evaluation of users’ perspective on voip’s security vulnerabilities
DESCRIPTION
Evaluation of users’ perspective on VoIP’s security vulnerabilities. Alireza Heravi Supervisors: Professor Jill Slay Dr Sameera Mubarak. Research Questions. To what extend are VoIP users aware of VoIP security vulnerabilities and what is their attitude towards these issues?. - PowerPoint PPT PresentationTRANSCRIPT
Evaluation of users’ perspective on VoIP’s security vulnerabilitiesAlireza HeraviSupervisors: Professor Jill Slay Dr Sameera Mubarak
Research Questions
•To what extend are VoIP users aware of VoIP security vulnerabilities and what is their attitude towards these issues?
Research Methodology• This thesis is a positivist quantitative research (Survey)
▫ For quantitative data collection purpose, an anonymous on-line questionnaire was designed.
• The questionnaire is designed by using Google Docs. ▫ The answers to the questions are stored at Google’s server
in Google Docs spreadsheet format and it is accessible by logging in to the corresponding Gmail account.
• For analyzing the collected data SPSS (PASW Statistics 17.0 (release 17.0.2)) and Microsoft Excel 2007 were used.
The Questionnaire•The questionnaire contains:
▫20 questions 18 closed questions (2 five-point scale
question)
▫2 open questions
The First Transmitted Voice “Mr. Watson, come here, I want to see
you”
Sent by Alexander Graham Bell in 1876 (Flood 1976; Brittain 2005)
http://images.livescience.com/images/gm_Alexander_Graham_Bell_03_10.jpg
What is VoIP?•Voice over Internet Protocol
•Transmits voice conversations over IP based networks like internet▫Converges voice and data
•Skype, oovoo, Google Talk, MSN …•Key drivers: low cost and flexibility
◦ Location independence◦ Integration with other services like file exchanges
How VoIP works?On the sender side:
•VoIP system converts voice into digital signal
•Split it into packets•Transport it over IP networks
On the receiving side•Digitized voice data is reassembled and
decoded
Source: www.baacs.com/VoIP.html
VoIP Implementation
Figure 1 (Phone-to-Phone)
Figure 2 (PC-to-PC)
VoIP Implementation (cont.)
Figure 3 PC-to-Phone/phone-to-PC
VoIP Implementation (cont.)
VPN
Site 1
Internet
Private IP Network
PSTN
IP PBX
Phone
IP Phone Fax
Gateway/Router
Site 2
IP PBX
Phone
IP Phone Fax
Gateway/Router
Private IP Network
Computer Computer
VPN VPN
VoIP Security • VoIP uses IP networks and therefore inherits its
vulnerabilities.▫ IP Networks have various potential vulnerable points
• Adding voice traffic to IP networks complicates security issues and introduces a range of vulnerabilities.▫ A VoIP system may face either an exclusive attack or an attack
to the underlying IP network.
• For having a secure VoIP system, both the IP network and the VoIP specific security issues must be addressed.▫ Network components including switches, routers, and firewalls, must
also be VoIP aware to be able to provide specific VoIP security features.
Results and Findings
Afgh
anistan
Au
stralia
Canad
a
Chin
a
Fiji
Ind
ia
Iran
Italy
Japan
South
Korea
Malaysia
Mald
ives
Ru
ssia
South
Africa
Taiw
an
Trin
idad
and
Tob
ago
Un
ited K
ingd
om
Vietn
am
0
10
20
30
40
50
60
70
8
64
15
1 410
1 1 1 2 1 1 2 1 1 1 2
Number of Participants by country
Sample population: Students of the School of CIS of the UniSA
Population: about 300
Number of participants: 107from 18 different countries
Results and Findings (cont.)
20%
28%
11%41%
Is traditional telephony (land line/mobile) more secure than VoIP?
Don’t knowNoSameYes
- Most of the participants believe that traditional telephony (land line/mobile) is more secure than VoIP
- Participants are most concerned about lower cost and least concerned about security.
9%
56%
30%
3% 2%
ConvenienceLower costQualitySecurityOthers
The most concerned feature when making international calls
Graph -1 Graph -2
Results and Findings (cont.)• The majority of the respondents who make
international call by either VoIP or landline/mobile are concerned about privacy (eavesdropping).
• The respondents that prefer computer over land line/mobile for international calls are less concerned about VoIP privacy and vice versa
• No relationship was found between nationality and awareness/attitude towards security/privacy issues in VoIP.
Summary of participants’ opinion about security/privacy in VoIP
• Since VoIP providers offer cheap services, it is not expected to have best facilities and privacy.
• Security/privacy is not a major concern due to the fact that the content of the conversations are not important (calling family, etc …).
• Do not talk about anything sensitive/important using VoIP/landline/mobile if you do not want it found out.
• Conversations are monitored and analyzed by government to protect the nation.
Thank You