It's understandable why Cisco Systems would fund university research into VoIP security: The vendor has a lot at stake if customers lose faith in the technology.
University of Alabama at Birmingham researchers are exploring, with Cisco's financial assistance, vulnerabilities in VoIP and possible ways to address those flaws. VoIP security is seen as a top concern of VoIP customers and potential customers.
Researchers in the UAB Department of Computer and Information Sciences (CIS) recently presented their findings at the ACM Conference on Computer and Communications Security, held in Phoenix.
In their research, they focused on the use of peer-to-peer Crypto Phones and shared cryptographic keys designed to eliminate any possible eavesdropping or man-in-the-middle attacks that can put devices and data at risk.
“Given the surge in popularity of computing devices, ensuring the security of VoIP connections is very important for personal users, and especially for business users,” said Nitesh Saxena, Ph.D., associate professor of CIS, a member of the Center for Information Assurance and Joint Forensics Research (CIA|JFR), and the director of the UAB Security and Privacy in Emerging computing and networking Systems (SPIES) research group, in a statement.
With Crypto Phones, users orally share security information, a technique the researchers found could be vulnerable to automated voice mimicry attacks using off-the-shelf speech recognition and synthesis tools. Voice, video and text information could be compromised via such attacks.
One possible defense could be use of an automated voice recognition or voice biometrics system in Crypto Phones, according to UAB researchers. This would replace or supplement human voice recognition.