A computer science research group at University of Alabama in Birmingham is studying a new security scheme to better protect voice- and video-over-Internet Protocol (VoIP) communications. The team led by Birmingham computer science professor Nitesh Saxena is funded by a two-year $150,000 grant from Cisco Systems.
Saxena, with Birmingham computer science colleague Purushotham Bangalore, will investigate new solutions for securing VoIP services, such as Skype or Vonage. VoIP communications are considered vulnerable to threats such as eavesdropping and man-in-the-middle attacks, where a third party makes connections independently with the network users and intercepts or fabricates messages between them. These kinds of attacks can compromise each user’s device and expose confidential information.
Cisco Systems, the funder of the project, makes VoIP phone equipment. In Janury 2013, computer scientists at Columbia University found security weakneses in Cisco’s VoIP phones, which make it possible for third parties to insert malicious code in the devices’ firmware, and eavesdrop on conversations. The Columbia study said all of Cisco’s 14 VoIP phone models at the time had this vulnerability.
Securing VoIP calls with today’s technology makes use of a shared third-party cryptographic key. Saxena and colleagues will instead design and test a peer-to-peer mechanism, removing the need and potential vulnerability from a third-party key.
The proposed solution makes use of a technique known as short authenticated strings, which employs an extra channel for confirming identities and securing the session, but not a third party. The study will also investigate adapting this technique for multi-party — e.g. conferencing — as well as point-to-point calls.
Saxena is director of the university’s Security and Privacy in Emerging computing and networking Systems (SPIES) research group, as well as a member of the Center for Information Assurance and Joint Forensics Research, a multidisciplinary research center at Birmingham that focuses on information assurance.
Read more:
- Eye-Tracking Shown Feasible as Alternative to Passwords
- Wi-Fi Signals Configured as Multi-Room Motion Detector
- Weaknesses Found in Online Banking, Facebook Security
- Personal Genetic Information Vulnerabilty Exposed
- Challenge Seeks Smartphone GPS Jamming Detector
* * *
You must be logged in to post a comment.