouveau paradigme pour établir et transmettre les com- munications téléphoniques directement sur les réseaux IP de manière flexible et à faible coût. Toutefois, les services VoIP sont confrontés à plusieurs problèmes de sécurité qui sont soit hérités de la couche IP soit spécifiques au service lui-même. Une grande variété de mécanismes de protection sont disponibles pour y faire face. Cependant, ces services nécessitent des performances et une disponibilité du réseau élevées, et les mécanismes de protection peuvent nuire à ces perfor- mances. La gestion des risques offre de nouvelles perspectives à l'égard de cette problématique. Nos contributions portent sur l'application et l'automatisation de la gestion de risques dans les infrastructures VoIP selon trois axes. Le première axe porte sur l'automatisation du processus de gestion des risques dans un réseau VoIP d'entreprise. Dans ce cadre, nous avons développé un modèle pour évaluer les risques, un ensemble de contremesures progressives et des algorithmes de mitigation. Nous l'avons couplé à un système de détection d'anomalies basé sur les SVM et un mécanisme d'auto-configuration qui peut fournir un retour d'expérience sur l'efficacité des contremesures. Le deuxième axe concerne l'extension de notre stratégie dans les réseaux P2PSIP. Nous avons mis en place une solution adaptée à la nature distribuée des environnements pair- à-pair. Nous nous sommes aussi intéressés à l'architecture RELOAD et avons étudié comment traiter les attaques résiduelles à travers des mécanismes de confiance. Nous avons enfin étudié les services VoIP dans le cloud où nous proposons plusieurs stratégies pour le déploiement et l'application des contremesures

Gestion des risques dans les infrastructures VoIP

La téléphonie sur IP est devenue un nouveau paradigme pour établir et transmettre les communications téléphoniques directement sur les réseaux IP de manière flexible et à faible coût. Toutefois, les services VoIP sont confrontés à plusieurs problèmes de sécurité qui sont soit hérités de la couche IP soit spécifiques au service lui-même. Une grande variété de mécanismes de protection est disponible pour y faire face. Cependant, ces services nécessitent des performances et une disponibilité du réseau élevé, et les mécanismes de protection peuvent nuire à ces performances. La gestion des risques offre de nouvelles perspectives à l'égard de cette problématique. Nos contributions portent sur l'application et l'automatisation de la gestion de risques dans les infrastructures VoIP selon trois axes. Le premier axe porte sur l'automatisation du processus de gestion des risques dans un réseau VoIP d'entreprise. Dans ce cadre, nous avons développé un modèle pour évaluer les risques, un ensemble de contremesures progressives et des algorithmes de mitigation. Nous l'avons couplé à un système de détection d'anomalies basé sur les SVM et un mécanisme d'auto-configuration qui peut fournir un retour d'expérience sur l'efficacité des contremesures. Le deuxième axe concerne l'extension de notre stratégie dans les réseaux P2PSIP. Nous avons mis en place une solution adaptée à la nature distribuée des environnements pair-à-pair. Nous nous sommes aussi intéressés à l'architecture RELOAD et avons étudié comment traiter les attaques résiduelles à travers des mécanismes de confiance. Nous avons enfin étudié les services VoIP dans le cloud où nous proposons plusieurs stratégies pour le déploiement et l'application des contremesuresIP telephony has become a new paradigm that permits to establish and transmit voice communications with IP networks. Its deployment has been accelerated by the standardization of dedicated signaling protocols. However, VoIP services are faced to several security issues which are inherited from the IP layer or specific to the service. A large variety of protection mechanisms are available to deal with them. However, IP telephony is a real-time service which requires high network performance. The application of countermeasures may significantly affect such a critical service. Risk management provides new perspectives for this issue. This thesis deals with the application of risk management in VoIP infrastructures. The first axis consists in the automation of the risk management process in VoIP enterprise network. In this context, we have developed a mathematical model for assessing risk, a set of progressive countermeasures to counter attackers and mitigation algorithms that evaluate the risk level and takes the decision to activate a subset of countermeasures. To improve our strategy, we have coupled it with an anomaly detection system based on SVM and a self-configuration mechanism which provides feedback about countermeasure efficiency. The second axis deals with the extension of our adaptive risk strategy to P2PSIP infrastructures. We have implemented a specific risk model and a dedicated set of countermeasures with respect to its peer-to-peer nature. For that, we have identified attack sources and established different threat scenarios. We have analyzed the RELOAD framework and proposed trust mechanisms to address its residual attacks. Finally, the third axis focuses on VoIP services in the cloud where we have proposed a risk strategy and several strategies to deploy and apply countermeasuresMETZ-SCD (574632105) / SudocNANCY1-Bib. numérique (543959902) / SudocNANCY2-Bibliotheque electronique (543959901) / SudocNANCY-INPL-Bib. électronique (545479901) / SudocSudocFranceF