Introduction to VoIP Security Risks

Introduction

In this introductory chapter, it discusses the concept, integration, challenges, and problems that faced by VOIP. Although section 2 (context) will provide a descriptive view of the VoIP, the introduction chapter covers an overview that include supporting infrastructure (internet), penetration, usage, security risks and threats associated to it, and impacts internet and subsequent VoIP has had on population and users. It also describe the outline of the contents which then allows us to discuss each section. The context section is providing information about the Voice over Internet Protocol system and the threats of it, including problem clarification and the process of it. Section 3 of the present research study is about the research context on VOIP systems including its workability and implementation over the years. Subsequently, the procedure section shows the problems that may ascend in the future within the project and if it needs to be mentioned or located in the project. It will have a methodology which is used to adapt for the implementation of the project.

In the last decade, voce communication and multimedia sharing such as Facebook video, Skype, hangout call, and WhatsApp calls have become relatively common and very cost-effective mode of communication. These communication mechanism is based on data such as files, voice, pictures, and multimedia messages delivery from source to destination via Internet Protocol (IP) (Shaw, and Sharma, 2016). As pointed by Parris (2018), internet penetration and usage has significantly increased becoming a major connection, interaction, and information sharing channel. This is attributable to number of reasons that include be considered as a source of interaction and connection among the people around the world (Namayanja and Janeja, 2017). At the same time, most of the people observed to be socialized through the platform of social media (Osterhage, 2018).

Whatsapp

Importantly, using the internet has become a part of everyday life of the people of these days. Many business entities, organizations, and governments have increasingly taken advantage of internet growth to enhance consumer engagement, product awareness, citizen interaction, news sharing, and information distribution. The positive impact and usefulness of the internet for the development of the regions can be emphasized. On the other hand, security risks has become a major issues associable to internet usage for instance privacy concerns, bullying, and misinformation. As pointed by Thermos and Takanen (2007) and Bradley (2008) vulnerability concerns that include unauthorized persons (hackers) can access personal and organizational information.

In this perspective, the purpose of this thesis is to research threats and danger which is being faced by Voice over Internet Protocols (VoIP). The main purpose of this project is to investigate security risks and threats associated with VoIP. It will then be evaluated by analyzing its security performance using free open source attacking tools. The expected outcomes of this study is to outline the risks and threats associated to VoIP and subsequently design and implement a VoIP network while taking in account the vulnerability and security risks and threats outlined.

Context

Unlike traditional communication channels involving channel setup, circuit-switching, and signaling, VoIP is transmission is digitalized transmitting data over a packet-switched network. As illustrated by Seufert et al., (2016), the media is streamed through application network bandwidth and application requirements that encodes video and audio. Therefore, it permits people to make phone calls by the connection of the internet that is completely different from that of traditional landlines. It is a method or a technology to use internet protocols instead of using the out-dated process of making phone calls, facsimile and for massage services. It is worth noting that VoIP services comes in a variety of forms that include residential (connected via a landline phone), device-based VoIP (one time purchase from services providers), software-based VoIP (either a web-based or installed on personal devices for example Skype), Mobile VoIP (installed on mobile devices such as smartphones and tablets example are Google Hangout and WhatsApp), and lastly business VoIP that can either be cloud-based or on-premises. Although implementation of these technologies have greatly cut down the communication cost, reduced latency, quality-of-service, and voice quality, but the issue of risks and threats imposed by the system remains a major concern.

Recent studies have increasingly focused on ways and solution to improve the security performance particularly given that internet has grew into not only sharing information and news but also direct communication through voice and video calling. Recently, the main area of focus has been on examining the advantages and disadvantages of using VoIP as well as structural implementation aimed at enhancing security risks and vulnerability. However, the VoIP is considebly a type of communication that is being continuously exploited and extensively deployed as well new and better physical infrastructure and software are implemented. Despite its huge benefits that include connecting people and enabling fast and efficient sharing of information following successful development and integration, security concerns faced by VoIP can be categorized into five groups namely SPIT (Spam over Internet Telephony), unencrypted traffic, hacking, hardware (analogue telephone adapters (ATAs) and IP phones), and DDoS attacks (Distributed denial of service). According to Shaw and Sharma (2016), the problem of traffic theft, call forwarding, illegal interception, and roll fraud is not new to the telephony industry but inherited from internet infrastructure. Notably, most of these attackers occur over signalling technologies and can be solved through ‘classes of restriction’ or ‘authentication codes’ (Dakur, A. and Dakur, S., 2014; Keromytis, 2012). For example, IT hardware company, Cisco, found SPA300 and SPA500 IP series to be vulnerable and were exploited by attackers to remotely listen to VoIP conversations.

As pointed by Osterhage (2018), attackers exploits the weaknesses found in both the hardware and software Therefore, malicious software called malware is used by hackers to damage and inactivate, to take the information under control, and to steal valuable information from a processor. With the help of malicious software (malware), unauthorized persons can access personal and organizations classified information (Shaw and Sharma, 2016). Using a business, residential or device-based VoIP networks, vulnerability, and potential risks encountered is much higher than conventional traditional communication channels. Studies has demonstrated that intrusion to obtain personal and organization data as well as eavesdropping to voice conversations is costly to attacked individuals measured particularly on the data (Keromytis, 2010; Butcher, and Guo, 2007). In addition to obtaining classified and personal information, VoIP spoofing encompassing modifying caller identification to falsify identify and pranking unsuspecting victims. Moreover, VOIP has issues of confidentiality and authenticity, which threats its users, and lure the hackers to abuse large amount information through the internet.

Accessibility is the last security concern which will be protected. It is the vital concern of the developers and the protection providers to defense information from the attack of hackers (Wen et al., 2017). Developers should be aware of a factor that the hackers know all the strategies to diminish the accessibility or availability of the VOIP system. Aggressor uses different modes to attack a computer system such as DOS (denial of services), DDOS (distributed denial of services). However, users should know about the malware and its impacts.

The thesis is covering important concerns about the potential risks, threat, vulnerability, and dangers faced by VOIP. These concerns are discussed because aggressor can jointly attack. For this particular reason, these issues are discussed in the present research study (Namayanja and Janeja, 2017). Therefore, several areas of VOIP issues with adequate privacy, availability, and authentication will be shielded in the present research paper.

Research Context

Recently, companies have increasingly integrated VoIP services because of huge benefits its offers to its corporate environment with some additional services and applications that help the management team as well as other employees provide effective services delivery, coordinate communication, and operating in cost-effective environment. In addition to that, it helps to enhance the level of services which certainly impacts on the image of a business organization (DuPont and Fidler, 2016). Additionally, as pointed by Singh et al. (2014), the use of VoIP also aids to minimize the overall cost of running an organization through reduced total cost of received services. The beneficial elements available in integration of the services meant huge of organizations and people have increasingly viewed the VoIP services of channel of choice in both voice and video communications. Nevertheless, issues emanating from vulnerability, potential risks, threats, and intrusion have been highlighted by users and studies.

One of the most prominent intrusion mechanism in VoIP is in the form of man-in-the-middle (MITM). Going by Conti et al. (2016) description of MITM, it is a form of intrusion where a third party can monitor and modify communication between two or more people. The attacker intercepts the message sent by exchanged and retransmitting public keys. From sender or receiver’s end, the message may appear normal, not recognizing the modification or access by unknown third party during transmission, but in essence the entire communication is controlled by a different person (attacker) rather than sender or receiver. Shirvanian and Saxena (2014) described the process as interception of two communication routers along traffic point. For instance, in a HTTP transaction, an attacker can splits the TCP connection separating the between server and attacker and between victim and attacker acting as proxy reading and inserting data and information s/he likes to convey. During the public key exchange process, such type of attack is usually done. The seized public key exchange which is inserted by one user one user is replaced or changed to another user with the hack version (Wu and Irwin, 2016).

There exist different types of form of man-in-the-middle attack where attacker performs the role of the middleman and users unable to comprehend that someone is interfering in their conversation or activities. In addition to that, there are some easily obtainable devices which help the attackers to perform spying. Apart from these, there are some other means like packet sniffers that aids the attackers to make eavesdropping easier. However, the replayed attack is another procedure of hacking which can be considered as a type of man-in-the-middle attack. It can be stated that it is a type of attack which is used to gain access and to cause damage the processors that are using wireless networks (Bidgoli, 2006). Though this procedure hacker is even able to access the encrypted data by the replays which contain with the valid information.

Therefore, the area that is privacy has to be covered. Privacy is a matter that is greatly associated with term confidentiality. The users usually maintain privacy to maintain confidentiality. However, the two forms as per the law standpoint are completely different from each other. Tough, within the computer or the network world these two terms are almost identical. Privacy is a big concern of the users which the attacker wants to intrude through implementing several means (Wen et al., 2017). In case of a packet spoofing attack, hackers use IP packets to target their purpose. In addition to that, the modified form of the IP packets does not reveal the IP address of the hacker’s computer. However, there exist mainly two types of spoofing attack one is called blind, and the other is called a non-blind spoofing attack (Gibberd, Noble and Cohen, 2017). In the case of blind spoofing attack, the attacker observed to send several IP packets to the selected computer system in order get a sample of the series of numbers that are being used for protecting the information.

It can be emphasized that hackers use several means to delay the availability of a network. In addition to that, a hacker uses DOS and DDOS for attacking a network or a system to dislocate the use of various services. Any IP based device, as well as the services which are provided by the device, gets affected by this disruption. On the other hand, the buffer is an area where the excess data are stored in the system until it is ready to use (Shaw and Sharma, 2016). When the buffer gets overflow, the attacker sends malicious instructions to corrupt the system. Therefore, while transmitting the overflow data from one buffer to another, it releases its instruction to the computer and corrupts the entire system.

Proposed Solution

For one to effectively and successfully defending against potential security risks, threats and vulnerability, s/he must have a deep understanding of the VoIP infrastructure, both physical and software. One form of familiarizing with this threats and dangers associated with VoIP usage is through on the different methods of attacks and vulnerability. The end users should have training on phishing, farming and many other methods for detecting unauthorized persons, MITM, and malware that try to gather information on the following target machines. Nevertheless, it can b be problematic to train each and every end user but it is important to make necessary steps of make them aware of the security threats and attacks. For a non-technical person to diagnosis both hardware and software components of the system sets another challenge. Within this research, the following are potential solution to the highlighted problems, threats, and risks associated with VoIP.

The solution for Man-in-the-Middle Attack

Address Resolution Protocol (ARP) poisoning or spoofing can exploited by attacker to prolong the attack by corrupting the internet server domain name system by leaving a downloadable worm, spyware, malware, or web browser hijacking program. Therefore, cache poisoning means attacks occurs remotely after download making it harder to detect. For instance, placing a compromising URL within spam e-mail with a tempting message for a person to open such as ‘error in tax returns’. These compromised URLs redirects the emails and users IP address to attacker’s servers leaving them with very little control of the communication. Therefore, the following approaches should be observed as potential solution to the VoIP security problems.

Frequent update of the system

Security threats and risks are always evolving whether human-driven or malware caused. Therefore, for VoIP system to be secure from attacks, it needs to do the same through regular update. Nevertheless, these updates need to be done adequately planned because of financial cost it involves and disruption of operations.

Enable real-time alerts

During implementation and installation of the system, emphasis should be on setting detection elements that could give alerts in the event of any unauthorized intrusion such as presence of malware, blocked call, suspicious message, or even delays. The alerts should indicate the exact physical location or points out section on software where the problems is or attempted intrusion. The alerts are not limited to something happening to the system but also notify on the schedule updates particularly the session border controller (SBC).

Conduct regular assessment of session border controller (SBC)

Periodic evaluation of the SBC will show whether it routinely blocks threats, it effectiveness in blocking, and extent of the security risks faced. Ideally, schedule regular check of the perform of security test on the system highlights the possible vulnerabilities within the system and at the same time enables one formulate a security risk mitigation plan based on data and evidence. Moreover, it gives one opportunity to close up any security concerns before attackers exploits the loophole.

Requirements functional and non-functional

In order to set up effective threats and risks prevention mechanisms, require implementation of measures such as encrypting voices services, performing regular security check and audits, locking down VoIP servers, and building redundancy into the system. Key elements is risk identification and highlighting the reasons for avoidance, protection, and security that collectively determines the necessary components and skills for security risk and threats solution. A tool such as Voice over Misconfigured Internet Telephones (VOMIT) accepts captured files then converts into plan audio but does not capture VoIP audio itself whereas as Address Translation Table tracks IPs and phone numbers. Corruption of SIP protocol stack can be mitigate through session-aware devices such as SBC in additional to firewalls, ACLs, and IDS/IPS matching signature. Other requirements should include encryption technologies, VoIP architecture, and VoIP security policy. Lastly, making users aware of the dangers and security risks associated with the VoIP needs skilled and knowledgeable persons to educate respective users on the same.

Resource and constraints

While using VOIP calls in this process, it needs for defending against those attacks that shall invade on the privacy of the system or network. Network’s primary devices (routers, switches, and firewalls) should be protected as attacks can be seen in layer 2. For combating such attacks, the technique should be proactive. As the ARP protocol has a limited security plan, it is the responsibility of the protocol to code up the weaknesses of the security. It is important to make a great listing in related with the ARP static entries. They should also deploy them with the help of an automated script process. In this way, various systems should be organized on the network. While dealing with those malicious attacks that disrupt the availability of the network or the system, the attacker usually uses either a Denial of Service attack or a Distributed Denial of Service attack in their processing. There are some ways by which the DoS and DDoS attacks can be combated. Configuring the routers and firewalls are said to be the most effective method. It can also be said that it is a way by which, the ability to stop the ping and ICMP packets can be seen. With the help of the routers, there can be a filter for nonessential protocols. It can also stop using invalid addresses for avoiding the devices from sophisticated attacks.

Monitoring the ARP traffic along with the third party program is said to be the last option in the process of combating ARP cache poisoning. Therefore, this technique is an effective one. In this, the processing can be done by using hardware devices or software which is downloaded for the intentionally designed for the operation. While implementing the solution, it can be said that it is straightly directed to the main system. It shall be more monstrous if used for an entire network of the device (Venkataraman and Trestian, 2017). The server helps in allowing the use of applications and the manner by which the requests of the clients should be responded.

Methodology

Study methods

The literature review will be done in which I will look into and investigate threats and dangerous for VOIP protocol, its technologies and a look into existing measures taken to handle attacks on VOIP calls by making the utilization of internet resources and databases of the university library. This is highly contributing to the background of the topic. In this study, adequate attention has been laid on other related projects conducted by the past authors to take inspiration from them.

Correspondingly, a design of VOIP network will be carried and the implementation of the same. It will then be evaluated by analyzing the security performance by making the utilization of attacking tools which possess free source. After the implementation of security methods, the network shall be evaluated again to demonstrate the importance of correct security implementation. In this thesis, the research scholar has stressed more on the area of authenticity by covering the ways of conducting man-in-the-middle attacks. On the other hand, the paper also states about the packet spoofing attack. Lastly, the research analyst covered the portion of denial of service attacks and distributed denial of services in related to the matter of availability. Therefore, depending on the drawbacks and problems of the VoIP, recommendations are also provided in this thesis paper.

Then the achievements will be summarized in the overall project, and the limitations will be highlighted so that future research proposal can be sent for the reason to address the issues related attacks on VOIP Protocol and propose design constraints to make secure VOIP protocol and minimize the numbers of attacks.

Ethical consideration

As stated before, the project variables directly interacts with the users. Implementation of security components including prevention architecture to spoof attack and application layer attacks. It can be said that the firewall is capable of discontinuing the specific flows in related to the attacks. On the other hand, it can be seen that the use of intrusion of detecting has provided some methods of detection of capabilities (Aviad, Węcel, and Abramowicz, 2016). It can also be seen that it recognizes the protocols, which are being used for an attack in the transport vehicle. In the next process, there can be servers that are used for reducing the DDoS attack effects. In order to achieve this objectives, users’ confidentiality, privacy, and integrity must prioritized. As such, the project will work towards preserving during and after implementation of the security risk and threats prevention and mitigation mechanisms. One of the key element to this is ensuring the users are well aware and have full grasps of the potential risks and prevention elements to be set in place. Although there are risk losing or exposure of personal data and information during implementation of solution, prior care of handling these data and information including isolating the systems and data, backing up in separate storage unit, or shutting off entirely until confirmation successful implementation. The research assumed that although the end users may consist of individuals less than 18 years or age and vulnerable individuals, those seeking to install and implement security components into their VoIP systems were not below 18 years and mentally vulnerable, therefore need for special consent letter. Nevertheless, consent letter indicate the scope and aims of entire process was signed by all involved individuals beforehand.

SEPLI

In the earlier times, very limited choices existed for people in the context the companies selling phones and as well as services related to phones (Singh and Sharma, 2015). There existed a lack of variety in the phone industry, and the companies were unable to lessen the business cost that they were liable to pay to the phone company. However, in the current years, the monopoly has broken owing to the advancement of technology and also because the options of services expanded at a very large scale (Wu and Irwin, 2016). The earlier systems can be considered outdated, and a new technology called VoIP has taken its place (Satapathy and Livingston, 2016). VoIP is an advanced technology, and it has some significant features which prioritized the security of a consumer (Wen et al., 2017)

Order Now

Report

During first six weeks of project, two keys was conducted. These are planning and control stage and reviewing of existing studies. In planning and control stage, it consisted of creating of schedule plan, defining of project, drafting brief, and scheduling for supervision. Project definition took into account various elements including the background of the problems, outlining the current challenges and problems faced in the field that is security threats, risks, and vulnerability in the system as well as core variables of the study. Drafting definitive brief and preparing project schedule involved update ePortfolio blog, supervision records, and accosicted documents.

On the other hand, literature review involved identifying studies, reports, and journals with findings and discussion related to VoIP implementation, architecture, security elements in IP system, potential threats and security risks, and IP elements. At this stage, institutional records, books, and journals with findings and data related to research topic, objectives, problems and aims were identified then critically reviewed to capture existing views, opinions, and discussion on current implementation structures. The aims of this was to outline the challenges and success rate of integrated approaches as well as gaps towards integration of effective and successful security and threats prevention and mitigation in VoIP services.

Looking for further insights on Internet Legal and Ethical Standards ? Click here.

Continue your journey with our comprehensive guide to Firewall Bypass with VPN Technology.

References

Ahson, S.A. and Ilyas, M., 2008. RFID handbook: applications, technology, security, and privacy. CRC press.

Aviad, A.E., Węcel, K. and Abramowicz, W., 2016. A semantic approach to modelling of cybersecurity domain. Journal of Information Warfare, 15(1), pp.91-X.

Bidgoli, H., 2006. Handbook of Information Security, Information Warfare, Social, Legal, and International Issues and Security Foundations (Vol. 2). John Wiley & Sons.

Butcher, D., Li, X. and Guo, J., 2007. Security challenge and defense in VoIP infrastructures. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 37(6), pp.1152-1162.

Conti, M., Dragoni, N. and Lesyk, V., 2016. A survey of man in the middle attacks. IEEE Communications Surveys & Tutorials, 18(3), pp.2027-2051.

Dakur, A. and Dakur, S., 2014. Eavesdropping and interception security hole and its solution over VoIP Service. In Wireless Computing and Networking (GCWCN), 2014 IEEE Global Conference on (pp. 6-10). IEEE.

DuPont, Q. and Fidler, B., 2016. Edge cryptography and the codevelopment of computer networks and cybersecurity. IEEE Annals of the History of Computing, 38(4), pp.55-73.

Flowers, C., Mansour, A. and Al-Khateeb, H.M., 2016. Web browser artefacts in private and portable modes: a forensic investigation. International Journal of Electronic Security and Digital Forensics, 8(2), pp.99-117.

Gibberd, A., Noble, J. and Cohen, E., 2017. Characterising Dependency in Computer Networks using Spectral Coherence. arXiv preprint arXiv:1711.09609.

Keromytis, A.D., 2010. Voice-over-IP security: Research and practice. IEEE Security & Privacy, (2), pp.76-78.

Keromytis, A.D., 2012. A comprehensive survey of voice over IP security research. IEEE Communications Surveys & Tutorials, 14(2), pp.514-537.

Namayanja, J.M. and Janeja, V.P., 2017. Characterization of Evolving Networks for Cybersecurity. In Information Fusion for Cyber-Security Analytics (pp. 111-127). Springer, Cham.

Onwubiko, C., 2017, June. Security operations centre: Situation awareness, threat intelligence and cybercrime. In Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), 2017 International Conference On (pp. 1-6). IEEE.

Satapathy, A. and Livingston, L.J., 2016. A Comprehensive Survey of Security Issues anDefense Framework for VoIP Cloud. Indian Journal of Science and Technology, 9(6).

Seufert, M., Egger, S., Slanina, M., Zinner, T., Hossfeld, T. and Tran-Gia, P., 2015. A survey on quality of experience of HTTP adaptive streaming. IEEE Communications Surveys & Tutorials, 17(1), pp.469-492.

Shaw, U. and Sharma, B., 2016. A Survey Paper on Voice over Internet Protocol (VOIP). International Journal of Computer Applications, 139(2), pp.16-22.

Shirvanian, M. and Saxena, N., 2014, November. Wiretapping via mimicry: Short voice imitation man-in-the-middle attacks on crypto phones. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 868-879). ACM.

Singh, H.P., Singh, S., Singh, J. and Khan, S.A., 2014. VoIP: State of art for global connectivity—A critical review. Journal of Network and Computer Applications, 37, pp.365-379.

Thermos, P. and Takanen, A., 2007. Securing VoIP networks: threats, vulnerabilities, and countermeasures. Pearson Education.

Venkataraman, H. and Trestian, R., 2017. 5G Radio Access Networks: centralized RAN, cloud-RAN and virtualization of small cells. CRC Press.

Wen, G., Yu, W., Yu, X. and Lü, J., 2017. Complex cyber-physical networks: From cybersecurity to security control. Journal of Systems Science and Complexity, 30(1), pp.46-67.

Wu, C.H.J. and Irwin, J.D., 2016. Introduction to computer networks and cybersecurity. CRC Press.

Place Your Assignment Request

and watch your grades improve...

  • 100K+ Satisfied Students.
  • Rated 4.9/5 based on
  • Overall Reviews.
Order Now
Sitejabber
Google Review
Yell

What Makes Us Unique

  • 24/7 Customer Support
  • 100% Customer Satisfaction
  • No Privacy Violation
  • Quick Services
  • Subject Experts

Dissertation Samples

Assignment/Essay Samples

Research Proposal Samples

Academic services materialise with the utmost challenges when it comes to solving the writing. As it comprises invaluable time with significant searches, this is the main reason why individuals look for the Assignment Help team to get done with their tasks easily. This platform works as a lifesaver for those who lack knowledge in evaluating the research study, infusing with our Dissertation Help writers outlooks the need to frame the writing with adequate sources easily and fluently. Be the augment is standardised for any by emphasising the study based on relative approaches with the Thesis Help, the group navigates the process smoothly. Hence, the writers of the Essay Help team offer significant guidance on formatting the research questions with relevant argumentation that eases the research quickly and efficiently.


DISCLAIMER : The assignment help samples available on website are for review and are representative of the exceptional work provided by our assignment writers. These samples are intended to highlight and demonstrate the high level of proficiency and expertise exhibited by our assignment writers in crafting quality assignments. Feel free to use our assignment samples as a guiding resource to enhance your learning.