Review and Enhancement of VoIP Security: Identifying Vulnerabilities and Proposing Integrated Solutions

Main Article Content

Athirah Mohd Ramly https://orcid.org/0000-0001-8282-297X
Zi Wei Ng https://orcid.org/0009-0008-2886-2821
Yahya Khamayseh
Charis Shwu Chen Kwan https://orcid.org/0000-0003-0796-522X
Angela Amphawan
Tse-Kian Neo https://orcid.org/0000-0002-5991-7409

Keywords

VOIP, DoS, VPN, SPIT, Malware

Abstract

The prolific use of Voice over Internet Protocol (VoIP) causes this system’s vulnerabilities to become a major concern for individuals or organizations. Based on this concern, this paper aims to provide a comprehensive analysis of the cyber threats and attacks in VoIP systems. VoIP offers several benefits and advantages; however, it poses significant security risks which can cause serious consequences. At the beginning of this paper, an overview of VoIP, including its architecture, components, protocols and advantages are discussed. Following this, attack vectors and component vulnerabilities are examined, and types of security threats are categorized into different sections for clarity. The types of attacks under discussion involved Denial-of-Service (DoS) and Man-in-the-Middle (MITM) attacks, spoofing threats, registration and call hijacking, Spam over Internet Telephony (SPIT), vishing, malware and toll fraud. Subsequently, existing security solutions for VoIP systems are reviewed, highlighting their strengths, weaknesses and applicability. While some solutions are effective in protecting VoIP, a lack of robustness still exists. Hence, this paper proposes an enhanced security method: the combination of Virtual Private Networks (VPNs) and firewalls within VoIP systems. This combination can reduce potential cyber risk by enhancing data privacy and protection, and overall system security.

Abstract 462 | 1022-PDF-v12n4pp109-136 Downloads 4

References

Abdulazeez, A. M., Salim B. W., Zeebaree D. Q., & Doghramachi D. (2020). Comparison of VPN protocols at network layer focusing on wire guard protocol. International Journal of Interactive Mobile Technologies. 14(18), 157. https://doi.org/10.3991/ijim.v14i18.16507
Abualhaj, M. M., Al-Khatib, S. N., Kolhar, M., Munther, A., & Alraba’nah, Y. (2020). Effective voice frame pruning method to increase VoIP call capacity. TEM Journal, 9(1). https://doi.org/10.18421/TEM91-08
Almutairi, A. A. (2018). Toll-fraud protection, detection and prevention. International Journal of Intelligent Computing Research, 9(3). 939–943. https://doi.org/10.20533/ijicr.2042.4655.2018.0113
Arpaci, S., & Şentürk, A. (2024). Performance analysis of firewall and virtual private network (VPN) usage in video conferencing applications. Duzce University Journal of Science and Technology, 12(4), 1879–1894. https://doi.org/10.29130/dubited.1462133
Chakraborty, P., & Telgote, A. M. (2019). Performance analysis of LAN, MAN, WAN, and WLAN topologies for VoIP services using OPNET modeler. In Iyer, B., Nalbalwar, S., Pathak, N. (Eds.), Computing, Communication and Signal Processing, (p. 810). Springer. https://doi.org/10.1007/978-981-13-1513-8_20
Chakraborty, T., Misra, I. S. & Prasad, R. (2019a). Overview of VoIP technology. In VoIP Technology: Applications and Challenges. Springer. https://doi.org/10.1007/978-3-319-95594-0_1
Chakraborty, T., Misra, I. S. & Prasad, R. (2019b). VoIP protocol fundamentals. In VoIP Technology: Applications and Challenges. Springer. https://doi.org/10.1007/978-3-319-95594-0_2
Drew, R. (2023). VoIP advantages & disadvantages: All you need to know. getvoip.com. https://getvoip.com/blog/voip-advantages-and-disadvantages/#easily-scalable Accessed July 24, 2023.
Fasiku, A. I. (2018). A review of voice over internet protocol. (2018). Journal of Scientific and Engineering Research, 5(7), 96–10.
Future Market Insights Inc. (2023). Voice over internet protocol (VoIP) market. https://www.futuremarketinsights.com/reports/voice-over-internet-protocol-market Accessed July 21, 2023.
He, X. (2021). Research on computer network security based on firewall technology. Journal of Physics: Conference Series, 1744(4), 042037. https://doi.org/10.1088/1742-6596/1744/4/042037
IBM. (2024). Cost of a Data Breach Report 2024. https://www.ibm.com/reports/data-breach. Accessed 25/11/2024.
Jingi, A. M. (2017). VoIP security: Common attacks and their countermeasures. International Journal of Computer Science and Information Security, 15(3).
Jumakhan, H., & Mirzaeinia, A. (2024). WireGuard: An efficient solution for securing IoT device connectivity. arXiv. https://export.arxiv.org/abs/2402.02093
Jimoh, S. T., & S Al-Juboori, S. (2024). Cyber-Securing Medical Devices Using Machine Learning: A Case Study of Pacemaker. Journal of Informatics and Web Engineering, 3(3), 271–289. https://doi.org/10.33093/jiwe.2024.3.3.17
Kumar, V., & Roy, O. P. (2021). Security and challenges in voice over internet protocols: a survey. Materials Science and Engineering A, 1020(1), 012020. https://doi.org/10.1088/1757-899X/1020/1/012020
Liu N., (2024). VoIP security: Vulnerabilities & best practices. Yeastar. https://www.yeastar.com/blog/voip-secuirty-best-practices/ Accessed July 24, 2023.
Luhach, R., Jha, C. K., & Luhach, A. K. (2019). Research and analysis for adaptive IFIR Filters for voice quality enhancement in wireless VoIP. Journal of Discrete Mathematical Sciences and Cryptography, 22(4), 581–590, https://doi.org/10.1080/09720529.2019.1645392
Mentsiev, A. U., & Supaeva, Kh. (2019). VoIP techniques. Engineering Bulletin of the Don 1(52), 65.
Mentsiev, A. U., & Dzhangarov, A. I. (2019). VoIP security threats. Инженерный вестник Дона [Engineering Bulletin of the Don], 1(52), 75. Accessed July 24, 2023. https://cyberleninka.ru/article/n/voip-security-threats
Mrewa, N., Mohd Ramly, A., Amphawan, A., & Neo, T. K. (2024). Optimizing Medical IoT Disaster Management with Data Compression. Journal of Informatics and Web Engineering, 3(1), 55–66. https://doi.org/10.33093/jiwe.2024.3.1.4
Munusamy, T., & Khodadi, T. (2023). Building Cyber Resilience: Key Factors for Enhancing Organizational Cyber Security. Journal of Informatics and Web Engineering, 2(2), 59–71. https://doi.org/10.33093/jiwe.2023.2.2.5
Nazih, W., Hifny, Y., Elkilani, W., Abdelkader, T., & Faheem, H. (2019). Efficient detection of attacks in SIP based VoIP networks using linear L1-SVM classifier. International Journal of Computers Communications & Control, 14(4), 518–529. https://doi.org/10.15837/ijccc.2019.4.3563
Oproiu, M., Muşuroi, C., & Volmer, M. (2020). Low cost and integrable healthcare services using VoIP for remote patient monitoring. 2020 International Conference on e-Health and Bioengineering, 1–4. IEEE Xplore. https://doi.org/10.1109/EHB50910.2020.9280206
Pudelko, M., Emmerich, P., Gallenmüller, S., & Carle, G. (2020). Performance analysis of VPN gateways. 2020 IFIP Networking Conference (Networking), France, 325–333.
Rathore, V. S., Dey, N., Piuri, V., Babo, R., Polkowski, Z., & Tavares, J. M. R. S. (2021). Rising threats in expert applications and solutions. Springer Singapore.
Sadiwala, D. R. (2018). Analysis of security threats of VoIP systems. RKDF University Journal of Science and Engineering, 01(02), 34.
Surasak, T., & Huang, S. C-H. (2019). Enhancing VoIP security and efficiency using VPN. 2019 International Conference on Computing, Networking and Communications (ICNC), 180–184. IEEE Xplore. https://doi.org/10.1109/ICCNC.2019.8685553
Suthar, D., & Rughani, P. H. (2020). A comprehensive study of VoIP security. 2020 2nd International Conference on Advances in Computing, Communication Control and Networking (ICACCCN), 812–817. IEEE Xplore. https://doi.org/10.1109/ICACCCN51052.2020.9362943
Tay, Y. H., Ooi, S. Y., Pang, Y. H., Gan, Y. H., & Lew, S. L. (2023). Ensuring Privacy and Security on Banking Websites in Malaysia: A Cookies Scanner Solution. Journal of Informatics and Web Engineering, 2(2), 153–167. https://doi.org/10.33093/jiwe.2023.2.2.12
Tuleun, W. (2024). Design of an asterisk based VoIP system and the implementation of security solution across the VoIP network. World Journal of Advanced Research and Reviews, 23(1), 10–30574. https://doi.org/10.30574/wjarr.2024.23.1.2048