Christian Schanes

Security Status of VoIP Based on the Observation of Real-World Attacks on a Honeynet

VoIP (Voice over IP) systems are more and more replacing PSTN (Public Switched Telephone Network) infrastructures. This increases the dependency on available and secure VoIP systems for successful business. Attacks against VoIP systems are becoming more imaginative and many attacks can cause damage, e.g., gain money for attackers or create costs for the victim. Therefore, in this paper the current security status of VoIP systems is described by analyzing real-world attacks collected in a honey net solution. In order to get the results, a classification, an analysis and a validation of the collected data were performed. The achieved results deliver information about Identity Theft, Malformed Messages, Fraudulent Calls as well as Attacker Behaviors and can help to adapt existing prevention systems to avoid the recognized and analyzed attacks in a productive environment.

Voice calls for free: How the black market establishes free phone calls — Trapped and uncovered by a VoIP honeynet

The number of Voice over IP systems and the number of Session Initiation Protocol users is constantly increasing. The new Voice over IP infrastructures are connected with the traditional Public Switched Telephone Network and attacks against the phone infrastructure are becoming more imaginative. The attacks can cause financial losses, e.g., attackers steal money or incur costs for the victim. We analyze the current status of toll fraud attacks by analyzing real-world attacks collected in a Voice over IP honeynet solution. Based on the detailed data about real attacks, the creation or adaption of existing prevention mechanisms is possible in order to avoid toll fraud attacks in live environments.

Black-box approach for testing quality of service in case of security incidents on the example of a SIP-based VoIP service: work in progress

One of the main security objectives for systems connected to the Internet which provide services like Voice over Internet Protocol (VoIP) is to ensure robustness against security attacks to fulfill Quality of Service (QoS). To avoid system failures during attacks service providers have to integrate counter-measures which have to be tested. This work evaluates a test approach to determine the efficiency of counter-measures to fulfill QoS for Session Initiation Protocol (SIP) based VoIP systems even under attack. The main objective of the approach is the evaluation of service availability of a System Under Test (SUT) during security attacks, e.g., Denial of Service (DoS) attacks. Therefore, a simulated system load based on QoS requirements is combined with different security attacks. The observation of the system is based on black-box testing. By monitoring quality metrics of SIP transactions the behavior of the system is measurable. The concept was realized as a prototype and was evaluated using different VoIP systems. For this, multiple security attacks are integrated to the testing scenarios. The outcome showed that the concept provides sound test results, which reflect the behavior of SIP systems availability under various attacks. Thus, security problems can be found and QoS for SIP-based VoIP communication under attack can be predicted.

Mining security changes in FreeBSD

Current research on historical project data is rarely touching on the subject of security related information. Learning how security is treated in projects and which parts of a software are historically security relevant or prone to security changes can enhance the security strategy of a software project. We present a mining methodology for security related changes by modifying an existing method of software repository analysis. We use the gathered security changes to find out more about the nature of security in the FreeBSD project and we try to establish a link between the identified security changes and a tracker for security issues (security advisories). We give insights how security is presented in the FreeBSD project and show how the mined data and known security problems are connected.

Dataset of developer-labeled commit messages

Current research on change classification centers around automated and semi-automated approaches which are based on evaluation by either the researchers themselves or external experts. In most cases, the persons evaluating the effectiveness of the classification schemes are not the authors of the original changes and therefore can only make assumptions about the intent of the changes. To support validation of existing labeling mechanisms and to provide a training set for future approaches, we present a survey of source code changes that were labeled by their original authors. Seven developers from six different project applied three existing classification schemes from current literature to enrich their own changes with meta-information, so the intent of the changes becomes more evident. The final data set consists of 967 classified changes and is available as an SQLite database as part of the MSR data set.

Automated Security Test Approach for SIP-based VoIP Softphones

Voice over Internet Protocol based systems become more and more part of business critical IT infrastructures. To increase the robustness of voice applications, automated security testing is required to detect security vulnerabilities in an efficient way. In this paper we present a fuzzer framework to detect security vulnerabilities in Voice over Internet Protocol Softphones, which implement Session Initiation Protocol. The presented approach automates the Graphical User Interface interaction for softphones during fuzzing and also observes the behavior of the softphone Graphical User Interfaces to automatically detect application errors. Results of testing two open source softphones by using our fuzzer showed that various unknown vulnerabilities could be identified with the implemented fuzzer and some vulnerabilities were found that are only detectable by using Graphical User Interface observation.

Architecture for Trapping Toll Fraud Attacks Using a VoIP Honeynet Approach

Voice over IP systems are more and more replacing Public Switched Telephone Network infrastructures. The number of voice telephony installations and the number of Session Initiation Protocol users is constantly increasing. Attacks against Voice over IP systems are becoming more imaginative and many attacks can cause financial damage, e.g., attackers gain money or create costs for the victim. Therefore, the dependency on available and secure Voice over IP systems to conduct secure business is given. We provide an environment to uncover real-world toll fraud attacks by collecting data using a Voice over IP honeynet solution.

Chaotic ad-hoc data network - A bike based system for city networks

Cities are facing an increasing number of bicycles being used by urban citizen and the need of monitoring and managing this type of traffic becomes part of municipality and city administration. Bicycles shall be able to communicate between each other, exchange data with information service providers in the city and broadcast alarm and emergency messages. In this work we describe a wireless sensor network infrastructure approach designed especially for data messaging for bicycles, being independent of existing networks of telecommunication operators. The proposed communication network is assumed to be a decentralized, chaotic ad-hoc network established by a transceiver mounted on each bicycle. With this approach important information from bicycles moving around in the city can be gathered without depending on 3rd party network infrastructures. This network can build the basis for further applications for bicycles like optimized traffic management.

Mobile Payment Fraud: A Practical View on the Technical Architecture and Starting Points for Forensic Analysis of New Attack Scenarios

As payment cards and mobile devices are equipped with Near Field Communication (NFC) technology, electronic payment transactions at physical Point of Sale (POS) environments are changing. Payment transactions do not require the customerto insert their card into a slot of the payment terminal. The customer is able to simply swipe the payment card or mobilephone in front of a dedicated zone of the terminal to initiate a payment transaction. Secure Elements (SEs) in mobile phonesand payment cards with NFC should keep sensitive application data in a save place to protect it from abuse by attackers.Although hardware and the operating system of such a chip has to go through an intensive process of security testing, thecurrent integration of such a chip in mobile phones easily allows attackers to access the information stored. In the followingpaper we present the implementation of two different proof-of-concept attacks. Out of the analysis of the attack scenarios, wepropose various starting points for the forensic analysis in order to detect such fraudulent transactions. The presented conceptshould lead to fewer fraudulent transactions as well as protected evidence in case of fraud.

Global VoIP security threats - large scale validation based on independent honeynets

Voice over IP (VoIP) gains more and more attractiveness by large companies as well as private users. Therefore, the risk increases that VoIP systems get attacked by hackers. In order to effectively protect VoIP users from misuse, researchers use, e.g., honeynets to capture and analyze VoIP attacks occurring in the Internet. Global VoIP security threats are analyzed by studying several millions of real-world attacks collected in independent VoIP honeynet solutions with different capture mechanisms over a long period of time. Due to the validation of results from several honeynet designs we have achieved a unique, much broader view on large scale attacks. The results show similar attacker behavior, confirm previous assumptions about attacks and present new insights in large scale VoIP attacks, e.g., for toll fraud.