Academic Commons

Articles

A Look at VoIP Vulnerabilities

Keromytis, Angelos D.

Voice over IP (VoIP) and Internet Multimedia Subsystem (IMS) technologies offer higher flexibility than traditional telephony infrastructures and the potential for lower cost through equipment consolidation and new business models. In this article, I examine the current state of affairs on VoIP/IMS security through a survey of all the 221 known/disclosed security vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database and in IETF RFCs/drafts. My key finding is that the higher complexity of VoIP/IMS systems leads to a variety of attack vectors, many of them caused by unforeseen and unexpected component interactions. A second finding is that what people seem to worry about in VoIP (traffic interception and impersonation) bears no resemblance to the distribution of vulnerabilities actually disclosed. The article concludes with some practical suggestions for securing VoIP systems.

Subjects

Files

Also Published In

Title
;login:

More About This Work

Academic Units
Computer Science
Published Here
June 23, 2011
Academic Commons provides global access to research and scholarship produced at Columbia University, Barnard College, Teachers College, Union Theological Seminary and Jewish Theological Seminary. Academic Commons is managed by the Columbia University Libraries.