% This file was created with JabRef 2.10b2. % Encoding: UTF8 @InProceedings{gruber:2011:trapping-and-analyzing-malicious-voip-traffic-using-a-honeynet-approach, Title = {Trapping and Analyzing Malicious VoIP Traffic Using a Honeynet Approach}, Author = {Gruber, Markus and Fankhauser, Florian and Taber, Stefan and Schanes, Christian and Grechenig, Thomas}, Booktitle = {The 6th International Conference on Internet Technology and Secured Transactions (ICITST)}, Year = {2011}, Month = dec, Abstract = {Since several years the number of VoIP (Voice over IP) infrastructures increases and, consequently, the number of VoIP users increases too. Under these circumstances VoIP systems get more and more attractive for attackers, since the probability of successful attacks increases and attackers gain benefits, e.g., money with fee-based telephone numbers. Therefore, this paper describes a solution to capture, monitor and report VoIP attacks to gain more knowledge on current and new VoIP attacks.}, Bibsource = {esse}, Keywords = {Security, Internet telephony, Intrusion detection, Communication system security} } @InProceedings{gruber:2011:voip-honeynet-status, Title = {Security Status of VoIP Based on the Observation of Real-World Attacks on a Honeynet}, Author = {Gruber, Markus and Fankhauser, Florian and Taber, Stefan and Schanes, Christian and Grechenig, Thomas}, Booktitle = {The Third IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT)}, Year = {2011}, Month = oct, Abstract = {VoIP (Voice over IP) systems more and more replacing PSTN (Public Switched Telephone Network) infrastructures what increases dependency of available and secure VoIP systems for successful business. Attacks against VoIP systems are becoming more imaginative and many attacks can cause damage, e.g., gain money for attackers or create costs for the victim. Therefore, in this paper the current security status of VoIP systems are described with observations of VoIP attacks in a honeynet. The achieved results can help to adapt existing prevention system to avoid the recognized and analyzed attacks in a productive environment.}, Keywords = {Security, Internet telephony, Intrusion detection, Communication system security} } @InProceedings{gruber:2013:architecture-for-trapping-toll-fraud-attacks-using-a-voip-honeynet-approach, Title = {Architecture for Trapping Toll Fraud Attacks Using a VoIP Honeynet Approach}, Author = {Gruber, Markus and Schanes, Christian and Fankhauser, Florian and Moutran, Martin and Grechenig, Thomas}, Booktitle = {Proceedings of the 7th International Conference on Network and System Security (NSS)}, Year = {2013}, Month = jun, Abstract = {Voice over IP systems are more and more replacing Public Switched Telephone Network infrastructures. The number of voice telephony installations and the number of Session Initiation Protocol users is constantly increasing. Attacks against Voice over IP systems are becoming more imaginative and many attacks can cause financial damage, e.g., attackers gain money or create costs for the victim. Therefore, the dependency on available and secure Voice over IP systems to conduct secure business is given. We provide an environment to uncover real-world toll fraud attacks by collecting data using a Voice over IP honeynet solution.}, Bibsource = {esse}, Keywords = {Communication System Security, Honeynet, Fraud} } @InProceedings{gruber:2013:extraction-of-abnf-rules-from-rfcs-to-enable-automated-test-data-generation, Title = {Extraction of ABNF Rules from RFCs to Enable Automated Test Data Generation}, Author = {Gruber, Markus and Wieser, Phillip and Nachtnebel, Stefan and Schanes, Christian and Grechenig, Thomas}, Booktitle = {Proceedings of the 28th IFIP TC-11 SEC 2013 International Information Security and Privacy Conference (SEC)}, Year = {2013}, Month = Jul, Abstract = {The complexity of IT systems and the criticality of robust IT systems is constantly increasing. Testing a system requires consideration of different protocols and interfaces, which makes testing hard and expensive. Test automation is required to improve the quality of systems without cost explosion. Many standards like HTML and FTP are semiformally defined in RFCs, which makes a generic algorithm for test data generation based on RFC relevant. The proposed approach makes it possible to automatically generate test data for protocols defined as ABNF in RFCs for robustness tests. The introduced approach was shown in practice by generating SIP messages based on the RFC specification of SIP. This approach shows the possibility to generate data for any RFC that uses ABNF, and provides a solid foundation for further empirical evaluation and extension for software testing purposes.}, Bibsource = {esse}, Keywords = {Security, Test Data Generation, Software Testing} } @InProceedings{gruber:2013:voice-call-for-free, Title = {Voice Calls for Free: How the Black Market Establishes Free Phone Calls -- Trapped and Uncovered by a VoIP Honeynet}, Author = {Gruber, Markus and Schanes, Christian and Fankhauser, Florian and Grechenig, Thomas}, Booktitle = {Proceedings of the International Conference on Privacy, Security and Trust (PST)}, Year = {2013}, Month = Jul, Abstract = {The complexity of IT systems and the criticality of robust IT systems is constantly increasing. Testing a system requires consideration of different protocols and interfaces, which makes testing hard and expensive. Test automation is required to improve the quality of systems without cost explosion. Many standards like HTML and FTP are semiformally defined in RFCs, which makes a generic algorithm for test data generation based on RFC relevant. The proposed approach makes it possible to automatically generate test data for protocols defined as ABNF in RFCs for robustness tests. The introduced approach was shown in practice by generating SIP messages based on the RFC specification of SIP. This approach shows the possibility to generate data for any RFC that uses ABNF, and provides a solid foundation for further empirical evaluation and extension for software testing purposes.}, Bibsource = {esse}, Keywords = {Security, Internet telephony, Intrusion detection, Communication system security } } @InProceedings{gruber:2014:get-back-the-ownership-of-your-calls, Title = {{Concept and Design of a Transparent Security Layer to Enable Anonymous VoIP Calls}}, Author = {Gruber, Markus and Maier, Martin and Schafferer, Michael and Schanes, Christian and Grechenig, Thomas}, Booktitle = {Proceedings of the International Conference on Advanced Networking, Distributed Systems and Applications (INDS)}, Year = {2014}, Month = Jun, Abstract = {Voice over IP (VoIP) has gained widespread acceptance and is used for many business communications already. However, voice calls in traditional phone services, as well as in VoIP systems, have some security flaws and therefore can be easily intercepted, which can cause high damage by, e.g., industrial espionage. To establish secure and private phone calls, additional non-invasive measures are required to protect the signaling and voice channel between the parties for existing and well known VoIP applications. We propose an approach for secure and privacy sensitive VoIP communication by introducing an additional security layer. The introduced security layer can be applied to known VoIP solutions on different channels (e.g., soft phones or mobile phones) and is independent from the deployed VoIP implementation in order to improve security and privacy of VoIP calls for company systems.}, Keywords = {Security, Internet telephony, Communication system security} } @InProceedings{gruber:2015:global-voip-security-threats--large-scale-validation-based-on-independent-honeynets, Title = {Global VoIP Security Threats -- Large Scale Validation Based on Independent Honeynets}, Author = {Gruber, Markus and Hoffstadt, Dirk and Aziz, Adnan and Fankhauser, Florian and Schanes, Christian and Rathgeb, Erwin and Grechenig, Thomas}, Booktitle = {IFIP Networking Conference (IFIP Networking), 2015}, Year = {2015}, Month = {May}, Pages = {1-9}, Abstract = {Voice over IP (VoIP) gains more and more attractiveness by large companies as well as private users. Therefore, the risk increases that VoIP systems get attacked by hackers. In order to effectively protect VoIP users from misuse, researchers use, e.g., honeynets to capture and analyze VoIP attacks occurring in the Internet. Global VoIP security threats are analyzed by studying several millions of real-world attacks collected in independent VoIP honeynet solutions with different capture mechanisms over a long period of time. Due to the validation of results from several honeynet designs we have achieved a unique, much broader view on large scale attacks. The results show similar attacker behavior, confirm previous assumptions about attacks and present new insights in large scale VoIP attacks, e.g., for toll fraud.}, Doi = {10.1109/IFIPNetworking.2015.7145329}, Keywords = {Engines;IP networks;Internet;Monitoring;Protocols;Security;Servers;Communication system security;Internet telephony;Intrusion detection;Security} } @Article{schanes:2011:voip-fuzzer, Title = {Security Test Approach for Automated Detection of Vulnerabilities of SIP-based VoIP Softphones}, Author = {Schanes, Christian and Taber, Stefan and Popp, Karin and Fankhauser, Florian and Grechenig, Thomas}, Journal = {International Journal On Advances in Security}, Year = {2011}, Month = sep, Number = {1 and 2}, Pages = {95--105}, Volume = {4}, Abstract = {Voice over Internet Protocol based systems replace phone lines in many scenarios and are in wide use today. Automated security tests of such systems are required to detect implementation and configuration mistakes early and in an efficient way. In this paper we present a plugin for our fuzzer framework fuzzolution to automatically detect security vulnerabilities in Session Initiation Protocol based Voice over Internet Protocol softphones, which are examples for endpoints in such telephone systems. The presented approach automates the interaction with the Graphical User Interface of the softphones during test execution and also observes the behavior of the softphones using multiple metrics. Results of testing two open source softphones by using our fuzzer showed that various unknown vulnerabilities could be identified with the implemented plugin for our fuzzing framework.}, Booktitle = {International Journal On Advances in Security, volume 4, numbers 1 and 2, 2011}, Keywords = {Software testing; Computer network security; Graphical user interfaces; Internet telephony; Fuzzing}, Publisher = {IEEE Computer Society Press} } @Article{fankhauser:2011:voip-lab, Title = {Security Test Environment for VoIP Research}, Author = {Fankhauser, Florian and Ronniger, Maximilian and Schanes, Christian and Grechenig, Thomas}, Journal = {International Journal for Information Security Research}, Year = {2011}, Month = {March}, Number = {1}, Pages = {53--60}, Volume = {1}, Abstract = {Voice over IP (VoIP) is in wide use today, replacing phone lines in many scenarios. However, often, security isn’t considered well enough, even though many security attacks are already known. More research on VoIP security is needed to enhance the level of security of VoIP systems and to show the implications of failing to take appropriate security measures. This paper presents a short introduc- tion in testing VoIP components, proposes an architecture and implementation of a robust, flexible and efficient VoIP test environment for security related tests. Experiences us- ing the implemented environment for different VoIP security tests are shown to demonstrate the suitability of the pro- posed test environment for research and teaching purposes. }, Publisher = {Infonomics Society} } @InProceedings{ronniger:2010:voip-lab, Title = {A Robust and Flexible Test Environment for VoIP Security Tests}, Author = {Ronniger, Maximilian and Fankhauser, Florian and Schanes, Christian and Grechenig, Thomas}, Booktitle = {Internet Technology and Secured Transactions (ICITST), 2010 International Conference for}, Year = {2010}, Month = nov, Pages = {1-6}, Abstract = {Voice over IP (VoIP) is in wide use today, replacing phone lines in many scenarios. However, often, security isn't considered well enough, even though many security attacks are already known. More research on VoIP security is needed to enhance the level of security of VoIP systems and to show the implications of failing to take appropriate security measures. This paper presents an architecture and implementation of a robust and flexible VoIP test environment for security related tests. Experiences using the implemented environment for different VoIP security tests are shown to demonstrate the suitability of the proposed test environment for research purposes.} } @InProceedings{taber:2010:voip-fuzzer, Title = {Automated Security Test Approach for SIP-based VoIP Softphones}, Author = {Taber, Stefan and Schanes, Christian and Hlauschek, Clemens and Fankhauser, Florian and Grechenig, Thomas}, Booktitle = {The Second International Conference on Advances in System Testing and Validation Lifecycle, August 2010, Nice, France}, Year = {2010}, Month = aug, Publisher = {IEEE Computer Society Press}, Keywords = {ESSE, Software testing; Computer network security; Graphical user interfaces; Internet telephony; Fuzzing} } @InProceedings{hoffstadt:2012:analysis-of-sip-threats, Title = {Analysis of SIP-Based Threats Using a VoIP Honeynet System}, Author = {Hoffstadt, D. and Marold, A. and Rathgeb, E.P.}, Booktitle = {Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on}, Year = {2012}, Month = {June}, Pages = {541-548}, Doi = {10.1109/TrustCom.2012.90}, Keywords = {Internet telephony;computer crime;computer network security;data analysis;message passing;pattern clustering;signalling protocols;statistical analysis;SIP honeynet system;SIP-based networks;SIP-based threats;VoIP honeynet system;bidirectional SIP message correlation;current security issues;data gathering;full attack sequence;hijacked SIP account;multistage attacks;statistical packet analysis;toll fraud calls;Correlation;IP networks;Monitoring;Registers;Security;Servers;Standards;SIP;VoIP;attacks;field test;fraud;honeynet;misuse;security;toll fraud} } @InProceedings{hoffstadt:2012:sip-trace-recorder, Title = {SIP Trace Recorder: Monitor and analysis tool for threats in SIP-based networks}, Author = {Hoffstadt, D. and Monhof, S. and Rathgeb, E.}, Booktitle = {Wireless Communications and Mobile Computing Conference (IWCMC), 2012 8th International}, Year = {2012}, Month = {Aug}, Pages = {631-635}, Doi = {10.1109/IWCMC.2012.6314277}, Keywords = {Internet telephony;computer network security;data privacy;protocols;SIP data;SIP information;SIP trace recorder;SIP-based networks;STR analysis plug-ins;analysis functions;analysis tool;automatic threat analysis capabilities;data privacy protection;fraud;monitoring tool;privacy option;security issues;sensitive environments;service misuse;Data privacy;Databases;IP networks;Monitoring;Privacy;Registers;Servers;SIP;STR;VoIP;analysis;attacks;fraud;misuse;monitoring;security} } @InProceedings{hoffstadt:2013:multi-stage-voip-attack, Title = {Improved detection and correlation of multi-stage VoIP attack patterns by using a Dynamic Honeynet System}, Author = {Hoffstadt, D. and Wolff, N. and Monhof, S. and Rathgeb, E.}, Booktitle = {Communications (ICC), 2013 IEEE International Conference on}, Year = {2013}, Month = {June}, Pages = {1968-1973}, Doi = {10.1109/ICC.2013.6654812}, ISSN = {1550-3607}, Keywords = {Internet telephony;computer network security;fraud;signalling protocols;DHS;IP address;SIP honeynet system;SIP messages;SIP-based misuse;SIP-based networks;active monitoring;attack correlation;attackers behaviour;dynamic honeynet system;dynamic honeypot configuration;dynamic reconfiguration;multistage VoIP attack patterns;sensor component;session initiation protocol;toll fraud calls;Authentication;Correlation;IP networks;Monitoring;Real-time systems;Registers;Servers;SIP;VoIP;attacks;fraud;honeynet;misuse;security} } @InProceedings{aziz:2013:generic-voip-attack-sequences, Title = {Development and Analysis of Generic VoIP Attack Sequences Based on Analysis of Real Attack Traffic}, Author = {Aziz, A. and Hoffstadt, D. and Ganz, S. and Rathgeb, E.}, Booktitle = {Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on}, Year = {2013}, Month = {July}, Pages = {675-682}, Doi = {10.1109/TrustCom.2013.82}, Keywords = {Internet telephony;computer network security;signalling protocols;telecommunication traffic;GART;SIP Honeynet;SIP attack traffic;SIP-based networks;arbitrary network setups;fraud;generic VoIP attack sequences;generic attack replay tool;multistage attacks;real attack traffic analysis;reproducible attack traffic;security issues;service misuse;toll fraud;voice-over-IP communication;Databases;IP networks;Monitoring;Registers;Security;Servers;Standards;Honeynet;SIP;STR;VoIP;analyze;attack patterns;evaluation;fraud;misuse;security} } @InProceedings{hoffstadt:2014:framework-for-detecting-voip-fraud, Title = {A comprehensive framework for detecting and preventing VoIP fraud and misuse}, Author = {Hoffstadt, D. and Rathgeb, E. and Liebig, M. and Meister, R. and Rebahi, Y. and Thanh, T.Q.}, Booktitle = {Computing, Networking and Communications (ICNC), 2014 International Conference on}, Year = {2014}, Month = {Feb}, Pages = {807-813}, Doi = {10.1109/ICCNC.2014.6785441}, Keywords = {Internet telephony;artificial intelligence;firewalls;security of data;statistical analysis;CDR analysis;DNS-based real time blacklist;SUNSHINE framework;VoIP fraud detection;VoIP fraud prevention;artificial intelligence;distributed sensing system;firewalls;intrusion detection;statistical analysis;Geology;IP networks;Monitoring;Protocols;Real-time systems;Security;Servers;CDR;NN-SOM;SIP;SUNSHINE;VoIP;eRBL;firewall;fraud;misuse;profiling;sensor} } @InProceedings{aziz:2014:distributed-analyse-sip-attacks, Title = {A distributed infrastructure to analyse SIP attacks in the Internet}, Author = {Aziz, A. and Hoffstadt, D. and Rathgeb, E. and Dreibholz, T.}, Booktitle = {Networking Conference, 2014 IFIP}, Year = {2014}, Month = {June}, Pages = {1-9}, Doi = {10.1109/IFIPNetworking.2014.6857088}, Keywords = {Internet telephony;security of data;signalling protocols;China;Germany;Internet;Norway;SIP-based attacks;Session Initiation Protocol;VoIP system;distributed infrastructure;distributed monitoring system;sensor nodes;Internet;Monitoring;Registers;Security;Servers;Software;Standards;Honeynet;Honeypot;Nornet;SIP;STR;Sensor;Toll Fraud;VoIP;fraud;misuse;misuse detection;security} }