This collaborative project, developing a testbed that enables research on understanding and analysis of vulnerabilities of Voice over IP (VoIP), investigates issues related to Quality of Service (QoS) in VoIP, taking into account possible attacks, identity management, spamming, Denial of Service (DoS) attacks, 911 emergency management, and high availability. Research results will be translated to engineering guidelines for preventing security breaches during development and deployment of VoIP networks. This VoIP infrastructure can, in turn, be reused for different multimedia services like video and instant messaging. Since VoIP is expected to reach critical mass during the next five years, many federal agencies are already putting migration strategies in place. In view that VoIP will have to interoperate with conventional Public Switched Telephone Network (PSTN), this work anticipates discovery of security holes and vulnerabilities during deployment and usage. Thus, vulnerabilities need to be investigated proactively and algorithms and techniques need to be developed to secure VoIP from security threats due to interoperability problems, lack of standards, attacks by hackers, script kiddies, spammers, corporate espionage, and terrorism. This multi-university project limits the scope to spam prevention, defense against DoS, securing 911 emergency services, study the impact of security and QoS.
Broader Impact: With 4 universities, this collaborative project studies security threats and solutions proactively and disseminates the results to commercial and government organizations. The research results should advance the research frontier in the area of security for next generation networks and create practical applications to implementation in VoIP networks. Results, translated into engineering guidelines, should impact developers. The experiments benefit from the geographically distributed sites while the test plan stimulates collaboration between faculty and students. Workshops have been held with participation from the Department of Homeland Security, Department of Defense, FBI, NSA, NIST, FCC, industry consortiums such as International Packet Communications Consortium (IPCC) and SIP.EDU in Internet2, VoPSF, VoIPSA, telecommunication service providers, vendors, and universities. This multi-university infrastructure provides an excellent opportunity for students to experience a real-life telecommunication network. This reconfigurable testbed may be integrated into many courses enabling new research and education in VoIP. .
