The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - March/April (2010 vol.8)
pp: 76-78
Angelos D. Keromytis , Columbia University
ABSTRACT
Voice over IP (VoIP) technologies are increasingly used for personal and enterprise communications, thanks to their flexibility and cost efficiencies relative to the traditional phone network. The author presents a survey of all related vulnerabilities found in the Common Vulnerabilities and Exploits (CVE) database. He juxtaposes it with a survey of a large number of research papers in the area of VoIP security. Key findings include that most disclosed vulnerabilities refer to denial of service attacks that are equally split between client and server devices; the majority of vulnerabilities are attributable to implementation faults; a large fraction of vulnerabilities derive from configuration problems; and research efforts are primarily focused on spam over Internet telephony (SPIT).
INDEX TERMS
voice over IP, vulnerabilities, survey, security, SPIT, spam over Internet telephony, VoIP
CITATION
Angelos D. Keromytis, "Voice-over-IP Security: Research and Practice", IEEE Security & Privacy, vol.8, no. 2, pp. 76-78, March/April 2010, doi:10.1109/MSP.2010.87
REFERENCES
1. "VoIP Security and Privacy Threat Taxonomy," VoIP Security Alliance, Oct. 2005; www.voipsa.org/ActivitiesVOIPSA_Threat_Taxonomy_0.1.pdf .
2. A.D. Keromytis, "A Look at VoIP Vulnerabilities," login; The USENIX Magazine, vol. 35, no. 1, 2010; www.usenix.org/publications/login/2010-02/ pdfskeromytis.pdf.
3. A.D. Keromytis, "Voice over IP: Risks, Threats and Vulnerabilities," Proc. Cyber Infrastructure Protection (CIP) Conf., 2009; www.cs.columbia.edu/~angelos/Papers/2009 cip.pdf.
4. R. Sparks et al., Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies, IETF RFC 5393, Dec. 2008; www.rfc-editor.org/rfcrfc5393.txt.
5. R. State et al., "SIP Digest Authentication Relay Attack," IETF Internet draft, work in progress, Mar. 2009.
6. A.D. Keromytis, "A Comprehensive Survey of Voice over IP Security Research," Security in Computing and Networking Systems: The State-of-the-Art, W. McQuay, and W.W. Smari eds., to be published, Wiley & Sons, 2010.
19 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool