Science & Enterprise subscription

Follow us on Twitter

  • As the U.S. enters its Independence Day in the midst of its worst-ever pandemic, a divided public most trusts its h… https://t.co/umw9fDWuvJ
    about 8 hours ago
  • New post on Science and Enterprise: Infographic – Health Agencies Trusted for Covid-19 Info https://t.co/RerieMYQgn #Science #Business
    about 8 hours ago
  • Change the name of the Washington NFL team? A respondent to @joshtpm has a brilliant idea ... Washington Dukes, for… https://t.co/J9P4LKG2PT
    about 23 hours ago
  • A medical software team designed a mobile app that records and analyzes a person's sounds and sleep positions to de… https://t.co/NB99HQUWpC
    about 1 day ago
  • New post on Science and Enterprise: Mobile App Screens for Sleep Apnea https://t.co/N8gTn2zWhe #Science #Business
    about 1 day ago

Please share Science & Enterprise

Research to Develop Peer-to-Peer VoIP Security Protocol

Nitesh Saxena (University of Alabama at Birmingham)

Nitesh Saxena (University of Alabama at Birmingham)

A computer science research group at University of Alabama in Birmingham is studying a new security scheme to better protect voice- and video-over-Internet Protocol (VoIP) communications. The team led by Birmingham computer science professor Nitesh Saxena is funded by a two-year $150,000 grant from Cisco Systems.

Saxena, with Birmingham computer science colleague Purushotham Bangalore, will investigate new solutions for securing VoIP services, such as Skype or Vonage. VoIP communications are considered vulnerable to threats such as eavesdropping and man-in-the-middle attacks, where a third party makes connections independently with the network users and intercepts or fabricates messages between them. These kinds of attacks can compromise each user’s device and expose confidential information.

Cisco Systems, the funder of the project, makes VoIP phone equipment. In Janury 2013, computer scientists at Columbia University found security weakneses in Cisco’s VoIP phones, which make it possible for third parties to insert malicious code in the devices’ firmware, and eavesdrop on conversations. The Columbia study said all of Cisco’s 14 VoIP phone models at the time had this vulnerability.

Securing VoIP calls with today’s technology makes use of a shared third-party cryptographic key. Saxena and colleagues will instead design and test a peer-to-peer mechanism, removing the need and potential vulnerability from a third-party key.

The proposed solution makes use of a technique known as short authenticated strings, which employs an extra channel for confirming identities and securing the session, but not a third party. The study will also investigate adapting this technique for multi-party — e.g. conferencing — as well as point-to-point calls.

Saxena is director of the university’s Security and Privacy in Emerging computing and networking Systems (SPIES) research group, as well as a member of the Center for Information Assurance and Joint Forensics Research, a multidisciplinary research center at Birmingham that focuses on information assurance.

Read more:

*     *     *

Please share Science & Enterprise ...

Comments are closed.