Secure VoIP performance measurement

Saad, Amna

January 2013

This project presents a mechanism for instrumentation of secure VoIP calls. The experiments were run under different network conditions and security systems. VoIP services such as Google Talk, Express Talk and Skype were under test. The project allowed analysis of the voice quality of the VoIP services based on the Mean Opinion Score (MOS) values generated by Perceptual valuation of Speech Quality (PESQ). The quality of the audio streams produced were subjected to end-to-end delay, jitter, packet loss and extra processing in the networking hardware and end devices due to Internetworking Layer security or Transport Layer security implementations. The MOS values were mapped to Perceptual Evaluation of Speech Quality for wideband (PESQ-WB) scores. From these PESQ-WB scores, the graphs of the mean of 10 runs and box and whisker plots for each parameter were drawn. Analysis on the graphs was performed in order to deduce the quality of each VoIP service. The E-model was used to predict the network readiness and Common vulnerability Scoring System (CVSS) was used to predict the network vulnerabilities. The project also provided the mechanism to measure the throughput for each test case. The overall performance of each VoIP service was determined by PESQ-WB scores, CVSS scores and the throughput. The experiment demonstrated the relationship among VoIP performance, VoIP security and VoIP service type. The experiment also suggested that, when compared to an unsecure IPIP tunnel, Internetworking Layer security like IPSec ESP or Transport Layer security like OpenVPN TLS would improve a VoIP security by reducing the vulnerabilities of the media part of the VoIP signal. Morever, adding a security layer has little impact on the VoIP voice quality.

004.69

Vysokorychlostní přenos dat v mobilních a bezdrátových sítích / High-speed data transmission in mobile and wireless networks

Rosenberg, Martin

January 2011

The goal of the master’s thesis was to propose two laboratory exercises, integrating newly purchased devices HTC Desire and Nokia N900. Designed tasks bring new technologies and services to education process. The first task examines the configuration of branch exchange Asterisk PBX and analyzes SIP protocol. Part of exercise is concentrated on high-speed data transmission in mobile and wireless networks, regarding to usability of VoIP technology. The second exercise introduces to vulnerability of VoIP technology. It contains simulations of attacks on branch exchange Asterisk, DoS attack and discusses methods to secure VoiP communication. The part of this exercise examines usage of HTC Desire phone, instead of ordinary Wi-Fi access point.

Practical authentication in large-scale internet applications

Dacosta, Italo

03 July 2012

Due to their massive user base and request load, large-scale Internet applications have mainly focused on goals such as performance and scalability. As a result, many of these applications rely on weaker but more efficient and simpler authentication mechanisms. However, as recent incidents have demonstrated, powerful adversaries are exploiting the weaknesses in such mechanisms. While more robust authentication mechanisms exist, most of them fail to address the scale and security needs of these large-scale systems. In this dissertation we demonstrate that by taking into account the specific requirements and threat model of large-scale Internet applications, we can design authentication protocols for such applications that are not only more robust but also have low impact on performance, scalability and existing infrastructure. In particular, we show that there is no inherent conflict between stronger authentication and other system goals. For this purpose, we have designed, implemented and experimentally evaluated three robust authentication protocols: Proxychain, for SIP-based VoIP authentication; One-Time Cookies (OTC), for Web session authentication; and Direct Validation of SSL/TLS Certificates (DVCert), for server-side SSL/TLS authentication. These protocols not only offer better security guarantees, but they also have low performance overheads and do not require additional infrastructure. In so doing, we provide robust and practical authentication mechanisms that can improve the overall security of large-scale VoIP and Web applications.

Network security

Web security

VoIP security

Session hijacking

Man-in-the-middle attacks

Computer networks Security measures

Computer architecture

Bezpečnost firemních telefonních sítí využívajících VoIP / Security of Enterprise VoIP Telephony Networks

Šolc, Jiří

January 2008

This thesis focuses on enterprise VoIP telephony network security. Introduces brief comparison of old analog and digital voice networks and IP telephone networks with special focus on VoIP system security. The goal of the thesis is to identify the risks of implementation and operation of VoIP technologies in enterprise environment and so thesis brings some conclusion how to minimalize or avoid these risks. First two chapters briefly introduce the development of telephony technologies with differentiation of enterprise telephone network from public telephone networks. Further it describes individual technologies, digitalization of voice, processing the signal and VoIP protocols and components. Third chapter focuses on infrastructure of telephony networks with special interest for architecture of IP telephony and ways of establishing call processing. It describes data flows for further security risk analysis, which this technology came with. Fifth chapter is about enterprise security standards in common and is trying to describe information security management system (ISMS) adopting VoIP technology. Individual security threats and risks are described in sixth chapter, along with known methods how to avoid them. Final parts of thesis concludes of two real situation studies of threats and risks of VoIP technologies implemented in environment of small commercial enterprise and medium size enterprise, in this example represented by University of economics. These chapters conclude theoretical problems shown on practical examples.