Self-Verification Of Public-Key Agreement Over Voip Using Random Fusion Scheme
Loading...
Date
2016-08
Authors
Alfin Shafalni
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Internet telephony, also known as Voice over Internet Protocol (VoIP), has become one
of popular alternatives in telecommunication due to the widespread of the Internet usage.
The Internet enriches the way of telephony system is used, but in the meantime it elevates
many concerns, particularly security. Unlike the conventional telephone, tapping the Internet
communication is feasibly done virtually without requiring any physical access. This
issue gives a greater opportunity for the adversaries to exploit the communication privacy.
Hence, encryption has been utilised to combat such adverse acts. Besides, the key negotiation,
which is the cornerstone for encryptions, must be secured to avert a threat known
as man-in-the-middle (MITM) attack. However, a secure key negotiation like Public-Key
Infrastructure (PKI) typically entails trusted third party (TTP) for public key verification,
which demands costs in its service. This thesis presents an alternative verification for public
key over VoIP communication. The alternative is designed to establish a trustworthy
key agreement without the presence of TTP on the call session between two participants
who have known each other in advance. A new verification scheme is introduced as
Random Fusion Scheme (RFS) that takes advantages of telephone communications where
real-time interaction and human intelligence can flexibly be optimised during the session.
RFS inserts the public key’s fingerprint (hash value) within the participants’ voice stream.
A technique to extract the fingerprint is defined in RFS using pattern searching and string
matching algorithms. A hybrid framework is proposed that employs RFS on Elliptic Curve
Diffie-Hellman (ECDH) key agreement, which is then referred as ECDH-RFS framework.
The proposed framework automatically verifies a public key as authentic if the participant’s
voice carries a comparable fingerprint as the published public key. Eventually, this
framework gives a great difficulty for an attacker to interfere with the exchange of the
public key. Therefore, the framework provides a robust public key integrity. Consequently,
any attempt on forging the public key will either result in rejecting the key exchange or
damaging the communication itself which raises an alarm to the participants. The experimental
results show the proposed framework has performed a reasonable verification
within 5 to 60 seconds of conversation with marginal overhead. Moreover, the security
analysis has proved that the proposed framework could detect and avert attempts in MITM
attack. This research excludes third party role in VoIP security, thus helps reducing cost
and complexity in managing VoIP systems. Furthermore, the proposed work only requires
the basic functionality of telephone communication that makes the application is feasible
under a wide range of circumstances, either with or without visual support.
Description
Keywords
An alternative verification for public key , over VoIP communication.