An ontology-based policy for deploying secure SIP-based VoIP services

Voice services over Internet Protocol (VoIP) are nowadays much promoted by telecommunication and Internet service providers. However, the utilization of open networks, like the Internet, raises several security issues that must be accounted for. On top of that, there are new sophisticated attacks against VoIP infrastructures that capitalize on vulnerabilities of the protocols employed for the establishment of a VoIP session (for example the Session Initiation Protocol - SIP). This paper provides a categorization of potential attacks against VoIP services, followed by specific security recommendations and guidelines for protecting the underlying infrastructure from these attacks and thus ensuring the provision of robust and secure services. In order to utilize (share) the aforementioned security guidelines and recommendations into different domains, it is necessary to have them represented in some formal way. To this end, ontologies have been used for representing the proposed guidelines and recommendations in the form of a unified security policy for VoIP infrastructures. This ontology-based policy has been then transformed to a First Order Logic (FOL) formal representation. The proposed ontology-based security policy can be applied in a real VoIP environment for detecting attacks against an SIP-based service, but it can be also utilized for security testing purposes and vulnerabilities identification. The work presented in this paper has been focused to the SIP protocol. However, generalization to other signaling protocols is possible. (c) 2008 Elsevier Ltd. All rights reserved.