Design and implementation of a reconfigurable test-bed for real-time security measurements in VoIP systems

Abstract

Voice over Internet Protocol (VoIP) systems have to face a great number of security threats, which are basically connected to the underlying Internet Protocol (IP) infrastructure. Along with relevant economic losses and malfunction for the VoIP system itself, external attacks exploiting a security hole could also bring to a major security failure for the interconnected Public-Switched Telephone Network (PSTN), usually regarded as a reliable and secure domain. This is the reason why before connecting a private VoIP network to the carrier infrastructure, a great number of tests have to be carried out, to verify the security robustness of the VoIP network to common attacks.Security tools that are commonly used to address potential threats in VoIP networks are: the insertion of firewalls, the separation of data and voice networks and the adoption of access control lists. The introduction of such elements in the network can lead to unpredictable modifications on the performance of the network and, consequently, of the VoIP service. The paper presents the design and implementation of a reconfigurable test-bed for real-time measurements on VoIP systems, which provides the telecommunication engineer with means to plan the necessary changes in order to reach a higher level of security. In its basic version, the test-bed permits to take into account the right balance between security tools and the required Quality of Service (QoS)/Quality of Experience (QoE) for real time operations. An interesting feature of the enhanced version is the possibility of evaluating QoS and QoE in the presence of firewalls and different security configurations, and assessing the effect of the joint variation of QoS parameters on QoE results.