The Georgia Tech Information Security Center
announced it is creating a partnership with BellSouth
and Internet Security Systems
to explore security surrounding the emerging Voice over Internet Protocol (VoIP) technology. As communication services migrate to Internet-based platforms, it is important that the security and dependability users expect in the current public switched networks be maintained with these new converged technologies. At the GTISC VoIP Security Summit held in April 2005, GTISC initiated a dialogue with security and telecommunications industry leaders, including ISS and BellSouth, to proactively address security associated with this emerging technology.
"At GTISC, we feel strongly that security should not be an after-thought with VoIP," said Mustaque Ahamad, principal investigator and director of GTISC. "By partnering with proven industry leaders ISS and BellSouth, GTISC will be able to lead the research efforts necessary to better understand VoIP threats and explore techniques that are well suited for securing VoIP devices, protocols and services."
Internet Security Systems and BellSouth have committed to a two-year research program totaling $300,000. This funding will enable GTISC faculty and graduate students to work with ISS and BellSouth technologists to develop and evaluate solutions that address VoIP security. In return, BellSouth and ISS will have access to the resulting intellectual property.
"Internet Security Systems was one of the first security companies to provide coverage for VoIP protocols in our products," said Christopher Rouland, chief technology officer at Internet Security Systems. "We look forward to working with experts at GTISC and BellSouth to further our understanding of VoIP vulnerabilities and how best to mitigate them for our customers."
"BellSouth is committed to ensuring security is an integral component in all our products and services and working with GTISC and ISS is one way to continue that focus with next generation products such as VoIP," said John Heveran, VP-Chief Information Security Officer, BellSouth.
Convergence of Internet technologies with traditional telecommunications services creates opportunities for added flexibility, lower costs and enhanced services and applications. However, to fully enable the benefits it is vital that any vulnerabilities be identified and addressed early. The researchers plan to conduct a security analysis of VoIP protocols and implementations and explore issues such as VoIP authentication for dealing with voice spam, modeling of VoIP traffic and device behavior, mobile phone security, and security of VoIP applications running on user agents.