Detecting Unprotected SIP-Based Voice over IP Traffic

Document Type

Contribution to Book

Publication Date


Publication Title

Proceedings of the International Symposium on Digital Forensics and Security






The use of Voice over IP (VoIP) applications has dramatically increased in recent years. Large, medium, and small organizations, as well as individuals, are reducing the cost of their phone calls using their data infrastructure or a broadband Internet service to transmit phone calls over IP networks. Like data networks, VoIP networks are also vulnerable to security threats such as Denial-of-Service (DoS) attacks, interception of private communications, registration hijacking, spam, and message tampering. Security mechanisms, such as encryption and authentication, may be used to reduce the potential impact of some of these security threats. However, in reality, VoIP providers may not supply adequate security, or otherwise they are adopting and implementing these countermeasures at very slow rates without informing users whether their phone calls are protected. Given the fact that the interception of private communications is one of the most commonly seen attacks in VoIP, we present a solution to detect unprotected SIP-based VoIP packets. Upon positive detection, alerts may be sent to users informing them about the unprotected VoIP calls, thus potentially preventing identity theft and improving security awareness. Our testing results show that our solution provides accurate detection with zero false detection rate of unprotected SIP-based VoIP traffic.