Help a student

Hello everyone.

I would like to write a bachelor thesis about VoIP-security.
At first I wanted to write about performance differences between RTP and SRTP, but the more I got used to it, the less interesting it became.

Now I hope for the great community here.
Would any of you have any idea what direction I could go?

Small if possible simple experiment (because there is not much time left) about VoIP security.
Asterisk, possibly FreePBX and Raspberry

Thanks =)

Hey there, me again. You know, the guy that hit you with various questions about your previous topic of RTP v SRTP over at the Asterisk forum. Guess what, I’m going to do it again.

Which VoIP method are you going to be using? All of them or a particular one? Because VoIP is concept (Voice Over IP) not a single thing. So is it SIP or another VoIP method? At what level are we talking about for this security? Something like a provider or is this about securing a PBX/phones behind your office/home network? Because those are two different levels of security. What about the system in question? Will it be facing the public Internet or will it have a router and NAT in front of it?

Now it may seem like I am bombarding you with questions, that’s because I am. You’ve asked for a simple experiment about VoIP security, so what are we experimenting? Because once you determine that, then you need to setup the environment in which to conduct this experiment and while my scientific method may be rusty, I doubt setting a single PBX is going to be enough (control group and all that) to show differences.

So what resources do you have available to you? Can you set up more than one PBX system? Can you have one publicly facing the Internet while the other is behind NAT? Do you have firewalls that you can place in front of these PBXes and setup rules for? Do you have a way to replicate an attack (SIPp is a good example)?

I’m going to guess you have roughly a month to pull this out of your ass and I’m not sure that’s going to be possible. Well, it will be possible but the results not that great.

At the University of Nebraska, we call Bachelor’s Thesis a “Capstone Project”. It’s supposed to encapsulate all of the work and study you’ve undertaken and show a thorough understanding of the topic.

So, if you approach your “thesis” from this perspective (since a real Thesis is a completely different beast, and not appropriate to the “technical” nature of a Bachelor’s) then you should choose something about VOIP Security that you can write a report on (in a thesis, you do your own research, in a capstone, you use other people’s research). If that’s the case and you want to stick with RTP, you can do a lot with the different ways that RTP and STRP streams can be protected. You don’t have to come up with something new (a feature of a thesis) and you’re already halfway home by lifting the hundreds of discussions we’ve had here on RTP and SRTP security.

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.