Quality-of-Service and Security of Voice-over IP (VoIP): An End-to-End Approach for Multi-Network Environments

and Security of Voice-over IP (VoIP): An End-to-End Approach for Multi-Network

Mustaque Ahamad, Yucel Altunbasak, Douglas M. Blough, Chuanyi Ji, Wenke Lee, and Henry Owen, and Ragupathy Sivakumar

The voice-over Internet Protocol (VoIP) technology is poised to have a major impact on industries that range from telecom and internet service providers to equipment vendors for broadband networking for the home and enterprise. VoIP has the potential to provide service providers, vendors and customers alike with major economic and social benefits resulting in significant time and cost savings, increased productivity, and better usage of available resources. Projections are that within 12-18 months, there will be 5 million VoIP households and by 2009, the number is expected to grow to 15 million. In addition, an increasing number of vendors are providing richer applications that integrate voice and data. Although the convergence of voice and data offers numerous advantages, at the same time, it creates new risks because of performance unpredictability of the Internet protocols as well as its vulnerability to attacks that could disrupt its operation.

The transmission of voice differs from other data because voice packets must be delivered in a timely fashion and the fraction of lost packets must be small so the quality of a conversation does not degrade in a perceptible manner. To achieve the desired end-to-end quality of service (E-EQoS) is challenging for mobile voice over IP (VoIP) over heterogeneous, multi-mode networks. In these types of networks, the message path can contain multiple links from different kinds of wireless networks (e.g. WiMax and WLAN), as well links from internet service providers (ISPs), including ISPs with optical or HFC infrastructure. Also, the nature of VoIP, being implemented on top of standard Internet protocols and with publicly-accessible infrastructure and services, makes it inherently more vulnerable than the public switched telephone network (PSTN). E-EQoS and security vulnerabilities associated with VoIP devices, protocols and services are two major impediments to the success of VoIP. Also, the development of a whole new class of services, namely integrated voice/data services, will be enabled by the use of “soft-phones”, i.e. VoIP software implemented on computing devices such as PCs and hand-held devices. Given the vulnerability of current computing platforms, such “soft phones” will unfortunately provide a substantial additional source of threats to VoIP protocols and services.

In this research, we propose to explore QoS and security for VoIP deployments. Our work on E-EQoS has two main components: requirements and optimization. The goals of the requirements component are to determine the type and amount of management information needed to be exchanged among managed domains to support VoIP, and to determine the per-hop loss-rate, delay and jitter requirements, as might be imposed by the application layer. The optimization component will focus on different links in the types of networks described above to maximize E-EQoS for VoIP. Many existing and future link technologies, particularly the wireless links, have a wide variety of options for link adaptation.

On the security side, our goal is to evaluate VoIP threats and vulnerabilities, and design a secure architecture to support mechanisms for security and dependability of VoIP devices, protocols, and services that rival those of traditional telecommunications providers. We plan to create testbeds that allow us to systematically analyze vulnerabilities in VoIP protocols and their implementations and architectures that support VoIP applications. We will address traditional security concerns such as confidentiality, integrity and availability and the tradeoffs that may exist between security as quality-of-service. Also, VoIP enables richer applications that integrate voice with other modes of collaboration between end-users. In our end-to-end approach, we will explore vulnerabilities both at the protocol as well as the application levels.

revised on April 21, 2006.