DOI QR코드

DOI QR Code

Development of Indicators for Information Security Level Assessment of VoIP Service Providers

  • Yoon, Seokung (Korea Internet Security Center, Korea Internet & Security Agency) ;
  • Park, Haeryong (Korea Internet Security Center, Korea Internet & Security Agency) ;
  • Yoo, Hyeong Seon (Computer and Information Engineering, Inha University)
  • Published : 2014.02.27

Abstract

VoIP (Voice over Internet Protocol) is a technology of transmitting and receiving voice and data over the Internet network. As the telecommunication industry is moving toward All-IP environment with growth of broadband Internet, the technology is becoming more important. Although the early VoIP services failed to gain popularity because of problems such as low QoS (Quality of Service) and inability to receive calls as the phone number could not be assigned, they are currently established as the alternative service to the conventional wired telephone due to low costs and active marketing by carriers. However, VoIP is vulnerable to eavesdropping and DDoS (Distributed Denial of Service) attack due to its nature of using the Internet. To counter the VoIP security threats efficiently, it is necessary to develop the criterion or the model for estimating the information security level of VoIP service providers. In this study, we developed reasonable security indicators through questionnaire study and statistical approach. To achieve this, we made use of 50 items from VoIP security checklists and verified the suitability and validity of the assessed items through Multiple Regression Analysis (MRA) using SPSS 18.0. As a result, we drew 23 indicators and calculate the weight of each indicators using Analytic Hierarchy Process (AHP). The proposed indicators in this study will provide feasible and reliable data to the individual and enterprise VoIP users as well as the reference data for VoIP service providers to establish the information security policy.

Keywords

References

  1. D. Kim, "Analysis of Game Theoretical Effect of Internet Telephone (VoIP) Quality Assurance Policy and Number Transfer Policy," Business Research, Vol. 38, No. 1, pp. 35-49, 2009.
  2. IDC Korea, http://www.idckorea.com/product/Getdoc.asp?idx=544&field=PressRelease.
  3. Korea Communication Commission and Korea Internet & Security Agency, "VoIP Security Guideline," 2007.
  4. Turoff, M. "The policy delphi. In the delphi method: Techniques and applications," 2002.
  5. S. Yoon, H. Park, and H. Yoo, "Factor Analysis of VoIP Security Checklists using AHP," Journal of the Korea Institute of Information Security & Cryptology, Vol. 22, No. 5, pp.1115-1122, 2012.
  6. P. Samarati and S. Vimercati, "Access control: Policies, Models, Mechanisms", Lecture Notes in Computer Science, vol. 2171, no. 137, 2001.
  7. L.A. Gordon and M.P. Loeb, "The economics of Information Security Investment," ACM Transactions on Information and System Security, vol. 5, no. 4, pp.438-457, Nov. 2002. https://doi.org/10.1145/581271.581274
  8. D. Richard Kuhn, Thomas J. Walsh, Steffen Fries, "Special Publication 800-58: Security Considerations for Voice Over IP Systems," National Institute of Standards and Technology, Jan 2005
  9. L.D. Bodin, L.A. Gordon and M.P. Loeb, "Evaluating Information Security Investments Using the Analytic Hierarchy Process," Communications of the ACM, vol 48, pp. 79-83, Feb, 2005.
  10. Korea Communication Commission and Korea Internet & Security Agency, "Information Security Check Service Manual," 2012.
  11. Rainer Falk and Steffen Fries, "Security Governance for Enterprise VoIP Communication," Emerging Security Information, Systems and Technologies (SECURWARE), pp 279-286, 2008.
  12. A.B., Cisco IP Telephony Security Framework, Cisco Press, 2012.
  13. T.L. Saaty, The Analytic Hierarchy Process, McGraw Hill, New York, 1980
  14. H. Jung, "A study on importance on Evaluation Index of Personal Information security using AHP," J Korean Data Anal Soc vol.12 no.3 (B) (Jun. 2010) pp.1499-1510, 2010.
  15. T.L. Saaty and G.V. Luis, "Diagnosis with Dependent Symptoms: Bayes Theorem and the Analytic Hierarchy Process," Operation Research, Vol. 46, No. 4, pp491-502, 1998. https://doi.org/10.1287/opre.46.4.491
  16. Fornell, C., Larcker, D.F., Journal of Marketing Research, VOL.18 NO.1 pp39-50, 1981. https://doi.org/10.2307/3151312
  17. H. Kong, T. Kim, J. Kim, "An analysis on effects of information security investments: a BSC perspective," Journal of Intelligent Manufacturing, Vol. 23, No. 4, pp.941-953, 2010.