Abstract
IP telephony is less confined than traditional PSTN telephony. As a consequence, it is more exposed to security attacks. These attacks are specific to VoIP protocols such as SPIT, or are inherited from the IP layer such as ARP poisoning. Protection mechanisms are often available, but they may seriously impact on the quality of service of such critical environments. We propose to exploit and automate risk management methods and techniques for VoIP infrastructures. Our objective is to dynamically adapt the exposure of a VoIP network with regard to the attack potentiality while minimizing the impact for the service. This paper describes the challenges of risk management for VoIP, our runtime strategy for assessing and treating risks, preliminary results based on Monte-Carlo simulations and future work.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Thermos, P., Takanen, A.: Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures. Addison-Wesley Professional, Reading (2007)
Kuhn, D.R., Walsh, T.J., Fries, S.: Security Considerations for Voice Over IP Systems. National Institute of Standards and Technology (2005), http://csrc.nist.gov/publications/
Dantu, R., Kolan, P., Cangussu, J.W.: Network risk management using attacker profiling. Security and Communication Networks 2(1), 83–96 (2009)
Shin, D., Shim, C.: Progressive Multi Gray-Leveling: A Voice Spam Protection Algorithm. IEEE Network Magazine 20 (September 2006)
Bunini, M., Sicari, S.: Assessing the Risk of Intercepting VoIP Calls. Elsevier Journal on Computer Networks (May 2008)
Bedford, T., Cooke, R.: Probabilistic Risk Analysis: Foundations and Methods. Cambridge University Press, Cambridge (April 2001)
D’Heureuse, N., Seedorf, J., Niccolini, S., Ewald, T.: Protecting SIP-based Networks and Services from Unwanted Communications. In: Proc. of IEEE/Global Telecommunications Conference (GLOBECOM 2008) (December 2008)
ISO/IEC 27005: Information Security Risk Management, International Organization for Standardization (June 2008), http://www.iso.org
Gehani, A., Kedem, G.: RheoStat: Real Time Risk Management. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 296–314. Springer, Heidelberg (2004)
Dabbebi, O., Badonnel, R., Festor, O.: Automated Runtime Risk Management for Voice over IP Networks and Services. In: Proc. of the 12th IEEE/IFIP Network Operations and Management Symposium, NOMS 2010 (April 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Dabbebi, O., Badonnel, R., Festor, O. (2010). Managing Risks at Runtime in VoIP Networks and Services. In: Stiller, B., De Turck, F. (eds) Mechanisms for Autonomous Management of Networks and Services. AIMS 2010. Lecture Notes in Computer Science, vol 6155. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13986-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-13986-4_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13985-7
Online ISBN: 978-3-642-13986-4
eBook Packages: Computer ScienceComputer Science (R0)