Collaborative Forensics for Voice over IP Services
Date Issued
2012
Date
2012
Author(s)
Hsu, Hsien-Ming
Abstract
The simplicity and low cost of Voice over Internet Protocol (VoIP) services has made these services increasingly popular as the Internet has grown. Unfortunately, the advantages of VoIP are attractive to both legitimate and nefarious users, and VoIP is often used by criminals to communicate and conduct illegal activities (such as fraud or blackmail) without being intercepted by Law Enforcement Agencies (LEAs). Therefore, how to perform forensics (including attacking source IP identification) for VoIP services is one of the most import issues for LEAs.
In this doctoral dissertation, we propose a collaborative forensics mechanism (CFM) that cooperates with related network operators (NWO) and service providers (SvP) in forensics for VoIP calls without depending on routers throughout the full trace path. We discuss the various kinds of attacks of VoIP services and the characteristics of VoIP service requests as they pertain to those attacks. We propose a procedure for identifying forged header field values (HFVs) on SIP requests, and introduce the concept of active forensics, which could lead to a reduction in the probability of important information being deleted by the time collaborative forensics is initiated and could thus assist law enforcement agencies in intercepting criminals.
Currently, VoIP researchers have only proposed a framework for this type of partnership and have yet to provide a common protocol for forensic Internet collaboration. As a result, Internet-based collaboration between agencies is not widespread. Building from the collaborative forensics mechanism and the procedures of collaborative forensics work, this dissertation designs a novel application-layer collaborative forensics protocol (CFP) to exchange collaborative request and response messages between collaborative forensics region centers, in order to acquire collaborative forensics information. We present a procedure for collaborative forensics and discuss the details of protocol design. In addition, we discuss the defense of public-key infrastructure (PKI) working with CFM against various types of attacks; we set up a prototype of a collaborative forensics mechanism to validate the collaborative forensic procedure and demonstrate forensic analyses for four scenarios. Lastly, we evaluate the time consumption and memory for a collaborative forensics procedure and analyze the features of CFP.
Subjects
VoIP
Collaborative forensics
Security
Collaborative Forensics Protocol Design
Attacking source IP identification
SDGs
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-101-D94725002-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):4dd193227f2ff37376c5b4a5162138eb