Cisco funds VoIP security research project
Cisco has partnered with a university in the United States to improve online communication security, securing voice- and video-over-Internet (VoIP) communications.
The two-year, $150,000 project funded by Cisco Systems is taking place at the University of Alabama at Birmingham (UAB) and will focus on improving the end-to-end security of VoIP communications, an increasingly common means of communcation.
Researchers at the Department of Computer and Information Sciences (CIS) are designing mechanisms to secure VoIP communications, such as Skype or Jabber.
According to UAB, VoIP communications are vulnerable to eavesdropping and man-in-the-middle attacks, in which a malicious third party makes independent connections with the victims and intercepts or fabricates messages between them.
Such attacks can put each user’s device at risk and make confidential information vulnerable, UAB says.
Securing VoIP sessions requires each user to agree upon a shared cryptographic key.
Rather than relying on a third-party entity to provide such a key, the new project will design and test a peer-to-peer mechanism.
Users will verbally exchange the information resulting from a cryptographic protocol employing Short Authenticated Strings (SAS) to confirm each other’s identity.
“Given the surge in popularity of computing devices, ensuring the security of VoIP connections is very important for personal users, and especially for business users,” says Nitesh Saxena, Ph.D. CIS associate professor and director of the UAB Security and Privacy in Emerging computing and networking Systems (SPIES) research group.
Saxena is serving as the principal investigator of the project along with Purushotham Bangalore, Ph.D. CIS associate professor.
“We hope to make establishing a connection secure and easy to do on the fly,” Saxena says.
In addition to two-party VoIP connections, Saxena’s team will assess the scalability of the mechanism for group conversations like a conference call.
“We believe that this project will make strong impacts — not only on networking security, but also human-computer interaction and real-world usability,” Saxena says.