[VOIPSEC] Report on 2nd VoIP Security Workshop

Ram Dantu rdantu at unt.edu
Mon Jun 13 18:03:52 CDT 2005 

Greetings

We had a very successful workshop in Washington DC.
Please find the summary below.

Best regards
Ram Dantu

NOTE: Proceedings (CD format) are available for the workshops.
For details, see http://secnet.csci.unt.edu


REPORT
=====================================================================
   Summary of 2nd Workshop on VoIP Security
                  Ram Dantu

More than 180 people have participated in the 2nd Workshop on VoIP
Security. The participants include representatives from the Department
of Homeland Security, Department of Defense, the FBI, NSA, NIST, FCC,
industry consortiums such as the International Packet Communications
Consortium (IPCC) and SIP.EDU in Internet2, VoIPSA, and several
telecommunications service providers, vendors and universities.
Some of the topics are:

• Government standards and requirements (NIST/DISA)
• E911, GETS and CALEA (how to provide architectural and
  nodal level support)
• Transitive and end-to-end trust between calling and called parties
• Spam/DOS prevention algorithms
• Lack of test tools for security testing
• Benefits and pitfalls of session border controllers (SBC)
• Creating a research test bed (voip-specific network) for assessing
  vulnerabilities, attack containment, damage analysis due to attacks,
  and evaluating prevention/detection methodologies. This large-scale
  network complements the existing test beds (e.g., EMIST and DETER)
  and builds on top of them. Next, this research test bed can be used
  for evaluating security of future services like multimedia and IPTV.

QUOTES:
-------
 “The topics and discussions are so interesting that I did not feel like
taking bathroom breaks.” (Professor Andrew Pletch, State University of
New York)

“Every minute of this workshop was worth attending” (Eva Kuiper, IT
Security Strategist, Hewlett-Packard)

“Can you please hold a similar workshop in Europe” (Dr. Dorgham Sisalem,
Fraunhofer Research Institute, Berlin)

Program Chair’s comments:
-------------------------
We are extremely pleased with the participation and enthusiasm from the
audience.  We have a good mix of government, service providers, vendors
and universities. We believe that only way to understand the
vulnerabilities and assess damage is to put a live network under a stress
and attacks. We have more than 40 people signed up for helping us in
building a research test bed. The support varies from participating in the
funding proposal, collaborative research, specifying requirements, writing
a test plan and lending us the equipment. In addition, this research test
bed will act as a platform for understanding security aspects of next
generation services and applications in a live network. All the results
will be available for the public and published in the open
conferences/workshops.

More information about the Voipsec mailing list