|Title:||Security architectures for services of voice over IP|
|Supervisor:||Radu State and Olivier Festor|
|Funding:||Centre de Recherche INRIA Nancy - Grand Est|
PhD project description
Voice over IP (VoIP or also known as Internet Telephony) networks are in a major deployment phase and are becoming widely spread out due to their extended functionality and cost efficiency. Since no dedicated network is used for VoIP, the users in the network are exposed to different attacks that can jeopardize the proper functionality of the VoIP devices (i.e. Denial of Service (DoS), Eavesdropping, Hijacking, Toll-Fraud) as well as any other entity, not necessarily for VoIP services, presented in the network.
Network security assessment provides the necessary knowledge to the administrators in order to estimate the degree of security that their networks reach.
Identifying and classifying all the risk involved in a network, as well as study the procedures to identify vulnerabilities and recognizing the type of device or software generating a determinate message, become the objectives of this thesis.
The research activities performed on VoIP security are two complementary approaches. The first one is addressing the automated security testing of VoIP implementations, while the second focuses in automatically detects signatures presented in messages generated from an entity.
The thesis has two main strong points in the work on VoIP security. The first one is related to proposing and validating the first approach for automated security testing (fuzzing) capable to deal with self-improving and self-learning features. The second proposes an environment able to learn from traces displayed in the network capable to discover the origin of the message. This approach may be helpful to uncover possible frauds or analyzing the flow of data in the network. Once a mature state is reach for both algorithms, the idea of merge them together to increase their faculties will be taken.
- H. Abdelnur, R. State, O. Festor. ``KiF: A stateful SIP Fuzzer". In the 1st International Conference on Principles, Systems and Applications of IP Telecommunications (IPTCOMM 2007), New-York, USA. pp. 47--56, July 2007. ACM Press.
- H. Abdelnur, C. Popi, R. State, I. Chrisment. "Assessing the security of VoIP Services". In the 10th IFIP/IEEE Symposium on Integrated Management (IM2007), 21-25 May 2007, Munich, Germany. pp. 373-382. IEEE Computer Society Press. ISBN 1-4244-0799-0
- H. Abdelnur, V. Cridlig, R. State, O. Festor and J. Bourdellon. ``VoIP Security Assessment: Methods and Tools". Proceedings of the 1st IEEE workshop on VoIP Management and Security: VoIP Mase. April 2006, Vancouver, Canada. pp 29-34. DOI 10.1109/VOIPMS.2006.1638119
- [_URL_ Homepage] of Humberto Abdelnur
- Publications of Humberto Abdelnur, as indexed by DBLP