EUX2010SEC

The overall goal of this research project is to improve both the security level and the security awareness when developing, installing, and using (open source) VoIP/PBX/multimedia solutions.

The project is anchored in the newly formed EUX 2010 network where researchers (from the Nordic countries) regularly meet representatives from Nordic (probably extended to other European countries in near future) open source PBX/VoIP developers, integrators and deployers, consultants, support organizations, and (future) customers. The aim of EUX 2010 is to develop, in the coming years, an open integrated communication platform for voice and video communication giving government organisations and larger corporations a better communication infrastructure and a more efficient use of time and effort.

NR's contribution

We improve the security of VoIP systems by building a security testbed, preparing security models for various scenarios, and by performing security protocol verification.

Benefit for customers

Increased security, quality and stability in VoIP infrastructures.

Benefit for society

A more secure, stable VoIP infrastructure with highly knowledable vendors and service providers.

Publications

Research articles (with international refree)

Lars Strand, Josef Noll, and Wolfgang Leister. "Generic Security Services API authentication support for the Session Initiation Protocol" Accepted for publication at The Seventh Advanced International Conference on Telecommunications (AICT2011), Mar 2011, St. Maarten, The Netherlands Antilles.

Lars Strand and Wolfgang Leister. "Improving SIP authentication" Accepted for publication at The Tenth International Conference on Networks (ICN2011), Jan 2011, St. Maarten, The Netherlands Antilles.

Arne-Kristian Groven, Kirsten Haaland, Rüdiger Glott, and Anna Tannenberg. "Security measurements within the framework of quality assessment models for free/libre open source software" in Proceedings of the Fourth European Conference on Software Architecture: Companion Volume", ECSA´10, pages 229-235, New York, NY, USA, 2010. ACM. ISBN 978-1-4503-0179-4. doi: http://doi.acm.org/10.1145/1842752.1842796.

Kirsten Haaland, Arne-Kristian Groven, Rüdiger Glott, and Anna Tannenberg. "Free/Libre Open Source Quality Models- a comparison between two approaches" in 4th FLOSS International Workshop on Free/Libre Open Source Software, Jul 2010.

Rüdiger Glott, Arne-Kristian Groven, Kirsten Haaland, and Anna Tannenberg. "Quality Models for Free/Libre Open Source Software- Towards the Silver Bullet?" in Software Engineering and Advanced Applications, Euromicro Conference, pages 439-446, 2010, doi: http://doi.ieeecomputersociety.org/10.1109/SEAA.2010.23.

Lars Strand and Wolfgang Leister. "A Survey of SIP Peering", at NATO ASI - Architects of secure Networks (ASIGE10), May 2010.

Anders Moen Hagalisletto and Lars Strand. "Designing Attacks on SIP Call Setup" International Journal of Applied Cryptography, Volume 2, Number 1, July 2010, pp. 13-22.

Lothar Fritsch, Arne-Kristian Groven, Lars Strand, Wolfgang Leister and Anders Moen Hagalisletto. "A Holistic Approach to Open Source VoIP Security: Results from the EUX2010SEC Project" International Journal on Advances in Security, issn 1942-2636, vol. 2, no. 2&3, 2009, pages 129-141, http://www.iariajournals.org/security/

Elin Sundby Boysen and Lars Strand. "Security analysis of the SIP Handover Extension" 2nd Norwegian Information Security Conference (NISK2009), pages 84-96, Nov 2009.

Anders Moen Hagalisletto, Lars Strand, Wolfgang Leister and Arne-Kristian Groven. Analysing Protocol Implementations. The 5th Information Security Practice and Experience Conference(ISPEC 2009), Apr 2009.

Lothar Fritsch, Arne-Kristian Groven, Lars Strand, "A holistic approach to Open-Source VoIP security: Preliminary results from the EUX2010SEC project", in The Eighth International Conference on Networks (ICN2009), Mar 2009. (Awarded best paper)

Anders Moen Hagalisletto and Lars Strand. Formal modeling of authentication in SIP registration. Emerging Security Information, Systems and Technologies, 2008. SECURWARE '08. Second International Conference on, pages 16-21, Aug 2008.

Research reports/notes

Lothar Fritsch, Arne-Kristian Groven, "VoIP stakeholder profiling: Public stakeholders and infrastructure owners", DART/06/2009, NR note, Des 15., 2009.

Till Halbach, "Evaluation of VoIP Linux Distributions Based on Asterisk", DART/02/2010, NR note, Mar 16., 2010.

Lars Strand, "VoIP Lab as a Research Tool in the EUX2010sec Project", DART/08/2010, NR note, Apr 28., 2010.

Lars Strand, "Internal VoIP Lab Documentation for the EUX2010sec Project", DART/09/2010, NR note, Apr 28., 2010.

Thor Kristoffersen, Lars Strand, Arne-Kristian Groven, "Penetrasjonstesting av IP-telefoniløsningen i Buskerud fylkeskommune", DART/17/2010, NR note, Des 22., 2010.

Presentations

Strand, Lars: "Improving SIP authentication", "GSS-API authentication support for SIP" and "IETF79 - impressions and summary" — three presentations held at the concluding EUX2010sec project-meeting, 3. December 2010, Stockholm, Sweden.
Strand, Lars: "SIP Peering", workshop at Hasso-Plattner-Institute (HPI), 16-17. March 2010, Potsdam, Germany.

Strand, Lars: "Free and Open Source Software in relation to Asterisk", VoIP course, 08-11. September 2009, Oslo Norway.

Strand, Lars: "VoIP – some threats, security attacks and security mechanisms", RiskNet Open Workshop, 24. June 2009, Oslo, Norway.

Groven, Arne-Kristian: RiskNet Open Workshop, 24. June 2009, Oslo, Norway.

Fritsch, Lothar: RiskNet Open Workshop, 24. June 2009, Oslo, Norway.

Strand, Lars: "Introduction to Linux and networking", a one day lecture held for project partners as part of a three day VoIP course held in collaboration with Ibidium, 7-8 January 2009, Oslo, Norway.

Strand, Lars: "FLOSS Quality and Maturity Models", presentation at VERDIKT programme conference 2008, 29-30 October 2008, Bergen, Norway.

Strand, Lars: "Authentication in SIP", poster presentation at VERDIKT programme conference 2008, 29-30 October 2008, Bergen, Norway.

Fritsch, Lothar: "Interdisciplinary Requirements for VoIP Security Design", EUX2010SEC internal workshop on 17-Apr-2008, Oslo, Norway.

Strand, Lars: "Securing Open Source Communications Systems", poster presentation at VERDIKT programme conference 2007, 29-30 October 2007, Hell, Norway. (Awarded best poster)