This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Voice-over-IP Security: Research and Practice
March/April 2010 (vol. 8 no. 2)
pp. 76-78
Angelos D. Keromytis, Columbia University
Voice over IP (VoIP) technologies are increasingly used for personal and enterprise communications, thanks to their flexibility and cost efficiencies relative to the traditional phone network. The author presents a survey of all related vulnerabilities found in the Common Vulnerabilities and Exploits (CVE) database. He juxtaposes it with a survey of a large number of research papers in the area of VoIP security. Key findings include that most disclosed vulnerabilities refer to denial of service attacks that are equally split between client and server devices; the majority of vulnerabilities are attributable to implementation faults; a large fraction of vulnerabilities derive from configuration problems; and research efforts are primarily focused on spam over Internet telephony (SPIT).

1. "VoIP Security and Privacy Threat Taxonomy," VoIP Security Alliance, Oct. 2005; www.voipsa.org/ActivitiesVOIPSA_Threat_Taxonomy_0.1.pdf .
2. A.D. Keromytis, "A Look at VoIP Vulnerabilities," login; The USENIX Magazine, vol. 35, no. 1, 2010; www.usenix.org/publications/login/2010-02/ pdfskeromytis.pdf.
3. A.D. Keromytis, "Voice over IP: Risks, Threats and Vulnerabilities," Proc. Cyber Infrastructure Protection (CIP) Conf., 2009; www.cs.columbia.edu/~angelos/Papers/2009 cip.pdf.
4. R. Sparks et al., Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies, IETF RFC 5393, Dec. 2008; www.rfc-editor.org/rfcrfc5393.txt.
5. R. State et al., "SIP Digest Authentication Relay Attack," IETF Internet draft, work in progress, Mar. 2009.
6. A.D. Keromytis, "A Comprehensive Survey of Voice over IP Security Research," Security in Computing and Networking Systems: The State-of-the-Art, W. McQuay, and W.W. Smari eds., to be published, Wiley & Sons, 2010.

Index Terms:
voice over IP, vulnerabilities, survey, security, SPIT, spam over Internet telephony, VoIP
Citation:
Angelos D. Keromytis, "Voice-over-IP Security: Research and Practice," IEEE Security & Privacy, vol. 8, no. 2, pp. 76-78, March-April 2010, doi:10.1109/MSP.2010.87
Usage of this product signifies your acceptance of the Terms of Use.