Oulun yliopisto - Etusivulle University of Oulu in English

ee.oulu.fi

Electrical and Information Engineering

Faculty of Technology > Electrical and Information Engineering > Computer Engineering Laboratory


OUSPG

[This page is CSS2 enabled. Your browser might not fully support it]

Security analysis and experiments for Voice over IP RTP media streams

$RCSfile: index.html,v $ $Revision: 1.2 $ $Date: 2006/05/26 10:56:30 $

ABSTRACT

The Real-Time Transport Protocol (RTP), a transport protocol for real-time applications is the standard for transmitting encoded voice and video in IP telephony, including networks built using elements depending on Session Initiation Protocol (SIP) and H.323 protocol family. Different security requirements were analyzed, potential vulnerabilities were identified, and means of attacking them were built. As a case study, we assessed six implementations using the found attack methods trying to compromise the classical information security principles: confidentiality, integrity and availability. All of the implementations available for evaluation failed to perform in a secure manner under the test. We managed to eavesdrop the media stream and to inject a third party voice into an ongoing call. Finally, we successfully performed Denial-of-Service (DoS) attacks.

Publication details and availability
Title: Security analysis and experiments for Voice over IP RTP media streams
Publication details: Wieser C., Röning J., Takanen A. "Security analysis and experiments for Voice over IP RTP media streams". 8th International Symposium on Systems and Information Security (SSI'2006). Sao Jose dos Campos, Sao Paulo, Brazil. November 08-10, 2006.
Availability: [PDF_] Full paper (original)
[PS__] Full paper (original)

[This page is CSS2 enabled. Your browser might not fully support it]