Security and Privacy Issues of VOIP and Skype

Question: Describe about the Security and Privacy Issues of VOIP and Skype. Answer: Introduction Voice over Internet Protocol commonly known as VOIP is a collection of methods and technologies to exchange voice and multimedia over the network which is the Internet. It allows communication to take place in the form of various services such as fax, SMS, video conferencing and many others (Vaishnav, 2016). Skype is a popular application that makes use of VOIP and has been developed by Microsoft. Skype allows instant messaging, file sharing, audio and video conferencing and a lot more and is widely used by the home and business users to connect with each other irrespective of their geographical locations. There are a number of security and privacy issues that are present in case of Skype and VOIP applications. Literature Review VOIP, Skype and the other applications and services that make use of VOIP make use of Internet Protocol for their activities. For the communications to take place over VOIP there is no dedicated telephone line or system necessary and the same brings down the cost that is associated with the services. The voice and data transfer capacity that comes with VOIP based applications is also massive. Ease of access, non-stop availability and lower costs are some of the features that come handy with Skype and other VOIP applications. However, with numerous advantages and benefits, there are a few risk areas that are also present with these applications. There are increased scenarios of data collision and congestions along with exposure to multiple security risks which may prove to be dangerous for the data and information being exchanged (Fontanini, 2016). Research Questions Following are the research questions that have been addressed and answered with the aid of the analysis and research done on the topic. What is the meaning of VOIP and Skype and what are the services that are provided by each? What are the confidentiality attacks that have an adverse impact on the security and privacy of the information exchanged over VOIP and Skype? What are the integrity attacks that have an adverse impact on the security and privacy of the information exchanged over VOIP and Skype? What are the availability attacks that have an adverse impact on the security and privacy of the information exchanged over VOIP and Skype? What are the measures that can be executed and installed to keep the security and privacy of the information unaltered at all times? Security and Privacy Issues There are three properties of information that must be kept safe and secure at all times and these three properties are confidentiality, integrity and availability. There are attacks that are executed that hamper these properties of data and information which in turn results in compromise on the security and privacy of the same. Confidentiality Threats Eavesdropping of phone conversation Skype and other VOIP applications work on the nodes that are present in this category of communication medium. Due to the presence of a huge number of nodes, an attacker gains access to any one of them and gets a chance to eavesdrop in the conversation or exchange taking place (Xin, 2016). Call Pattern Tracking There is often a pattern associated with the calls that take place over Skype or VOIP services in terms of time, frequency, participants and other factors. These patterns are studied by the attackers and valuable information in retrieved from the same. Data Mining Attacks Attackers acquire the phone numbers or credentials through intercepted message and then execute attacks such as spam calls, fraud messages and likewise (Park, 2016). Reconstruction Attacks A piece of information is acquired by the attacker through unauthorized measures and the same is reconstructed to give it a misleading shape. Integrity Attacks Integrity Attacks Message Alteration The messages that are exchanged over Skype or VOIP are often altered to provide them a different shape and the activity is done in an unauthorized manner. There are a number of entities that are involved in a particular call and these entities are added, deleted or modified by the attacker without the permission to do the same (Obidinnu and Ibor, 2016). Media Alteration The other form of the integrity attack is the alteration of the media. The media being exchanged over the VOIP channels is degraded, upgraded or modified without the required permissions to perform the same. Quality of the media is also hampered in this form of integrity attack (Lazzez, 2016). Availability Attacks Call Flooding The attacker introduces a lot of unwanted traffic on the communication channel which results in breaking down of the services (Sonkar, 2016). Media Session Hijacking Hijacking of the media sessions is often done in which there are unauthorized re-routing and alterations involved. These activities hamper the availability of the services. Server Impersonating The attacker in this form of the attack impersonates as the media server and acquires the trust of the clients. The request and response cycle that is followed by this activity results in disruptions in the availability of the information and services. QoS Abuse Bandwidth of the connections is often exhausted in these attacks and the same cause jitters and slippages which are considered to be a negative point as far as the quality of a particular service is concerned (Shaidani, 2016). Summary of Discussions Review 1 A blended technique has been received in the exploration by gathering the quantitative and also subjective strategy. Various elements have been utilized to ask about the data that is important to actualize the VOIP and Skype procedures in the association. The way of assaults can likewise be resolved with the assistance of gathering the data that is obtained from the different substances. Review 2 VOIP has picked up ubiquity among the clients in the previous couple of years and a great deal of work has been accomplished for the advancement of the administrations that are made accessible by the same. Likewise, there are various dangers that are additionally created by the pernicious elements to hamper the working of the same. There are assaults that are propelled in the expression of VOIP taking a gander at the enormous trade that happens over the medium. The achievement of these assaults permits the aggressors to get hold of the essential and imperative data that is connected with a specific association. These assaults are finished with the utilization of the system and the data security measures and are essentially executed to influence the classification, trustworthiness and accessibility of the data. Flooding, sniffing, dissent of administrations, message adjustment, media modification, listening stealthily and so forth are various such assaults that incur significant damage on the data security over VOIP. The countermeasures to these assaults are additionally grown at the same time to think of the system to moderate and control the effect of these assaults on the data. These measures are created on the premise of the assault and data classification. Issues that were not addressed and its Impact The research on the topic has been done well and the research questions have also been answered accurately. There could have been a little more explanation on the services and the procedure of the operations that are covered under Skype and the various VOIP applications that are present. These would have provided a better understanding of the topic and would have allowed the reader to be engaged in a better manner. Skype is the application that is used by a huge number of users and the functioning details of its services would have added to the knowledge and clarity of the reader about the topic. Lessons Learned There are a number of security and privacy issues that are present with VOIP and Skype. However, the same can be prevented by making use of the measures to avoid and prevent the same. There are various hostile to forswearing of administration measures that can be adjusted by the associations to stay safe from such assaults. The groups can make utilization of constraining of SYN rate or entrance separating also to stay away from the forswearing in the administration and keep up the accessibility of the data and correspondence at all times. There are also many stronger measures associated with the authentication methods such as use of multi layer authentication also know as two steps or three step authentications. Networks need to be monitored on a regular and constant basis by using measures such as network scans, network monitoring, intrusion detection and prevention. Encryption is a powerful technique that will stay significant even if the attacker succeeds in acquiring information from the communication channel as the attacker will not be able to break in to the encrypted information. The same will be of no use in this case. There are a number of legal and regulatory measures that can be adopted to prevent these attacks. A strong legal architecture will automatically minimize the rate and frequency of such attacks (Kulkarni, 2016). The first and foremost measures must never be ignored such as physical security, anti-viruses, installation of firewalls and likewise (Hung, 2016). Security reviews and audits must be a typical movement in the associations to have a check of the security systems that are taken after furthermore to comprehend the regions of change. VOIP and Skype are not dependent upon a particular device or an operating system to be accessed and can be used on desktop as well as mobile devices. These operating systems must be updated on a regular basis to make sure that the risks that are introduced specific to a particular operating system or to a particular version are prevented. It is also necessary to secure the wireless networks over which these applications and services are accessed. It is because these networks act as the prime source of the entry point for the attacker. Conclusion VOIP and Skype are the measures that provide the users an ability to interact easily with each other and perform other activities as well such as transfer of files from one system to another over the Internet. These mediums allow communications to take place in a cost effective manner and with non-stop availability and accessibility as well. However, there are a number of security and privacy issues that are associated with VOIP and Skype in the form of confidentiality threats, integrity threats and availability threats. These can be controlled and treats with the aid of a number of countermeasures that are now made available for the home as well as the business users. References Fontanini, P. (2016). VoIP Security. Brage.bibsys.no. Retrieved 11 September 2016, from https://brage.bibsys.no/xmlui/bitstream/handle/11250/143809/Fontanini_VOIP_Security.pdf?sequence=1 Hung, P. (2016). Through the looking glass: Security issues in VOIP applications. Retrieved 11 September 2016, from https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.84.7089rep=rep1type=pdf Kulkarni, S. (2016). VoIP Cell Phones : Security concerns and Countermeasures. Retrieved 11 September 2016, from https://www.ijser.org/researchpaper%5CVoIP-Cell-Phones-Security-concerns-and-Countermeasures.pdf Lazzez, A. (2016). VoIP Technology: Security Issues Analysis. Retrieved 11 September 2016, from https://arxiv.org/ftp/arxiv/papers/1312/1312.2225.pdf Obidinnu, J. Ibor, A. (2016). A survey of Attacks on VoIP networks and Countermeasures. Ajol.info. Retrieved 11 September 2016, from https://www.ajol.info/index.php/wajiar/article/viewFile/128074/117625 Park, P. (2016). Threats Against Confidentiality VoIP Threat Taxonomy. Ciscopress.com. Retrieved 11 September 2016, from https://www.ciscopress.com/articles/article.asp?p=1245881seqNum=2 Shaidani, S. (2016). Attacks and Defenses Against Voice over IP (VoIP). Retrieved 11 September 2016, from https://www.cs.tufts.edu/comp/116/archive/fall2015/sshaidani.pdf Sonkar, S. (2016). A Review Paper: Security on Voice over Internet Protocol from Spoofing attacks. Retrieved 11 September 2016, from https://www.ijarcce.com/upload/may/A%20Review%20Paper%20Security%20on%20Voice%20over%20Internet%20Protocol%20from%20Spoofing%20attacks.pdf Vaishnav, C. (2016). Voice over Internet Protocol (VoIP): The Dynamics of Technology and Regulation. Retrieved 11 September 2016, from https://web.mit.edu/chintanv/www/Publications/MIT_TPP_Thesis_Chintan_Vaishnav_Final.pdf Xin, J. (2016). Security Issues and countermeasure for VoIP. Sans.org. Retrieved 11 September 2016, from https://www.sans.org/reading-room/whitepapers/voip/security-issues-countermeasure-voip-1701