Voice-over-IP Security: Research and Practice

Angelos D. Keromytis

doi:10.1109/MSP.2010.87

Security&Privacy
2010
Issue No. 2 - March/April
Abstract - Voice-over-IP Security: Research and Practice

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Angelos D. Keromytis

Voice-over-IP Security: Research and Practice

March/April 2010 (vol. 8 no. 2)

pp. 76-78

	ASCII Text	x
	Angelos D. Keromytis, "Voice-over-IP Security: Research and Practice," IEEE Security & Privacy, vol. 8, no. 2, pp. 76-78, March/April, 2010.

	BibTex	x
	@article{ 10.1109/MSP.2010.87, author = {Angelos D. Keromytis}, title = {Voice-over-IP Security: Research and Practice}, journal ={IEEE Security & Privacy}, volume = {8}, number = {2}, issn = {1540-7993}, year = {2010}, pages = {76-78}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2010.87}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Voice-over-IP Security: Research and Practice IS - 2 SN - 1540-7993 SP76 EP78 EPD - 76-78 A1 - Angelos D. Keromytis, PY - 2010 KW - voice over IP KW - vulnerabilities KW - survey KW - security KW - SPIT KW - spam over Internet telephony KW - VoIP VL - 8 JA - IEEE Security & Privacy ER -

Angelos D. Keromytis, Columbia University

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.87

Voice over IP (VoIP) technologies are increasingly used for personal and enterprise communications, thanks to their flexibility and cost efficiencies relative to the traditional phone network. The author presents a survey of all related vulnerabilities found in the Common Vulnerabilities and Exploits (CVE) database. He juxtaposes it with a survey of a large number of research papers in the area of VoIP security. Key findings include that most disclosed vulnerabilities refer to denial of service attacks that are equally split between client and server devices; the majority of vulnerabilities are attributable to implementation faults; a large fraction of vulnerabilities derive from configuration problems; and research efforts are primarily focused on spam over Internet telephony (SPIT).

1. "VoIP Security and Privacy Threat Taxonomy," VoIP Security Alliance, Oct. 2005; www.voipsa.org/ActivitiesVOIPSA_Threat_Taxonomy_0.1.pdf .
2. A.D. Keromytis, "A Look at VoIP Vulnerabilities," login; The USENIX Magazine, vol. 35, no. 1, 2010; www.usenix.org/publications/login/2010-02/ pdfskeromytis.pdf.
3. A.D. Keromytis, "Voice over IP: Risks, Threats and Vulnerabilities," Proc. Cyber Infrastructure Protection (CIP) Conf., 2009; www.cs.columbia.edu/~angelos/Papers/2009 cip.pdf.
4. R. Sparks et al., Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies, IETF RFC 5393, Dec. 2008; www.rfc-editor.org/rfcrfc5393.txt.
5. R. State et al., "SIP Digest Authentication Relay Attack," IETF Internet draft, work in progress, Mar. 2009.
6. A.D. Keromytis, "A Comprehensive Survey of Voice over IP Security Research," Security in Computing and Networking Systems: The State-of-the-Art, W. McQuay, and W.W. Smari eds., to be published, Wiley & Sons, 2010.

Index Terms:

voice over IP, vulnerabilities, survey, security, SPIT, spam over Internet telephony, VoIP

Citation:

Angelos D. Keromytis, "Voice-over-IP Security: Research and Practice," IEEE Security & Privacy, vol. 8, no. 2, pp. 76-78, March-April 2010, doi:10.1109/MSP.2010.87

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.