| Student | (visible for staff only) |
| Supervisor | Dr. Dominik Schürmann |
| Professor | Prof. Dr.-Ing. Lars Wolf |
| IBR Group | CM (Prof. Wolf) |
| Type | Project Thesis |
| Status | finished |
MotivationMaking telephone calls through the internet is becoming more and more popular the- se days. Packets with voice data are routed through the network just like any other packet, after the caller and callee have initiated a session. To transfer voice data the Real-Time Transport Protocol is usually used. However the issue of security with VoIP calls is not taken seriously enough by far, especially regarding the current circumstances. The Secure Real-Time Transport Protocol specifies ways to provide data confidentiality and integrity, but no authenticity. Regarding VoIP there is no security infrastructure to distribute and authenticate the necessary keys, like there is in the internet. Thus a call over the internet is prone to man-in-the-middle attacks. Phil Zimmermann, creator of PGP, has invented a key distribution protocol, which is capable of indentifying a man-in-the-middle attack, but cannot prevent it. Alongside with this paper a working man-in-the-middle attack was implemented, for one to prove the possibility of doing so, also to create the foundation for future work related to the security of VoIP sessions. Possible future work should involve testing the key distribution protocol or its implementation within VoIP clients in terms of usefulness, especially regarding the carelessness of users. | |