Next Level VoIP Security Research

Start

Voice over IP (VoIP) is gaining more and more prevalence in today's networked world for companies as well as individuals. Therefore, security is an important issue in industry as well as for academic research. TU Wien and University of Duisburg-Essen joined forces to be a leader in VoIP security research. We are working intensively on VoIP security in all areas and sharing the results with the community via international research papers. Together with our partners from the industry, we use the academic knowledge to bring VoIP Security to a next level.

VoIP Systems and Security Problems

VoIP systems enable advanced communication (such as voice or video) over the Internet or other data networks and are replacing more and more traditional phone infrastructures. Nowadays, VoIP is widely used in organizations, companies and private environments, as it has the advantage of flexibility and low costs. Many existing devices and applications use standardized VoIP protocols (e.g., Session Initiation Protocol (SIP) or Real-Time Transport Protocol (RTP)).

VoIP makes it possible to communicate via IP based networks, instead of using the traditional Public Switched Telephone Network (PSTN) infrastructure. PSTN is an interconnected circuit-switched network that is built, owned and operated by private or government organizations. To connect a conventional phone service to a VoIP service a special PSTN gateway is necessary.

Today, VoIP systems are more and more replacing PSTN infrastructures due to cost factors as well as new functionality enabled by VoIP systems. This increases the dependency on available and secure VoIP systems for successful business. Attacks against VoIP systems are becoming more imaginative and many attacks can cause damage, e.g., gain money for attackers or create costs for the victim. Therefore, the risk increases that VoIP systems get attacked by hackers.

The wide use of VoIP systems in highly diverse environments represent a fruitful target for attackers. Although many attacks on VoIP systems currently executed are already known to researchers, there is, on the one hand, not enough reliable information on the probability and nature of these attacks on VoIP systems in real-world applications, and, on the other hand, we also observe new attacks again and again.

In current production VoIP systems, IT security aspects are often neglected. Therefore, to gain more knowledge on security attacks on VoIP systems, analyses and evaluations of real-world attacks are needed.

Examples for some critical VoIP attacks are:

Identity Theft: Attackers try to get a valid identity from another user of the VoIP system. One method for identity theft are dictionary and brute force attacks. The attackers try to identify an username and/or a password of an valid SIP account.
Fraudulent Calls: Attackers call a victim with fraudulent intention. For example, in some cases attackers try to create costs for the potential victim.
SPIT (SPAM over Internet Telephony): Users of VoIP may get unsolicited calls, e.g., unwanted advertisement calls, due to the low cost of VoIP calls.
DoS (Denial of Service): Attackers use DoS attacks on VoIP servers to restrict the availability of the systems, e.g., attackers want to blackmail VoIP service providers.

VoIP Security Solutions

Due to the benefit of being able to research, implement and test real-world VoIP solutions in large VoIP infrastructures, we know the security problems occuring today and know how to solve them.

We have designed different security architectures for VoIP systems, implemented various security mechanisms to enhance the security of VoIP solutions as well as tested existing applications (VoIP servers as well as VoIP clients) where we found and fixed different security vulnerabilities.

Services and Research Methods

VoIP Lab

For security testing VoIP solutions we have designed and implemented our own security test lab for VoIP, called VoIP Lab. Due to this setup we can easily test newly proposed security measures, our own test tools, new VoIP software versions and many more aspects.

VoIP Honeynet

Honeynets are an appropriate approach for identifying attacks against VoIP systems and to learn about the tools, tactics, and motives of attackers. Our solution of trapping attackers and analyzing malicious VoIP traffic consists of a VoIP honeynet to collect data and a reporting system to analyze these data. In combination this is a complete infrastructure to gain new insights into VoIP attacks. The overall goal is to collect as much data on attacks on VoIP infrastructure as possible. Therefore, the data collection should be conducted on several layers, e.g., collecting spoken words of callers in order to detect fraud, or collecting data packets to get information on attacks on protocol-level.

Penetration Tests

We conduct penetration tests for different, also productive, VoIP infrastructures in order to find and fix security vulnerabilities that might otherwise get exploited by attackers.

Security Test Tools

We have implemented our own security test tools we use, among other targets, for VoIP security testing.

For example, the ESSE fuzzolution Fuzzer Framework or a GUI testing tool. You can find more information on our testing tools in our publications.

Scientific Publications

Both universities are concerned for a long time with VoIP Security Research. Following is an excerpt of important research papers. The BibTeX entries for our publications are available as well.

Markus Gruber, Dirk Hoffstadt, Adnan Aziz, Florian Fankhauser, Christian Schanes, Erwin Rathgeb, and Thomas Grechenig. Global VoIP Security Threats – Large Scale Validation Based on Independent Honeynets. In IFIP Networking Conference (IFIP Networking), 2015, pages 1–9, May 2015.

Markus Gruber, Martin Maier, Michael Schafferer, Christian Schanes, and Thomas Grechenig. Concept and Design of a Transparent Security Layer to Enable Anonymous VoIP Calls. In Proceedings of the International Conference on Advanced Networking, Distributed Systems and Applications (INDS), June 2014.

Markus Gruber, Christian Schanes, Florian Fankhauser, and Thomas Grechenig. Voice Calls for Free: How the Black Market Establishes Free Phone Calls – Trapped and Uncovered by a VoIP Honeynet. In Proceedings of the International Conference on Privacy, Security and Trust (PST), July 2013.

Markus Gruber, Christian Schanes, Florian Fankhauser, Martin Moutran, and Thomas Grechenig. Architecture for Trapping Toll Fraud Attacks Using a VoIP Honeynet Approach. In Proceedings of the 7th International Conference on Network and System Security (NSS), June 2013.

Markus Gruber, Florian Fankhauser, Stefan Taber, Christian Schanes, and Thomas Grechenig. Trapping and Analyzing Malicious VoIP Traffic Using a Honeynet Approach. In The 6th International Conference on Internet Technology and Secured Transactions (ICITST), December 2011.

Markus Gruber, Florian Fankhauser, Stefan Taber, Christian Schanes, and Thomas Grechenig. Security Status of VoIP Based on the Observation of Real-World Attacks on a Honeynet. In The Third IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT), October 2011.

Christian Schanes, Stefan Taber, Karin Popp, Florian Fankhauser, and Thomas Grechenig. Security Test Approach for Automated Detection of Vulnerabilities of SIP-based VoIP Softphones. International Journal On Advances in Security, 4(1 and 2):95–105, September 2011.

Florian Fankhauser, Maximilian Ronniger, Christian Schanes, and Thomas Grechenig. Security Test Environment for VoIP Research. International Journal for Information Security Research, 1(1):53–60, March 2011.

Maximilian Ronniger, Florian Fankhauser, Christian Schanes, and Thomas Grechenig. A Robust and Flexible Test Environment for VoIP Security Tests. In Internet Technology and Secured Transactions (ICITST), 2010 International Conference for, pages 1–6, November 2010.

Stefan Taber, Christian Schanes, Clemens Hlauschek, Florian Fankhauser, and Thomas Grechenig. Automated Security Test Approach for SIP-based VoIP Softphones. In The Second International Conference on Advances in System Testing and Validation Lifecycle, August 2010, Nice, France. IEEE Computer Society Press, August 2010.

Dirk Hoffstadt, Alexander Marold, and Erwin P. Rathgeb. Analysis of SIP–Based Threats Using a VoIP Honeynet System . In Trust, Security and Privacy in Computing and Communications (TrustCom), 2012, pages 541–548, June 2012.

Dirk Hoffstadt, Stefen Manhof, and Erwin P. Rathgeb. SIP Trace Recorder: Monitor and Analysis Tool for threats in SIP–based networks . In Wireless Communications and Mobile Computing Conference (IWCMC), 2012 8th International, pages 631–635, August 2012.

Dirk Hoffstadt, Niels Wolff, Stefan Monhof, and Erwin Rathgeb. Improved Detection and Correlation of Multi–Stage VoIP Attack Patterns by using a Dynamic Honeynet System. In Communications (ICC), 2013 IEEE International Conference, pages 1968–1973, June 2013.

Adnan Aziz, Dirk Hoffstadt, Sebastian Ganz, and Erwin Rathgeb. Development and Analysis of Generic VoIP Attack Sequences Based on Analysis of Real Attack Traffic. In Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference , pages 675–682, July 2013.

Dirk Hoffstadt, Erwin Rathgeb, Matthias Liebig, Ralf Meister, Yacine Rebahi, and Tran Quang Thanh. A comprehensive framework for detecting and preventing VoIP fraud and misuse. In Computing, Networking and Communications (ICNC), 2014 International Conference, pages 807–813, Feb 2014.

Adnan Aziz, Dirk Hoffstadt, Erwin Rathgeb and Thomas Dreibholz. A Distributed Infrastructure to Analyse SIP Attacks in the Internet. In IFIP Networking Conference (IFIP Networking), 2014, pages 1–8, June 2014.

Research Groups

The participating research groups ESSE -- Establishing Security, TU Wien, and Technik der Rechnernetze, Universität Duisburg-Essen -- both long time researchers of VoIP security -- are uniting forces to lead the VoIP security research.

Together with our industrial partner RISE we are able to research real-world security problems of large VoIP infrastructures.

contact

Contact/Imprint

For more information about our research or for industrial cooperations please contact us via e-mail to info@voip-security.at.

About

TU Wien
Institute of Information Systems Engineering
Research Group for Industrial Software, ESSE
Wiedner Hauptstraße 76/2/2
1040 Wien
Austria

Copyright

The content (content being images, text, sound and video files, programs and scripts) of this website is copyright © TU Wien / Institute of Information Systems Engineering / Research Group for Industrial Software, ESSE and its affiliates or content and creative providers. In accessing these web pages, you agree that any downloading of content is for personal, non-commercial reference only. No part of this web site may be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the website owner.