Audit Analysis Models, Security Frameworks and Their Relevance for VoIP
Oscar Gavilanez, Franklin Gavilanez, Glen Rodriguez
TL;DR
This paper reviews existing models, frameworks, and standards for VoIP security, highlighting gaps such as the lack of coverage for social engineering attacks and comprehensive security requirements.
Contribution
It provides a comparative evaluation of current VoIP security frameworks and identifies the need for a more extensive, inclusive security model.
Findings
No security framework considers social engineering attacks.
Existing frameworks do not cover all security requirement categories.
A more comprehensive security model for VoIP is needed.
Abstract
Voice over IP (VoIP) is the transmission of voice and multimedia content over Internet Protocol (IP) networks, this paper reviews models, frameworks and auditing standards proposed to this date to manage VoIP security through a literature review, with descriptions of both the historical and philosophical evolution reflecting an adequate knowledge of related research. Three research questions are raised here: RQ1. What are the requirements to be met by a model of security audit in VoIP systems to achieve their goals? RQ2. Today, are there additional attacks that previous works have not considered? RQ3. Which security requirements in the VoIP systems are covered (and which are not covered) by security frameworks? After some discussion about VoIP Protocols, Attacks on VoIP, Information Technology (IT) audit, IT security audits, Frameworks and auditing standards, we present a unified view…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsIPv6, Mobility, Handover, Networks, Security · Internet Traffic Analysis and Secure E-voting · Mobile Agent-Based Network Management