Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

A study on the risk of taking out specific information by VoIP sniffing technique

VoIP 스니핑을 통한 특정정보 탈취 위험성에 관한 연구

  • 이동건 (광운대학교 소프트웨어학과) ;
  • 최웅철 (광운대학교 소프트웨어학과)
  • Received : 2018.11.26
  • Accepted : 2018.12.14
  • Published : 2018.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, VoIP technology is widely used in our daily life. Even VoIP has become a technology that can be easily accessed from services such as home phone as well as KakaoTalk.[1] Most of these Internet telephones use the RTP protocol. However, there is a vulnerability that the audio data of users can be intercepted through packet sniffing in the RTP protocol. So we want to create a tool to check the security level of a VoIP network using the RTP protocol. To do so, we capture data packet from and to these VoIP networks. For this purpose, we first configure a virtual VoIP network using Raspberry Pi and show the security vulnerability by applying our developed sniffing tool to the VoIP network. We will then analyze the captured packets and extract meaningful information from the analyzed data using the Google Speech API. Finally, we will address the causes of these vulnerabilities and possible solutions to address them.

Keywords

References

  1. KakaoTalk, https://www.kakaocorp.com/service/KakaoTalk
  2. Malcolmd, "Channel Driver Modules," https://wiki.asterisk.org/wiki/display/AST/Channel+Driver+Modules
  3. H. Schulzrinne, S. Casner, R. Frederick, V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications.," RFC3550, The Internet Society, 2003.
  4. H. Schulzrinne, S. Casner, "RTP Profile for Audio and Video Conferences with Minimal Control.," RFC3551, The Internet Society, 2003
  5. Malcolm Davenport , "RTP Packetization," https://wiki.asterisk.org/wiki/display/AST/RTP+Packetization
  6. Patrick Park, Voice over IP Security, Cisco Press, 2009
  7. Himanshu Dwivedi, Hacking VoIP, No Starch Press, 2009
  8. Laura Chappell, 와이어샤크 네트워크 완전 분석 (이재광, 전태일 역), 에이콘, 2012
  9. 김창식, 김태경, "텍스트마이닝을 이용한 정보보호 연구동향 분석," (사)디지털산업정보학회논문지, 제14권, No.2 , 2018, pp. 19-25.
  10. 최희식, 조양현, "모바일 앱 서비스 이용 증가로 인한 보안 위협 분석," (사)디지털산업정보학회논문지, 제14권, No.1 , 2018, pp. 45-55.