| Abstract: | Voice services over Internet Protocol (VoIP) are nowadays much promoted by telecommunication
and Internet service providers. However, the utilization of open networks, like the Internet, raises several security issues that must be accounted for. On top of that, there
are new sophisticated attacks against VoIP infrastructures that capitalize on vulnerabilities
of the protocols employed for the establishment of a VoIP session (for example the Session
Initiation Protocol – SIP). This paper provides a categorization of potential attacks against VoIP services, followed by
specific security recommendations and guidelines for protecting the underlying infrastructure
from these attacks and thus ensuring the provision of robust and secure services.
In order to utilize (share) the aforementioned security guidelines and recommendations
into different domains, it is necessary to have them represented in some formal way. To this end, ontologies have been used for representing the proposed guidelines and recommendations in the form of a unified security policy for VoIP infrastructures. This ontology-based policy has been then transformed to a First Order Logic (FOL) formal representation. The proposed ontology-based security policy can be applied in a real VoIP environment for
detecting attacks against an SIP-based service, but it can be also utilized for security testing
purposes and vulnerabilities identification.
The work presented in this paper has been focused to the SIP protocol. However, generalization
to other signaling protocols is possible. |
|---|
Greek