Issue No. 02 - March/April (2010 vol. 8)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.87
Angelos D. Keromytis , Columbia University
Voice over IP (VoIP) technologies are increasingly used for personal and enterprise communications, thanks to their flexibility and cost efficiencies relative to the traditional phone network. The author presents a survey of all related vulnerabilities found in the Common Vulnerabilities and Exploits (CVE) database. He juxtaposes it with a survey of a large number of research papers in the area of VoIP security. Key findings include that most disclosed vulnerabilities refer to denial of service attacks that are equally split between client and server devices; the majority of vulnerabilities are attributable to implementation faults; a large fraction of vulnerabilities derive from configuration problems; and research efforts are primarily focused on spam over Internet telephony (SPIT).
voice over IP, vulnerabilities, survey, security, SPIT, spam over Internet telephony, VoIP
A. D. Keromytis, "Voice-over-IP Security: Research and Practice," in IEEE Security & Privacy, vol. 8, no. , pp. 76-78, 2010.