[SIPForum-discussion] SIP Security Features

Ram Dantu rdantu at unt.edu
Sun Jun 19 18:55:01 UTC 2005

Greetings Everybody,

We had organized two workshops on VoIP security.
Several papers were presented in these workshop.
See below the summary of 2nd VoIP security
workshop held in Washington DC (1-2 June, 2005).

Ram Dantu

NOTE: Workshop Proceedings (CD format) are available.
For details, see http://secnet.csci.unt.edu

   Summary of 2nd Workshop on VoIP Security
                  Ram Dantu

More than 180 people have participated in the 2nd Workshop on VoIP
Security. The participants include representatives from the Department
of Homeland Security, Department of Defense, the FBI, NSA, NIST, FCC,
industry consortiums such as the International Packet Communications
Consortium (IPCC) and SIP.EDU in Internet2, VoIPSA, and several
telecommunications service providers, vendors and universities.
Some of the topics are:

• Government standards and requirements (NIST/DISA)
• E911, GETS and CALEA (how to provide architectural and
  nodal level support)
• Transitive and end-to-end trust between calling and called parties
• Spam/DOS prevention algorithms
• Lack of test tools for security testing
• Benefits and pitfalls of session border controllers (SBC)
• Creating a research testbed (voip-specific network) for assessing
  vulnerabilities, attack containment, damage analysis due to attacks,
  and evaluating prevention/detection methodologies. This large-scale
  network complements the existing test beds (e.g., EMIST and DETER)
  and builds on top of them. Next, this research test bed can be used
  for evaluating security of future services like multimedia and IPTV.

Program Chair’s comments:
We are extremely pleased with the participation and enthusiasm from the
audience.  We have a good mix of government, service providers, vendors
and universities. We believe that only way to understand the
vulnerabilities and assess damage is to put a live network under a stress
and attacks. We have more than 40 people signed up for helping us in
building a research testbed. The support varies from participating in the
funding proposal, collaborative research, specifying requirements, writing
a test plan and lending us the equipment. In addition, this research
testbed will act as a platform for understanding security aspects of next
generation services and applications in a live network. All the results
will be available for the public and published in the open

> Hi List Members,
> I am in the process of compiling a list of intrinsic security features
> in SIP and how they work. This research is related to a paper I am
> planning on how enhanced SIP security can help harden VOIP Telephone
> Networks.
> Any help, pointers, links, etc. will be appreciated.
> Regards,
> Vinay
> _______________________________________________
> discussion mailing list
> discussion at sipforum.org
> http://sipforum.org/mailman/listinfo/discussion

Ram Dantu Ph.D.,
Assistant Professor,
Department of Computer Science,
University of North Texas,
Denton, Texas, 76203
tele: 940 565 2822
email: rdantu at unt.edu

More information about the discussion mailing list