Method

From Eux2010sec

Jump to: navigation, search

Main page → Method

Overview of EUX2010SEC

The overall goal of this research project is to improve both the security level and the security awareness when developing, installing, and using (open source) VoIP/PBX/multimedia solutions. This can be decomposed into the following sub-goals:

  1. Development of a security and QoS framework for VoIP/PBX/multimedia solutions, addressing security challenges related to:
    1. VoIP/PBX/multimedia architectures,
    2. privacy, billing and regulatory conformance,
    3. integration of different media types,
    4. installation/deployment of VoIP/PBX/multimedia solutions in organizations
  2. Development of methodologies and tools for analyzing of VoIP/PBX/multimedia solutions, addressing:
    1. VoIP/PBX/multimedia specific security issues,
    2. scalability, complexity, and deployment issues,
    3. QoS vs. security trade offs / QoS as a basis for security
  3. Contributions to improve confidence in (secure) open source products in VoIP market segments, addressing (business) challenges for:
    1. organizations developing, integrating, and selling VoIP/PBX/multimedia open source products/services,
    2. organizations buying, installing, and using open source VoIP/PBX/multimedia solutions
  4. Dissemination:
    1. internally among project partners, and
    2. externally towards VoIP/PBX/multimedia market segments

The project is anchored in the newly formed EUX 2010 network where researchers (from the Nordic countries) regularly meet representatives from, Nordic (probably extended to other European countries in near future), open source PBX/VoIP developers, integrators and deployers, consultants, support organizations, and (future) customers. The aim of EUX 2010 is to develop, in the coming years, an open integrated communication platform for voice- and video-communication giving government organisations and larger corporations a better communication infrastructure and more efficient use of time and effort.

Project results

The EUX2010SEC project works in three main research areas: Testbed testing, protocol verification, and security models.
Testbed testing Protocol verification Security Models
The project currently builds up testbed systems with the partner's technology, and real user requirements. These testbed systems will have VoIP traffic routed through them for testing the system properties. The function, usage and configuration of security-relevant protocols in the Asterisk family of VoIP systems is formalized, and then tested with a verification tool that attacks the specification. This can reveal unknown protocol failures, and wrongful implementation of protocols. This analysis approach is e.g. applied to the SIP configurations in Asterisk. The security model activity analyzes stakeholders' requirements towards security and stability of VoIP systems. Its goal is to derive typical requirements profiles, and provide security models and default configurations for them.
Personal tools