Monthly Archives: April 2006

VoIP Security Test Lab at Interop

Bruce Stewart over at O’Reilly dropped us a note to alert us to Matthew Gast’s post about staging the VoIP Security and Integration lab at the upcoming Interop show next week in Las Vegas.  It sounds like quite an intriguing setup.  If you are going to down to Interop, definitely check out Matthew’s lab… you can also watch the Emerging Telephony blog for Matthew’s reports coming out of the show.

Blue Box Podcast #23 – VoIP Security news, comments and more

Blue Box podcast #23 is now available for listening. In this show, Jonathan and I discuss the latest VoIP security news including further items about Zfone, Bruce Schneier’s Wired News article, SIP attacks being slashdotted, university funding for VoIP security research and a couple of other telcom-related podcasts we have found. We also discussed a number of great comments we received from listeners and unveiled a new promotion to give away a copy of the new “VoIP Security” book from Syngress.

US Army now using VoIP for battefield communication

Our friend Shawn Merdinger dropped a note pointing to this article in Federal Computer Week that indicates that the US Army is now using VoIP in the field:

Not long ago, if an Army infantry battalion commander wanted to communicate, he relied on radios that had limited range and often spotty coverage. But today, a growing number of those commanders can use a phone connected to a Joint Network Node terminal and call anyone worldwide.

The Army has harnessed the power of voice-over-IP telephony for use as a tactical, battlefield communications system with JNN, said Jim Sintic, technical director of the Army’s Program Manager for Tactical Radio Communications.

The article has more information and a picture as well. No direct mention of the security of the calls (although there is a bullet point in a sidebar indicating the JNN provides a secure Internet connection), but I would have to assume that all is being encrypted. (Anyone with more information is welcome to leave a comment here.)

Researchers seek to save VoIP from security threats

An article from ComputerWorld discusses a grant that the NSF has earmarked for the research of VoIP security threats:

The National Science Foundation says it has issued US$600,000 to the University of North Texas to spearhead development of a multi-university test bed to study VoIP security. Other participants are Columbia University, Purdue University and the University of California-Davis. VoIP spam, denials of service, emergency services and quality of service will be among the areas targeted for research during the three-year project. The research will also look at vulnerabilities that emerge from the integration of VoIP and legacy networks.

The group of schools plans to disseminate its findings widely to technology developers, academia and others involved in network convergence.

Ram Dantu from the Univeristy of North Texas is leading the charge and is also a member of VOIPSA’s Technical Advisory Board, as are several of the other researchers involved in this grant. Ram has been intrumental is driving the state of VoIP security not only through his own research and professional career, but by organizing industry workshops on VoIP security.

I expect the results from their efforts to be sobering, hopefully helping vendors and providers to enhance the security of their solutions and offerings.

A Family of Curves

What are the essential elements of a human conversation that a VoIP system would capture and convey to be ideal ?

To consider this, let us imagine a conversation between three or more people.

What do each of these people know ?

The list would certainly include the following elements:

– physical presence, including turning away and leaving
– focus, when any person turns to one, a few or all to speak
– visual cueing including pointing, nods of agreement, objections, interest, and lack of interest
– displays of valuable emotion
– content of words spoken

What else might be added ?

Let’s say the converation continues and the subject of authority comes up. The list might then extend to:

– identity beyond physical presence, voice and appearance
– authority as offered by voice or proved by other factors
– policy as for example by custom or rule for the type of meeting

Again let’s ask: what else might be added ?

After considering further, let’s now let’s imagine that the conversation ends and that you have have been invited to diagram it.

Maybe you choose to show it as a storyboard of transaction diagrams. Maybe you see a better way to draw it.

Is there a sensible way of classifying the quality of a conversation as it departs from the ideal ?

Now let’s turn this on its head and ask what happens if we augment human conversation and improve what we have been calling the ideal.

The point is that a VoIP system, or at least a VoIP client, can be classified according to the complexity of the expression that it conveys and this is either equal to, less than or better than face-to-face converation.

So parity with the PSTN is still undershooting what people expect when they meet and certainly less than what is possible if you have faith that computing can improve conversation beyond human vision and speech.

There is no one VoIP performance target. It’s a diagram with curves.

Your Latest Blog Is VOIPSA

VOIPSA includes the world’s experts in security and privacy for converged media. That’s why you’re here!

At any moment on the clock, people somewhere on this planet are awake, alert and wanting to communicate, both for business, family and the general welfare. As VOIPSA has grown we now have members in every time zone, all working to ensure that digital communication is safe, reliable and empowers everyone.

Not surprisingly, many of you have asked for a way to talk to each other about the work you’re doing, the challenges to make security and privacy effective and a way to share related events, news and project proposals. Many of you have also asked for a way to meet-up locally and post invitations to workshops or informal meet-ups.

By virtual simultaneous presence in Mumbai (Bombay), Shanghai, Seoul, Tokyo, Mexico City, New York, Helsinki, and Johannesberg, and frankly everywhere else on the planet, we are today announcing this web log. What you are reading is a medium for collaboration in your field without regard to the size of nation, population or geography.

We are eager to see your ideas in discussion with each other.

Thank you for encouraging us to set-up a blog.

We look forward to your contributions and reading your posts.