Self-Verification Of Public-Key Agreement Over Voip Using Random Fusion Scheme

dc.contributor.authorAlfin Shafalni
dc.date.accessioned2017-01-10T06:23:34Z
dc.date.available2017-01-10T06:23:34Z
dc.date.issued2016-08
dc.description.abstractInternet telephony, also known as Voice over Internet Protocol (VoIP), has become one of popular alternatives in telecommunication due to the widespread of the Internet usage. The Internet enriches the way of telephony system is used, but in the meantime it elevates many concerns, particularly security. Unlike the conventional telephone, tapping the Internet communication is feasibly done virtually without requiring any physical access. This issue gives a greater opportunity for the adversaries to exploit the communication privacy. Hence, encryption has been utilised to combat such adverse acts. Besides, the key negotiation, which is the cornerstone for encryptions, must be secured to avert a threat known as man-in-the-middle (MITM) attack. However, a secure key negotiation like Public-Key Infrastructure (PKI) typically entails trusted third party (TTP) for public key verification, which demands costs in its service. This thesis presents an alternative verification for public key over VoIP communication. The alternative is designed to establish a trustworthy key agreement without the presence of TTP on the call session between two participants who have known each other in advance. A new verification scheme is introduced as Random Fusion Scheme (RFS) that takes advantages of telephone communications where real-time interaction and human intelligence can flexibly be optimised during the session. RFS inserts the public key’s fingerprint (hash value) within the participants’ voice stream. A technique to extract the fingerprint is defined in RFS using pattern searching and string matching algorithms. A hybrid framework is proposed that employs RFS on Elliptic Curve Diffie-Hellman (ECDH) key agreement, which is then referred as ECDH-RFS framework. The proposed framework automatically verifies a public key as authentic if the participant’s voice carries a comparable fingerprint as the published public key. Eventually, this framework gives a great difficulty for an attacker to interfere with the exchange of the public key. Therefore, the framework provides a robust public key integrity. Consequently, any attempt on forging the public key will either result in rejecting the key exchange or damaging the communication itself which raises an alarm to the participants. The experimental results show the proposed framework has performed a reasonable verification within 5 to 60 seconds of conversation with marginal overhead. Moreover, the security analysis has proved that the proposed framework could detect and avert attempts in MITM attack. This research excludes third party role in VoIP security, thus helps reducing cost and complexity in managing VoIP systems. Furthermore, the proposed work only requires the basic functionality of telephone communication that makes the application is feasible under a wide range of circumstances, either with or without visual support.en_US
dc.identifier.urihttp://hdl.handle.net/123456789/3375
dc.subjectAn alternative verification for public keyen_US
dc.subjectover VoIP communication.en_US
dc.titleSelf-Verification Of Public-Key Agreement Over Voip Using Random Fusion Schemeen_US
dc.typeThesisen_US
Files
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description: