Analysis of Security Issues in VoIP

The most common way of communication is obviously through voice exchange. There are mainly two ways by which voice can be easily transmitted over a network: PSTN (Public Switched Telephone Network) and VoIP (Voice over Internet Protocol). The VoIP is relatively new and is gaining more and more popularity as it offers a wide range of features and is much more cost effective as compared to the traditional PSTN. But the VoIP brings with it certain security threats which need to be resolved in order to make it a more reliable source of communication. One of the most concerning security threats of VoIP technology is VoIP Spoofing. Caller ID Spoofing is a technique in which a person takes the identity of a different person to make a call to a third party, thereby hiding his/her original identity. None of the existing protocols so far have been able to prevent Spoofing of calls. This research explains the fundamentals of the Session Initiation Protocol and the Asterisk Server. Also, a new system is proposed which makes use of Public Key Infrastructure which can be used to create digital certificates for the VoIP, thereby helping us to make VoIP calls which are more secure. The PKI is a form of Cryptography which is used to create and manage digital certificates. The PKI mainly consists of (i) a certificate authority that issues the certificates (ii) registration authority which helps in verifying the identity of users (iii) central directory to store the certificates. Also, this paper gives a brief overview of the Asterisk Server which is used to make calls over the Internet. The basic idea is to implement the SIP with the Asterisk Server and using the concepts of Public Key Infrastructure to provide the Asterisk Server with the desired Digital Certificates so as to authenticate the user which in turn will make calling over the Internet more secure.