Voice over Internet Protocol

Govt to stop wiretap reform – Bonafede

Freezing of case time-outs after 1st ruling being considered

Redazione ANSA

(ANSA) – Rome, July 11 – Justice Minister Alfonso Bonafede said Wednesday that the government will sink a reform of the use of wiretaps in investigations that was approved by the previous centre-left administration. “The wiretap reform will be stopped because the modifications introduced appear a harmful step back on the road to quality and effectiveness in investigations,” Bonafede told the Senate’s justice committee.
    The reform was in response to years of rows over the publication of wiretaps of people not involved in probes, embarrassing them without due cause.
    Bonafede also said he the 5-Star Movement/League government wants to change to Italy’s statute of limitations to prevent people getting off simple because their cases have timed out, saying this was “fundamental priority”.
    He said one option was for the time-out periods to be frozen after a first-instance ruling on a case.

Comparison of VoIP and TETRA Regarding Security in a Safety Critical Environment

In this document, University of Applied Sciences FH Technikum Wien (Vienna, Austria) analyze security threats on VoIP (Voice over IP) and TETRA (Terrestrial Trunked Radio) solutions and mitigation techniques.



“We recommend Tetra for safety critical environments like vessel and port terminal operations, Airports and government emergency authorities. Any place using Tetra should have a backup plan or plan B in case of unsolved attack or disaster. Backup could be using VOIP app, GSM (Global System for Mobile communications) with push to talk feature and many other applications can be used. VoIP can be used mainly in private communication with taking all security countermeasures into action to mitigate risks on Confidentiality, Integrity and Availability.”

University of Applied Sciences FH Technikum Wien, Vienna, Austria.
doi: 10.17706/jcp.13.3.279-286

Read the full Article

Researchers propose novel solution to better secure voice over internet communication

Researchers at the  University of Alabama at Birmingham have developed a novel method to better protect Crypto Phones from eavesdropping and other forms of man-in-the-middle attacks.

Crypto Phones consist of smartphone apps, mobile devices, personal computer or web-based Voice over Internet Protocol applications that use end-to-end encryption to ensure that only the user and the person they are communicating with can read what is sent. In order to secure what is being communicated, Crypto Phones require users to perform authentication tasks.

“Research has shown that these tasks are prone to human errors, making these VoIP applications and devices highly vulnerable to man-in-the-middle and eavesdropping attacks, said Nitesh Saxena, Ph.D. associate professor in the UAB College of Arts and Sciences Department of Computer Science.  

In a paper published at the Association for Computing Machinery Conference on Computer and Communication Security in November, Saxena and Ph.D. student Maliheh Shirvanian introduce Closed Captioning Crypto Phones to address the issues in currently deployed Crypto Phones.

Nitesh Saxena, Ph.D.

To ensure that a man-in-the-middle attacker does not interfere with the transmission of the message, traditional Crypto Phones rely on the users to verbally communicate and match a key, called a checksum, that is displayed on each user’s device. The users must verify that the voice announcing the checksum is indeed the voice of the other user they wish to communicate with. Closed Captioning Crypto Phones fully automates checksum comparison.

“Closed Captioning Crypto Phones remove the human element from the checksum comparison process by utilizing speech transcription,” Saxena said.

When a user announces the checksum to the other person CCCP automatically transcribes the spoken code and performs a code or checksum comparison for the user. In an online experiment designed to mimic a real-life VoIP call, more than 1100 audio files containing 4-word and 8-word checksums spoken by a variety people CCCP eliminated the chances of the data being intercepted or captured via a man-in-the-middle attack due to human errors or clicking through the task and complete detection of mismatching checksums was made.

“Our work shows that by automating the checksum comparison verification, users are unburdened by only having to perform a single verification task, Saxena said. CCCP not only eliminates the human errors, but also facilitate use of longer checksums, which further strengthen the security. “This may also help increase the awareness of human users in detecting malicious voice imitation attempts by attackers.”

In a study analyzing the security and usability of user-centered code verification tasks, Saxena, Shirvanian and collaborator Jesvin James George, found that most end-to-end encryption code verification methods offer poor security and low user experience ratings. The study was published at the 2017 Annual Computer Security Applications Conference in December.

In a monitored lab setting, 25 participants were asked to perform and report the success or failure of QR, image and numeric code verification while using the internet-based communication applications, Telegram, WhatsApp, Viber and Signal in a close proximity setting and a remote setting. Security and usability security under remote verification settings was found to be significantly lower than in a close proximity code verification setting due to human errors.

Nitesh Saxena is the director of the Security and Privacy In Emerging computing and networking Systems lab.

Source: UAB News