The telephony system, which enabled near universal voice communication, has undergone a dramatic change due to technological advances and legal and regulatory changes. Although these changes offer many benefits, including low cost calling and richer functionality, they have introduced new vulnerabilities that can seriously undermine the trust people have in transactions conducted over the telephony channel. In fact, caller impersonation and social engineering over the phone are increasingly being used to commit fraud and steal credentials for online account takeovers. This project focuses on research that can help secure the emerging telephony landscape against these and other emerging threats. To better understand security threats, the project first explores the feasibility of using a telephony honeypot for characterizing the sources and nature of unwanted and malicious calls, and the vulnerabilities exploited by these calls. Based on an understanding of these threats and vulnerabilities, new techniques are investigated to combat and mitigate telephony based attacks. For example, to address call metadata manipulation, features embedded into the call audio itself are investigated, which can potentially be used to establish the source of a call in a more robust manner. The project also seeks to understand cross channel malicious activity in which attackers utilize both the web and telephony channels to devise and mount sophisticated attacks.
Telephony has been a trusted channel in the past and the project explores how trustworthy communication can be enabled in the future when voice communication will increasingly be integrated with our other online activities.
