Evaluation of users’ perspective on VoIP’s security vulnerabilities

1. Evaluation of users’ perspective on VoIP’s security vulnerabilities Alireza Heravi Supervisors: Professor Jill Slay Dr Sameera Mubarak

2. Research Questions • To what extend are VoIP users aware of VoIP security vulnerabilities and what is their attitude towards these issues?

3. Research Methodology • This thesis is a positivist quantitative research (Survey) • For quantitative data collection purpose, an anonymous on-line questionnaire was designed. • The questionnaire is designed by using Google Docs. • The answers to the questions are stored at Google’s server in Google Docs spreadsheet format and it is accessible by logging in to the corresponding Gmail account. • For analyzing the collected data SPSS (PASW Statistics 17.0 (release 17.0.2)) and Microsoft Excel 2007 were used.

5. The Questionnaire • The questionnaire contains: • 20 questions • 18 closed questions (2 five-point scale question) • 2 open questions

6. The First Transmitted Voice “Mr. Watson, come here, I want to see you” Sent by Alexander Graham Bell in 1876 (Flood 1976; Brittain 2005) http://images.livescience.com/images/gm_Alexander_Graham_Bell_03_10.jpg

7. What is VoIP? • Voice over Internet Protocol • Transmits voice conversations over IP based networks like internet • Converges voice and data • Skype, oovoo, Google Talk, MSN … • Key drivers: low cost and flexibility • Location independence • Integration with other services like file exchanges

8. How VoIP works? On the sender side: • VoIP system converts voice into digital signal • Split it into packets • Transport it over IP networks On the receiving side • Digitized voice data is reassembled and decoded

9. Source: www.baacs.com/VoIP.html

10. VoIP Implementation Figure 1 (Phone-to-Phone) Figure 2 (PC-to-PC)

11. VoIP Implementation (cont.) Figure 3 PC-to-Phone/phone-to-PC

12. VoIP Implementation (cont.)

13. VoIP Security • VoIP uses IP networks and therefore inherits its vulnerabilities. • IP Networks have various potential vulnerable points • Adding voice traffic to IP networks complicates security issues and introduces a range of vulnerabilities. • A VoIP system may face either an exclusive attack or an attack to the underlying IP network. • For having a secure VoIP system, both the IP network and the VoIP specific security issues must be addressed. • Network components including switches, routers, and firewalls, must also be VoIP aware to be able to provide specific VoIP security features.

14. Results and Findings Sample population:Students of the School of CIS of the UniSA Population: about 300 Number of participants: 107 from 18 different countries

15. Results and Findings (cont.) - Most of the participants believe that traditional telephony (land line/mobile) is more secure than VoIP - Participants are most concerned about lower cost and least concerned about security. The most concerned feature when making international calls Graph -2 Graph -1

16. Results and Findings (cont.) • The majority of the respondents who make international call by either VoIP or landline/mobile are concerned about privacy (eavesdropping). • The respondents that prefer computer over land line/mobile for international calls are less concerned about VoIP privacy and vice versa • No relationship was found between nationality and awareness/attitude towards security/privacy issues in VoIP.

17. Summary of participants’ opinion about security/privacy in VoIP • Since VoIP providers offer cheap services, it is not expected to have best facilities and privacy. • Security/privacy is not a major concern due to the fact that the content of the conversations are not important (calling family, etc …). • Do not talk about anything sensitive/important using VoIP/landline/mobile if you do not want it found out. • Conversations are monitored and analyzed by government to protect the nation.

18. Thank You