TY - CHAP
T1 - Detecting Unprotected SIP-Based Voice over IP Traffic
AU - Carvajal, Leonardo
AU - Chen, Lei
AU - Varol, Cihan
AU - Rawat, Danda
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/4/25
Y1 - 2016/4/25
N2 - The use of Voice over IP (VoIP) applications has dramatically increased in recent years. Large, medium, and small organizations, as well as individuals, are reducing the cost of their phone calls using their data infrastructure or a broadband Internet service to transmit phone calls over IP networks. Like data networks, VoIP networks are also vulnerable to security threats such as Denial-of-Service (DoS) attacks, interception of private communications, registration hijacking, spam, and message tampering. Security mechanisms, such as encryption and authentication, may be used to reduce the potential impact of some of these security threats. However, in reality, VoIP providers may not supply adequate security, or otherwise they are adopting and implementing these countermeasures at very slow rates without informing users whether their phone calls are protected. Given the fact that the interception of private communications is one of the most commonly seen attacks in VoIP, we present a solution to detect unprotected SIP-based VoIP packets. Upon positive detection, alerts may be sent to users Informing them about the unprotected VoIP calls, thus potentially preventing identity theft and improving security awareness. Our Testing results show that our solution provides accurate detection with zero false detection rate of unprotected SIP-based VoIP traffic.
AB - The use of Voice over IP (VoIP) applications has dramatically increased in recent years. Large, medium, and small organizations, as well as individuals, are reducing the cost of their phone calls using their data infrastructure or a broadband Internet service to transmit phone calls over IP networks. Like data networks, VoIP networks are also vulnerable to security threats such as Denial-of-Service (DoS) attacks, interception of private communications, registration hijacking, spam, and message tampering. Security mechanisms, such as encryption and authentication, may be used to reduce the potential impact of some of these security threats. However, in reality, VoIP providers may not supply adequate security, or otherwise they are adopting and implementing these countermeasures at very slow rates without informing users whether their phone calls are protected. Given the fact that the interception of private communications is one of the most commonly seen attacks in VoIP, we present a solution to detect unprotected SIP-based VoIP packets. Upon positive detection, alerts may be sent to users Informing them about the unprotected VoIP calls, thus potentially preventing identity theft and improving security awareness. Our Testing results show that our solution provides accurate detection with zero false detection rate of unprotected SIP-based VoIP traffic.
KW - Decision support systems
KW - Internet telephony
KW - Security
UR - https://digitalcommons.georgiasouthern.edu/information-tech-facpubs/68
UR - https://doi.org/10.1109/ISDFS.2016.7473515
U2 - 10.1109/ISDFS.2016.7473515
DO - 10.1109/ISDFS.2016.7473515
M3 - Chapter
BT - Proceedings of the International Symposium on Digital Forensics and Security
ER -