DOCSLIB.ORG

Sok: Everyone Hates Robocalls: a Survey of Techniques Against Telephone Spam

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Sok: Everyone Hates Robocalls: a Survey of Techniques Against Telephone Spam SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn Arizona State University {tu, doupe, zzhao30, gahn}@asu.edu Abstract—Telephone spam costs United States consumers productivity. A study in 2014 by Kimball et al. [5] found $8.6 billion annually. In 2014, the Federal Trade Commission that 75% of people listened to over 19 seconds of a robocall has received over 22 million complaints of illegal and wanted message and the vast majority of people, 97%, listen to calls. Telephone spammers today are leveraging recent techni- cal advances in the telephony ecosystem to distribute massive at least 6 seconds. Even when the recipient ignores or automated spam calls known as robocalls. Given that anti-spam declines the call, today spammers can send a prerecorded techniques and approaches are effective in the email domain, audio message directly into the recipient’s voicemail inbox. the question we address is: what are the effective defenses Deleting a junk voicemail wastes even more time, taking at against spam calls? least 6 steps to complete in a typical voicemail system. In this paper, we first describe the telephone spam ecosys- tem, specifically focusing on the differences between email Telephone spam are not only significant annoyances, and telephone spam. Then, we survey the existing telephone they also result in significant financial loss in the econ- spam solutions and, by analyzing the failings of the current omy, mostly due to scams and identity theft. According techniques, derive evaluation criteria that are critical to an to complaint data collected by the FTC, Americans lose acceptable solution. We believe that this work will help guide more than $8.6 billion due to fraud annually, and the vast the development of effective telephone spam defenses, as well as provide a framework to evaluate future defenses. majority of them (and still increasing) are due to phone communication [4]. This situation is surprising, given the significant gains made in reducing the amount of email I. INTRODUCTION spam. This raises the question: are there any simple and The national and global telephony system is a critical effective solutions that could stop telephone spam? The un- component of our modern infrastructure and economy. In fortunate answer is no. We found that this issue is not easily the United States (US), the mobile telephone subscribership solved, and, in fact, the simple and effective techniques penetration rate has already surpassed 100% [1]. According against email spam cannot be applied to telephone systems. to the U.S. Bureau of Labor Statistics, each day more than There are significant differences and unique challenges in the 240 million hours are spent on telephone calls in the United telephone ecosystem that require novel approaches. Many States, equating to more than 88 trillion hours each year [2]. existing solutions have failed to overcome these challenges However, with the pervasiveness of telephone service and, as a result, have yet to be widely implemented. subscribership, telephone spam has also become an increas- The objective of this paper is to survey the existing ingly prevalent issue in the US. Recent technical advances solutions in combating telephone spam and, by analyzing the in the telephony ecosystem are leveraged by spammers to failings of the current techniques, derive the requirements distribute massive automated spam calls, known as robo- that are critical to an acceptable solution. This work will calls. The Federal Trade Commission’s (FTC) National Do help guide the development of effective telephone spam Not Call Registry’s cumulative number of complaints of defenses, as well as provide a framework to help evaluate illegal calls in the US totaled more than 22 million in the techniques against telephone spam. 2014 [3], with about 200,000 complaints each month about robocalls alone [4]. Despite US laws prohibiting robocalling The main contributions of this paper are the following: and telephone spamming (with some exceptions), complaints • We describe the telephone spam ecosystem, focusing on illegal calls have reached record numbers year after on the players involved and the technical challenges year, which indicates that the laws have not deterred the that make telephone spam distinct from email spam. spammers. • We develop a taxonomy that classifies the existing anti- Spam calls are significant annoyances for telephone users. spam techniques into three categories, providing a high- Unlike email spam, which can be ignored, spam calls level view of the benefits and drawbacks of each type demand immediate attention. When a phone rings, a call of technique. recipient generally must decide whether to accept the call • We provide a systematization of assessment criteria and listen to the call. After realizing that the call contains for evaluating telephone spam countermeasures, and unwanted information and disconnects from the call, the we evaluate existing techniques using these assessment recipient has already lost time, money (phone bill), and criteria. • We provide a discussion on what we believe to be the Long Distance Network Interexchange Carrier Interexchange Termination Network Termination future direction of solving the telephone spam problem. Termination Carrier Open Internet Open VoIP CarrierVoIP Trunk Line II. BACKGROUND While email spam is arguably the most well-known form Spammer Victims of spam, telephone spam is now more popular than ever. The Public Switched Telephone Network (PSTN) is an Possibly further anonymized behind VPNs and Possibly routing through more layers than aggregate of various interconnected telephone networks that Tor networks depicted adheres to the core standards created by the International Figure 1: Routing of a spam call. Telecommunication Union, allowing most telephones to intercommunicate. We define telephone spam as the mass VoIP Interexchange Termination distribution of unwanted content to modern telephones in the Victim Spammer Carrier Carrier Carrier PSTN, which includes voice spam that distributes unwanted voice content to answered phones, and voicemail spam that distributes unwanted voice content into the recipient’s Leads Seller voicemail inbox. Due to the much greater capacity of IP infrastructure Figure 2: The flow of money in the telephone spam ecosys- and the wide availability of IP-based equipment, telephony tem. service providers have shifted their network infrastructure to IP-based solutions, and the operation cost of the telephone network has dramatically decreased. While the core PSTN than email spam, particularly when spammers use techniques infrastructure has evolved to be almost entirely IP-based, such as caller ID spoofing. the core signaling protocols have not changed. The entire A. Key Players of Telephone Spam ecosystem still relies on the three-decade-old Signaling Sys- tem No. 7 (SS7) [6] suite of protocols, allowing any phone to To understand the telephone spam ecosystem, we will first reach any other phone through a worldwide interconnection identify and explain the roles of all players who take part in of switching centers. the routing of a telephone spam. Figure 1 show a graph- A very common way of disseminating telephone spam ical depiction of the routing process: The spammer con- is robocalling, which uses an autodialer that automatically nects through the Internet to an Internet Telephony Service dials and delivers a prerecorded message to a list of phone Provider, then the call is routed through an Interexchange numbers. An autodialer is a generic term for any com- Carrier, before finally being accepted by the Termination puter program or device that can automatically initiate calls Carrier, who then routes the call to the victim. to telephone recipients. Today, an autodialer is usually a Another way to understand the ecosystem is to show computer program with Voice over Internet Protocol (VoIP) how money flows through the system, which we display in connectivity to a high volume VoIP-to-PSTN carrier, that Figure 2: the money flows from the victim to the spammer, may include features such as voicemail and SMS delivery, and the spammer uses this money to obtain leads (new phone customizable caller ID, Call Progress Analysis, scheduled numbers to spam) and to pay for the spam calls, the Internet broadcast, text-to-speech, Interactive Voice Response, etc. Telephony Service Provider receives the money from the The high reachability of telephone numbers has led to spammer and pays the Interexchange Carrier, who then pays telephony being an attractive spam distribution channel. Al- the Termination Carrier. Next we examine each of these most every adult in the US can be reached with a telephone roles in turn. number, and the vast majority of telephone numbers are Spammer is the agent that carries out the spamming mobile telephone subscribers. Although VoIP usage has been operation. The spammer could be part of an organization, growing rapidly, we found that it is more of an add-on or an independent contractor that offers spamming-as-a- protocol (instead of a wholesale replacement) of existing service. The goal of the spammer is usually to extract mobile wireless and landline services. Using 2013 statistics, money from victims through sales and scams, or to launch there are about 335 million mobile telephone subscribers [1], a campaign of harassment. For cost efficiency, spam calls 136 million fixed-telephone subscribers [7], and 34 million are typically initiated using an autodialer connected to an VoIP subscribers [8] in the US (population 318 million). Internet Telephony Service Provider to reach the PSTN We believe the improved cost efficiency of telephone victims. Currently, spamming to VoIP victims are not as spamming, advancement of spam distribution technology, common, mainly due to the limited pool of potential victims, and high reachability of telephone numbers contributed to and some VoIP users, such as Skype, may not be reachable the recent surge in telephone spam. Furthermore, we believe most of the time. We will describe the spammer’s operation that telephone spam has the potential to be more persuasive in more detail in Section II-B.
Load more

Recommended publications
  • Vermont Robocall Spoofing Survey
    WHO’S REALLY ON THE LINE? AN AARP VERMONT SURVEY OF ADULTS 18+ ABOUT ROBOCALLS AND SPOOFING May 2019 AARP.ORG/RESEARCH | © 2019 AARP ALL RIGHTS RESERVED DOI: https://doi.org/10.26419/res.00298.004 AARP RESEARCH Table of Contents Introduction 3 Key Findings 4 Devices Owned and Caller ID 6 Experiences with Robocalls 9 Robocall Spoofing and Scams 13 Reducing Spoofing and Robocalls 20 Summary and Implications 25 Methodology 28 Appendix 30 AARP.ORG/RESEARCH | © 2019 AARP ALL RIGHTS RESERVED AARP RESEARCH 2 Introduction Most of us are familiar with robocall technology – where computers autodial thousands of households with legitimate messages such as pre-recorded school announcements, general reminders of an upcoming scheduled event, or emergency and disaster warnings. However, robocalling also has made it easier for scammers to inexpensively reach millions of consumers and to “spoof” (i.e., disguise) the scammers’ phone numbers. Criminals will generate phone numbers that appear local and familiar to the consumer – known as “neighbor spoofing” – so they will be more likely to answer and respond. Criminal telemarketers will impersonate such entities as the IRS, popular charities, software tech companies, or police officials to entice or threaten consumers into sharing personal identification information or sending money in order to win prizes or money, pay exorbitant fines, or avoid criminal arrest or even jail time. According to the YouMail Robocall index, there were over 43.6 million robocalls placed in Vermont in 2018, more than double the number from 2016.1 The growth of illegal robocalling and spoofing has fueled an increase in telephone fraud victimization.
    [Show full text]
  • Spamming Botnets: Signatures and Characteristics
    Spamming Botnets: Signatures and Characteristics Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten+,IvanOsipkov+ Microsoft Research, Silicon Valley +Microsoft Corporation {yxie,fangyu,kachan,rina,ghulten,ivano}@microsoft.com ABSTRACT botnet infection and their associated control process [4, 17, 6], little In this paper, we focus on characterizing spamming botnets by effort has been devoted to understanding the aggregate behaviors of leveraging both spam payload and spam server traffic properties. botnets from the perspective of large email servers that are popular Towards this goal, we developed a spam signature generation frame- targets of botnet spam attacks. work called AutoRE to detect botnet-based spam emails and botnet An important goal of this paper is to perform a large scale analy- membership. AutoRE does not require pre-classified training data sis of spamming botnet characteristics and identify trends that can or white lists. Moreover, it outputs high quality regular expression benefit future botnet detection and defense mechanisms. In our signatures that can detect botnet spam with a low false positive rate. analysis, we make use of an email dataset collected from a large Using a three-month sample of emails from Hotmail, AutoRE suc- email service provider, namely, MSN Hotmail. Our study not only cessfully identified 7,721 botnet-based spam campaigns together detects botnet membership across the Internet, but also tracks the with 340,050 unique botnet host IP addresses. sending behavior and the associated email content patterns that are Our in-depth analysis of the identified botnets revealed several directly observable from an email service provider. Information interesting findings regarding the degree of email obfuscation, prop- pertaining to botnet membership can be used to prevent future ne- erties of botnet IP addresses, sending patterns, and their correlation farious activities such as phishing and DDoS attacks.
    [Show full text]
  • Zambia and Spam
    ZAMNET COMMUNICATION SYSTEMS LTD (ZAMBIA) Spam – The Zambian Experience Submission to ITU WSIS Thematic meeting on countering Spam By: Annabel S Kangombe – Maseko June 2004 Table of Contents 1.0 Introduction 1 1.1 What is spam? 1 1.2 The nature of Spam 1 1.3 Statistics 2 2.0 Technical view 4 2.1 Main Sources of Spam 4 2.1.1 Harvesting 4 2.1.2 Dictionary Attacks 4 2.1.3 Open Relays 4 2.1.4 Email databases 4 2.1.5 Inadequacies in the SMTP protocol 4 2.2 Effects of Spam 5 2.3 The fight against spam 5 2.3.1 Blacklists 6 2.3.2 White lists 6 2.3.3 Dial‐up Lists (DUL) 6 2.3.4 Spam filtering programs 6 2.4 Challenges of fighting spam 7 3.0 Legal Framework 9 3.1 Laws against spam in Zambia 9 3.2 International Regulations or Laws 9 3.2.1 US State Laws 9 3.2.2 The USA’s CAN‐SPAM Act 10 4.0 The Way forward 11 4.1 A global effort 11 4.2 Collaboration between ISPs 11 4.3 Strengthening Anti‐spam regulation 11 4.4 User education 11 4.5 Source authentication 12 4.6 Rewriting the Internet Mail Exchange protocol 12 1.0 Introduction I get to the office in the morning, walk to my desk and switch on the computer. One of the first things I do after checking the status of the network devices is to check my email.
    [Show full text]
  • Towards Mitigating Unwanted Calls in Voice Over IP
    FACULDADE DE ENGENHARIA DA UNIVERSIDADE DO PORTO Towards Mitigating Unwanted Calls in Voice Over IP Muhammad Ajmal Azad Programa Doutoral em Engenharia Electrotécnica e de Computadores Supervisor: Ricardo Santos Morla June 2016 c Muhammad Ajmal Azad, 2016 Towards Mitigating Unwanted Calls in Voice Over IP Muhammad Ajmal Azad Programa Doutoral em Engenharia Electrotécnica e de Computadores June 2016 I Dedicate This Thesis To My Parents and Wife For their endless love, support and encouragement. i Acknowledgments First and foremost, I would like to express my special gratitude and thanks to my advisor, Professor Dr. Ricardo Santos Morla for his continuous support, supervision and time. His suggestions, advice and criticism on my work have helped me a lot from finding a problem, design a solution and analyzing the solution. I am forever grateful to Dr. Morla for mentoring and helping me throughout the course of my doctoral research.. I would like to thanks my friends Dr. Arif Ur Rahman and Dr. Farhan Riaz for helping in understanding various aspects of research at the start of my Ph.D, Asif Mohammad for helping me in coding with Java, and Bilal Hussain for constructive debate other than academic research and continuous encouragements in the last three years. Of course acknowledgments are incomplete without thanking my parents, family members and loved ones. I am very thankful to my parents for spending on my education despite limited resources. They taught me about hard work, make me to study whenever I run away, encourage me to achieve the goals, self-respect and always encourage me for doing what i want.
    [Show full text]
  • Enisa Etl2020
    EN From January 2019 to April 2020 Spam ENISA Threat Landscape Overview The first spam message was sent in 1978 by a marketing manager to 393 people via ARPANET. It was an advertising campaign for a new product from the company he worked for, the Digital Equipment Corporation. For those first 393 spammed people it was as annoying as it would be today, regardless of the novelty of the idea.1 Receiving spam is an inconvenience, but it may also create an opportunity for a malicious actor to steal personal information or install malware.2 Spam consists of sending unsolicited messages in bulk. It is considered a cybersecurity threat when used as an attack vector to distribute or enable other threats. Another noteworthy aspect is how spam may sometimes be confused or misclassified as a phishing campaign. The main difference between the two is the fact that phishing is a targeted action using social engineering tactics, actively aiming to steal users’ data. In contrast spam is a tactic for sending unsolicited e-mails to a bulk list. Phishing campaigns can use spam tactics to distribute messages while spam can link the user to a compromised website to install malware and steal personal data. Spam campaigns, during these last 41 years have taken advantage of many popular global social and sports events such as UEFA Europa League Final, US Open, among others. Even so, nothing compared with the spam activity seen this year with the COVID-19 pandemic.8 2 __Findings 85%_of all e-mails exchanged in April 2019 were spam, a 15-month high1 14_million
    [Show full text]
  • Locating Spambots on the Internet
    BOTMAGNIFIER: Locating Spambots on the Internet Gianluca Stringhinix, Thorsten Holzz, Brett Stone-Grossx, Christopher Kruegelx, and Giovanni Vignax xUniversity of California, Santa Barbara z Ruhr-University Bochum fgianluca,bstone,chris,[email protected] [email protected] Abstract the world-wide email traffic [20], and a lucrative busi- Unsolicited bulk email (spam) is used by cyber- ness has emerged around them [12]. The content of spam criminals to lure users into scams and to spread mal- emails lures users into scams, promises to sell cheap ware infections. Most of these unwanted messages are goods and pharmaceutical products, and spreads mali- sent by spam botnets, which are networks of compro- cious software by distributing links to websites that per- mised machines under the control of a single (malicious) form drive-by download attacks [24]. entity. Often, these botnets are rented out to particular Recent studies indicate that, nowadays, about 85% of groups to carry out spam campaigns, in which similar the overall spam traffic on the Internet is sent with the mail messages are sent to a large group of Internet users help of spamming botnets [20,36]. Botnets are networks in a short amount of time. Tracking the bot-infected hosts of compromised machines under the direction of a sin- that participate in spam campaigns, and attributing these gle entity, the so-called botmaster. While different bot- hosts to spam botnets that are active on the Internet, are nets serve different, nefarious goals, one important pur- challenging but important tasks. In particular, this infor- pose of botnets is the distribution of spam emails.
    [Show full text]
  • Trusting Spam Reporters: a Reporter-Based Reputation System for Email Filtering
    Trusting Spam Reporters: A Reporter-based Reputation System for Email Filtering ELENA ZHELEVA University of Maryland, College Park ALEKSANDER KOLCZ Microsoft Live Labs LISE GETOOR University of Maryland, College Park Spam is a growing problem; it interferes with valid email and burdens both email users and service providers. In this work, we propose a reactive spam-filtering system based on reporter reputation for use in conjunction with existing spam-filtering techniques. The system has a trust- maintenance component for users, based on their spam-reporting behavior. The challenge that we consider is that of maintaining a reliable system, not vulnerable to malicious users, that will provide early spam-campaign detection to reduce the costs incurred by users and systems. We report on the utility of a reputation system for spam filtering that makes use of the feedback of trustworthy users. We evaluate our proposed framework, using actual complaint feedback from a large population of users, and validate its spam-filtering performance on a collection of real email traffic over several weeks. To test the broader implication of the system, we create a model of the behavior of malicious reporters, and we simulate the system under various assumptions using a synthetic dataset. Categories and Subject Descriptors: H.1 [Information Systems]: Models and Principles General Terms: Algorithms Additional Key Words and Phrases: spam filtering; reputation systems; trust. Author’s address: E. Zheleva, Computer Science Department, AV Williams Bldg., University of Maryland, College Park, MD, 20742. c ACM, 2009. This is the author’s version of the work. It is posted here by permission of ACM for your personal use.
    [Show full text]
  • A Rule Based Approach for Spam Detection
    A RULE BASED APPROACH FOR SPAM DETECTION Thesis submitted in partial fulfillment of the requirements for the award of degree of Master of Engineering In Computer Science & Engineering By: Ravinder Kamboj (Roll No. 800832030) Under the supervision of: Dr. V.P Singh Mrs. Sanmeet Bhatia Assistant Professor Assistant Professor Computer Science & Engineering Department of SMCA COMPUTER SCIENCE AND ENGINEERING DEPARTMENT THAPAR UNIVERSITY PATIALA – 147004 JULY- 2010 i ii Abstract Spam is defined as a junk Email or unsolicited Email. Spam has increased tremendously in the last few years. Today more than 85% of e-mails that are received by e-mail users are spam. The cost of spam can be measured in lost human time, lost server time and loss of valuable mail. Spammers use various techniques like spam via botnet, localization of spam and image spam. According to the mail delivery process anti-spam measures for Email Spam can be divided in to two parts, based on Emails envelop and Email data. Black listing, grey listing and white listing techniques can be applied on the Email envelop to detect spam. Techniques based on the data part of Email like heuristic techniques and Statistical techniques can be used to combat spam. Bayesian filters as part of statistical technique divides the income message in to words called tokens and checks their probability of occurrence in spam e-mails and ham e-mails. Two types of approaches can be followed for the detection of spam e-mails one is learning approach other is rule based approach. Learning approach required a large dataset of spam e-mails and ham e-mails is required for the training of spam filter; this approach has good time characteristics filter can be retrained quickly for new Spam.
    [Show full text]
  • Address Munging: the Practice of Disguising, Or Munging, an E-Mail Address to Prevent It Being Automatically Collected and Used
    Address Munging: the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations that send unsolicited bulk e-mail address. Adware: or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Some types of adware are also spyware and can be classified as privacy-invasive software. Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least. Backdoor: in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation.
    [Show full text]
  • Technical Means to Combat Spam in the Voip Service
    Section Four Technical Means to Combat Spam in the VoIP Service Spam refers in general to any unsolicited communication. Spam will also become one of the serious problems for multimedia communication in the near future. Spam in multimedia communication is referred to as SIP spam or SPIT (Spam over Internet Telephony), where SIP is used to manage the session between two end users. In this paper, the types of SIP spam are introduced and various pragmatic solutions applicable to combat the SIP spams are described including content filtering, white list, black list, and the reputation system. Finally, the detailed operation and principles for the authenticated identity in SIP header, which is a prerequisite for the solutions above, are also described. The possible solutions to combat the SIP spasm have been listed and the background technology to those solutions, an authenticated identity between the domains, is also introduced. Heung Youl Youm (PhD) Professor, Soonchunhyang University, South Korea Rapporteur, Q.9/SG17, ITU-T [email protected] 1 Introduction IP telephony is known as a technology that allows standard telephone voice signals to be compressed into data packets for transmission over the Internet or other IP network. The protocols used in carrying the voice signals over the IP networks are commonly referred to as Voice over IP (VoIP). The spam problem in email and instant messaging (IM) makes the email or the IM users to trust less of these tools and consequently reduce their usage. While the security mechanisms for the IP telephony are being studied, the spam problem in VoIP has not been studied extensively yet.
    [Show full text]
  • Review on Email Spam Filtering Techniques
    International Journal of Scientific Engineering and Applied Science (IJSEAS) – Volume-2, Issue-3, March 2016 ISSN: 2395-3470 www.ijseas.com Review on Email Spam Filtering Techniques Shiva Sharma1, U. Dutta 2 Computer Science and Engineering Department, Maharana Pratap College of technology Putli Ghar Road, Near Collectorate, Gwalior-474006, Madhya Pradesh, India ABSTRACT- In this paper we present email online messages, blogs, forums, whatsapp and spam filtering and email authorship instant messaging services. Among all CMC, identification. Electronic mail is used by email has remained a key source of written millions of people to communicate around the communication, especially in the last few years. world daily and is a mission-critical Due to its salient features, it is the preferred application for many businesses. Over the last source of written communication for almost 10 years, unsolicited bulk email has become a every population (a part from illiterate) major problem for email users called senders connected to the Internet. It is a very quick, and receivers. And the recent years spam asynchronous written communication channel became as a big problem of internet and that is used for various purposes ranging from electronic communication known as users. formal to informal communication. Email There is developed lot of techniques to fight messages can be sent to a single receiver or them. We presents the overview of existing e- broadcasted to groups known as users. An email mail spam filtering methods is given. The message can reach to a number of receivers classification, valuation and juxtaposition of simultaneously and instantly at singe time. traditional and learning based methods are These days, the majority of individuals even provided.
    [Show full text]
  • A Survey on Voip Security Attacks and Their Proposed Solutions
    International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: [email protected], [email protected] Volume 2, Issue 3, March 2013 ISSN 2319 - 4847 A Survey on VoIP Security Attacks and their Proposed Solutions Jyoti Shukla1, Bhavana Sahni2 1Assistant Professor, Amity University 2M.tech Student, Amity University ABSTRACT VoIP is a communication protocol which is being widely used and voice calls are transmitted over an IP network such as internet instead of Public Switched Telephone Networks (PSTN). VoIP converts voice into digital signal that travels over the internet and the audio output device makes the digital to audio conversation at the receiver side. In today's time people are using these technologies in their daily life, for communication over the internet but they are not aware with the security issues on VoIP conversation. There are different types of security issues with VoIP conversation. The main focus on this paper is to introduce different security attacks and defense approaches for security attacks on VoIP conversation. Keywords: VoIP, Security Attacks, Defense Approaches. 1. INTRODUCTION Voice over internet protocol (VoIP) is routing of voice conversation over the internet or IP based network. The flow of voice data over the internet in the VoIP system firstly human voice must be converted into digitized form. Then it is compressed to save bandwidth and optionally encryption can also be used to protect the conversation from sniffing. Then the voice samples are inserted into data packets to be carried out over the IP networks. Real- time Transport Protocol which defines the standardized packet format for delivering the audio or video over the internet, RTP packet have header field to hold the data and it is needed to correctly re-assemble packet into voice signal on the other end.
    [Show full text]