Misuse patterns in VoIP

Pelaez, Juan C.; Fernández, Eduardo B.; Larrondo-Petrie, María M.

doi:10.1002/sec.105

Cited by 14 publications

(4 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Considering the vulnerabilities associated with specific software products installed allows us to identify concrete attack scenarios and hence specific monitoring activities that collect forensic evidence necessary to demonstrate that these attacks took place. Cloud security reference architectures [24] provide guidance for identifying potential misuse cases [25] arising from the interaction of stakeholders with the system and for detecting a set of security patterns, which include countermeasures to prevent or mitigate those misuse cases. Security patterns also include a general list of components of the cloud architecture, such as VMs and networks, from which forensic evidence regarding a specific misuse pattern can be found.…”

Section: Related Workmentioning

confidence: 99%

Adaptive evidence collection in the cloud using attack scenarios

Pasquale

Hanvey

Mcgloin

et al. 2016

Computers & Security

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Adaptive evidence collection in the cloud using attack scenarios

Pasquale

Hanvey

Mcgloin

et al. 2016

Computers & Security

View full text Add to dashboard Cite

“…This threat includes eavesdropping and impersonation to support the attack. Session hijacking infiltrates the middle of the communication to gain control over the transmitted data [13]. MITM attack is a renowned act of session hijacking [7][14].…”

Section: Session Hijackingmentioning

confidence: 99%

ROSS: Low-Cost Self-Securing VoIP Communication Framework

Syafalni¹

2012

KSII TIIS

View full text Add to dashboard Cite

Reliance on the Internet has introduced Voice over Internet Protocol (VoIP) to various security threats. A reliable security protocol and an authentication scheme are thus required to prevent the aforementioned threats. However, an authentication scheme often demands additional cost and effort. Accordingly, a security framework for known participants in VoIP communication is proposed in this paper. The framework is known as Randomness-Optimized Self-Securing (ROSS), which performs authentication automatically throughout the session by optimizing the uniqueness and randomness of the communication itself. Elliptic Curve Diffie-Hellman (ECDH) key exchange and Salsa20 stream cipher are utilized in the framework correspondingly to secure the key agreement and the communication with low computational cost. Human intelligence supports ROSS authentication process to ensure participant authenticity and communication regularity. The results show that with marginal overhead, the proposed framework is able to secure VoIP communication by performing reliable authentication.

show abstract

“…Although many researchers have explained the possibility of this threat, no one in the literature has used patterns to analyze the threat of non-control data in an NFV system. Patterns have proved convenient to describe the threats in several environments, such as cloud [15], IoT [16], and VoIP [17].…”

Section: Introductionmentioning

confidence: 99%

Misuse Patterns from the Threat of Modification of Non-Control Data in Network Function Virtualization

Alnaim

2022

Future Internet

View full text Add to dashboard Cite

Network Function Virtualization (NFV) is a virtual network model, the goal of which is a cost-efficient transition of the hardware infrastructure into a flexible and reliable software platform. However, this transition comes at the cost of more security threats. A key part of this virtualization environment is the hypervisor, which emulates the hardware resources to provide a runtime environment for virtual machines (VMs). The hypervisor is considered a major attack vector and must be secured to ensure network service continuity. The virtualization environment contains critical non-control data where compromise could lead to several misuses, including information leakage and privilege and resource modification. In this paper, we present a misuse pattern for an attack that exploits the security vulnerabilities of the hypervisor to compromise the integrity of non-control data in the NFV environment. Misuse patterns are used to describe how attacks are carried out from the attackers’ perspective. The threat of modification of non-control data can lead to several misuses, and in this paper, we discuss three of them. The defenses to this attack can be incorporated into the Security Reference Architecture (SRA) of the NFV system to prevent these misuses.

show abstract

Misuse patterns in VoIP

Cited by 14 publications

References 12 publications

Adaptive evidence collection in the cloud using attack scenarios

Adaptive evidence collection in the cloud using attack scenarios

ROSS: Low-Cost Self-Securing VoIP Communication Framework

Misuse Patterns from the Threat of Modification of Non-Control Data in Network Function Virtualization

Contact Info

Product

Resources

About