evaluation of users’ perspective on voip’s security vulnerabilities

Evaluation of users’ perspective on VoIP’s security vulnerabilitiesAlireza HeraviSupervisors: Professor Jill Slay Dr Sameera Mubarak

Research Questions

•To what extend are VoIP users aware of VoIP security vulnerabilities and what is their attitude towards these issues?

Research Methodology• This thesis is a positivist quantitative research (Survey)

▫ For quantitative data collection purpose, an anonymous on-line questionnaire was designed.

• The questionnaire is designed by using Google Docs. ▫ The answers to the questions are stored at Google’s server

in Google Docs spreadsheet format and it is accessible by logging in to the corresponding Gmail account.

• For analyzing the collected data SPSS (PASW Statistics 17.0 (release 17.0.2)) and Microsoft Excel 2007 were used.

The Questionnaire•The questionnaire contains:

▫20 questions 18 closed questions (2 five-point scale

question)

▫2 open questions

The First Transmitted Voice “Mr. Watson, come here, I want to see

you”

Sent by Alexander Graham Bell in 1876 (Flood 1976; Brittain 2005)

http://images.livescience.com/images/gm_Alexander_Graham_Bell_03_10.jpg

What is VoIP?•Voice over Internet Protocol

•Transmits voice conversations over IP based networks like internet▫Converges voice and data

•Skype, oovoo, Google Talk, MSN …•Key drivers: low cost and flexibility

◦ Location independence◦ Integration with other services like file exchanges

How VoIP works?On the sender side:

•VoIP system converts voice into digital signal

•Split it into packets•Transport it over IP networks

On the receiving side•Digitized voice data is reassembled and

decoded

Source: www.baacs.com/VoIP.html

VoIP Implementation

Figure 1 (Phone-to-Phone)

Figure 2 (PC-to-PC)

VoIP Implementation (cont.)

Figure 3 PC-to-Phone/phone-to-PC

VoIP Implementation (cont.)

VPN

Site 1

Internet

Private IP Network

PSTN

IP PBX

Phone

IP Phone Fax

Gateway/Router

Site 2

IP PBX

Phone

IP Phone Fax

Gateway/Router

Private IP Network

Computer Computer

VPN VPN

VoIP Security • VoIP uses IP networks and therefore inherits its

vulnerabilities.▫ IP Networks have various potential vulnerable points

• Adding voice traffic to IP networks complicates security issues and introduces a range of vulnerabilities.▫ A VoIP system may face either an exclusive attack or an attack

to the underlying IP network.

• For having a secure VoIP system, both the IP network and the VoIP specific security issues must be addressed.▫ Network components including switches, routers, and firewalls, must

also be VoIP aware to be able to provide specific VoIP security features.

Results and Findings

Afgh

anistan

Au

stralia

Canad

a

Chin

a

Fiji

Ind

ia

Iran

Italy

Japan

South

Korea

Malaysia

Mald

ives

Ru

ssia

South

Africa

Taiw

an

Trin

idad

and

Tob

ago

Un

ited K

ingd

om

Vietn

am

0

10

20

30

40

50

60

70

8

64

15

1 410

1 1 1 2 1 1 2 1 1 1 2

Number of Participants by country

Sample population: Students of the School of CIS of the UniSA

Population: about 300

Number of participants: 107from 18 different countries

Results and Findings (cont.)

20%

28%

11%41%

Is traditional telephony (land line/mobile) more secure than VoIP?

Don’t knowNoSameYes

- Most of the participants believe that traditional telephony (land line/mobile) is more secure than VoIP

- Participants are most concerned about lower cost and least concerned about security.

9%

56%

30%

3% 2%

ConvenienceLower costQualitySecurityOthers

The most concerned feature when making international calls

Graph -1 Graph -2

Results and Findings (cont.)• The majority of the respondents who make

international call by either VoIP or landline/mobile are concerned about privacy (eavesdropping).

• The respondents that prefer computer over land line/mobile for international calls are less concerned about VoIP privacy and vice versa

• No relationship was found between nationality and awareness/attitude towards security/privacy issues in VoIP.

Summary of participants’ opinion about security/privacy in VoIP

• Since VoIP providers offer cheap services, it is not expected to have best facilities and privacy.

• Security/privacy is not a major concern due to the fact that the content of the conversations are not important (calling family, etc …).

• Do not talk about anything sensitive/important using VoIP/landline/mobile if you do not want it found out.

• Conversations are monitored and analyzed by government to protect the nation.

Thank You