VoIP Threat Taxonomy

Chapter Description

This chapter categorizes the main threats against VoIP service (threats against availability, confidentiality, integrity, and social context) and explains their impact and possible methods of protection.

From the Book

Voice over IP Security

Voice over IP Security

$60.00

Summary

VoIP vulnerabilities can be exploited to create many different kinds of threats. The threats can be categorized as four different types: threats against availability, confidentiality, integrity, and social context.

A threat against availability is a threat against service availability that is supposed to be running 24/7. That is, the threat is aiming at VoIP service interruption, typically, in the form of DoS. The examples are call flooding, malformed messages (protocol fuzzing), spoofed messages (call teardown, toll fraud), call hijacking (registration or media session hijacking), server impersonating, and QoS abuse.

A threat against confidentiality does not impact current communications generally, but provides an unauthorized means of capturing conversations, identities, patterns, and credentials that are used for the subsequent unauthorized connections or other deceptive practices. VoIP transactions are mostly exposed to the confidentiality threat because most VoIP service does not provide full confidentiality (both signal and media) end-to-end. The threat examples are eavesdropping media, call pattern tracking, data mining, and reconstruction.

A threat against integrity is altering messages (signals) or media after intercepting them in the middle of the network. That is, an attacker can see the entire signaling and media stream between endpoints as an intermediary. The alteration can consist of deleting, injecting, or replacing certain information in the VoIP message or media. The typical examples are call rerouting, call black holing, media injection, and media degrading.

A threat against social context focuses on how to manipulate the social context between communication parties so that an attacker can misrepresent himself as a trusted entity and convey false information to the target user. The typical examples are misrepresentation (identity, authority, rights, and content), voice spam, instant message spam, presence spam, and phishing.

6. References | Next Section Previous Section