AbstractsComputer Science

Voice over IP Forensics

by Ioannis Psaroudakis

Institution: Democritus University of Thrace (DUTH); Δημοκρίτειο Πανεπιστήμιο Θράκης (ΔΠΘ)
Year: 2014
Keywords: Δικτυακά πειστήρια; Μετάδοση φωνής μέσω διαδικτύου; Σύστημα ανίχνευσης επιθέσεων; Πρωτόκολλο εγκατάστασης συνδέσεων; Ανωνυμία στην κινητή τηλεφωνία; Network forensics; Voice over IP; Intrusion detection system; SIP; GSM anonymity
Record ID: 1153669
Full text PDF: http://hdl.handle.net/10442/hedi/35178


In this thesis a VoIP implementation based on SIP was examined. The research that was conducted had two primary goals. The first goal was to discover all the artefacts that can be collected, either volatile or non volatile, in an operating environment so as to enhance forensic readiness. The second goal was to discover a method for providing anonymity in a voice communication when the provider might be malicious.It should be obvious that the above aims have conflicting agendas; such a setting is not new as it is well known that for every right there is an opposing security service (e.g. Accountability vs. Anonymity). As such, this thesis attempts to offer a holistic treatment of VoIP telephony investigations. However, in order to achieve these goals and propose solutions that can be adopted we had to consider the constraints posed by the current European legislation. The latter revealed the barriers and limitations that the suggested solutions have to deal with before becoming available in a production environment.The first aim will contribute to the enhancement of forensic readiness in a VoIP service and will provide invaluable artefacts to law enforcement authorities. The second aim will strengthen the privacy that a user ought to receive in digital communications via anonymity. As already noted herein there are two major directions and aims. Each aim has its underlying objectives.Regarding the first aim, the objectives set were as follows:•To define what type of volatile artefacts can be collected from VoIP network traffic when SIP is deployed;•To discover a way to preserve them in storage with respect to low volume. How can this be realized? Can we afford real time logging or should we only log upon a trigger?•To find the most appropriate storage for artefacts so as to be easy to analyze and correlate;•To develop a scalable and modular framework that can be deployed in any existing network infrastructure without network architectural restructuring;•To develop a prototype so as to test proposed methods and procedures as a proof of concept;•To identify legal requirements and compliance to current legislation;All of the above objectives are of no practical value if they are not implemented with respect to current legislation. The latter requires investigation on current European legislation that rules digital communications. It is a hard constraint which often leads to opposing deployment directions.The second aim deals with offering anonymity to GSM subscribers while they have access to VoIP services via the Internet. The objectives of this aim were:•To study the privacy challenges of mobile telephony;•To design a framework to provide anonymity as a proof of concept;•To identify requirements to be met;•To develop and test a prototype;•To highlight the limitations and evaluate the proposed solution in real case scenarios;•Expandable to other communication networks like Public Switched Telephone Network (PSTN);After completing the development of the testbeds, the data collection and analysis phase of the VoIP…