Story image

Cisco funds VoIP security research project

17 Apr 15

Cisco has partnered with a university in the United States to improve online communication security, securing voice- and video-over-Internet (VoIP) communications.

The two-year, $150,000 project funded by Cisco Systems is taking place at the University of Alabama at Birmingham (UAB) and will focus on improving the end-to-end security of VoIP communications, an increasingly common means of communcation.

Researchers at the Department of Computer and Information Sciences (CIS) are designing mechanisms to secure VoIP communications, such as Skype or Jabber.

According to UAB, VoIP communications are vulnerable to eavesdropping and man-in-the-middle attacks, in which a malicious third party makes independent connections with the victims and intercepts or fabricates messages between them.

Such attacks can put each user’s device at risk and make confidential information vulnerable, UAB says.

Securing VoIP sessions requires each user to agree upon a shared cryptographic key.

Rather than relying on a third-party entity to provide such a key, the new project will design and test a peer-to-peer mechanism.

Users will verbally exchange the information resulting from a cryptographic protocol employing Short Authenticated Strings (SAS) to confirm each other’s identity.

“Given the surge in popularity of computing devices, ensuring the security of VoIP connections is very important for personal users, and especially for business users,” says Nitesh Saxena, Ph.D. CIS associate professor and director of the UAB Security and Privacy in Emerging computing and networking Systems (SPIES) research group.

Saxena is serving as the principal investigator of the project along with Purushotham Bangalore, Ph.D. CIS associate professor.

“We hope to make establishing a connection secure and easy to do on the fly,” Saxena says.

In addition to two-party VoIP connections, Saxena’s team will assess the scalability of the mechanism for group conversations like a conference call.

“We believe that this project will make strong impacts — not only on networking security, but also human-computer interaction and real-world usability,” Saxena says.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Apax Partners wins bidding war for Trade Me buyout
“We’re confident Trade Me would have a successful standalone future," says Trade Me chairman David Kirk
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
NVIDIA sets records with their enterprise AI
The new MLPerf benchmark suite measures a wide range of deep learning workloads, aiming to serve as the industry’s first objective AI benchmark suite.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.