2nd Workshop on Securing Voice over IP

June 1-2, Washington DC
Tentative Program
Program Chairs: Ram Dantu(rdantu@unt.edu)
                                                    Duminda Wijesekera(dwijesek@gmu.edu)
General Chair: Paul Kurtz(CSIA)
(for Registrations and Hotel, see http://pfidc.com/voip/register.htm)


Wednesday, June 1, 2005


Introductions: Paul Kurtz and Ram Dantu (8:30 AM)



Current Methods and Issues (8:45 – 9:45 AM)

Chair: Pradeep Samudra, Samsung

  1. VoIP Overview: Jim Deerman, tekVizion (15 minutes)
  1. VoIP Protocols, Mike Lynn, Internet Security Systems (10 minutes)
  1. VoIP Security Standards: Security in IP Telephony, Robert Gilman, Avaya Inc., (15 minutes)
    1. H325
    1. TLS and SRTP
  1. VoIP Security Challenges and Approaches, Alex Sarin, Ranch Networks (15 minutes)



Coffee Break (15 minutes)


VoIP Requirements (10 – 11AM),

Chair: Manuel Vexler, IPCC

  1. A Security Framework for VoIP, Ken Bender, Bearingpoint (15 minutes)
  1. Authentication in VoIP,  Alejandro Buschel, Qwest Communications (15 minutes)
  1. Securing End Points, Bob Bell, Cisco Systems, San Jose (15 minutes)
  1. Session Border Controller Requirements, Medhavi Bhatia, Sridhar Ramachandran, Nextone Communications (15 minutes)



Government Standards (11-12AM)

Chair: Duminda Wijesekera George Mason University

  1. Security Consideration for VoIP, Richard Kuhn, NIST, Washington DC (30 minutes)
  1. Information Assurance (IA) mechanisms to defeat threats in a Department of Defense (DoD) IP telephony environment, Barry Sweany, SAIC (30 minutes)




Lunch Break (12 – 1 PM)


PUBLIC POLICY PERSPECTIVE: 1996 Telecommunications Act Reform

                - FCC: Christi Shewman, Wireline Competition Bureau

                - Congress:

                - DHS/S+T: (invited)

                - Off the Hill: (invited)                



Government Operational Needs  (1:30 -2:30PM)

  1.  NS/EP: Pete Fonash, DHS / NCS
  1. CALEA: Thos. Gregory Motta, FBI
  2. DOD: Mike Johnson, NSA / OASD (invited)

Coffee Break



  1. GETS: Cristin Flynn, BellSouth
  1. E-911: Micki Chen, Verizon
  1. VoIP: Jim Kohlenberger, VON Alliance
  17.   Wireless: (invited)


Coffee Break


Critical Issues for Securing VoIP ( Panel Discussion, 4 – 5 PM)

Chair: Ram Dantu


 - Bob Bell, Cisco,

 - Thomas Armstrong , Juniper Networks,

 - Jasson Casey, Alcatel,

 - Mark Evans, Sprint,

 - Rick Kuhn, NIST


WRAP-UP (5 - 5:30 PM)

Paul Kurtz, Cyber Security Industry Alliance


Networking Reception  (5:30 PM)



 Thursday, June 2, 2005


Introductions: Roger  Cressey and  Ram Dantu (8:30 – 8:45 AM)



SIP.EDU Research Network

Dennis Baron, MIT and Ben Teitelbaum, Internet2 (8:45 –  9:15 AM))



VoIP Security Testing (9:15 – 10:15 AM)

Chair: Dipak Ghosal, University of California, Davis

  1. An Analysis of Security Threats and Tools in SIP-Based VoIP Systems, Shawn McGann and Douglas C. Sicker, University of Colorado at Boulder, Boulder, Colorado (15 minutes)
  1. Security Vulnerability Assessment in Large VoIP  Networks, Bogdan Materna, VoIPshield Systems, Ottawa, Canada (15 minutes)
  1. SIP Robustness Testing, Christian Wieser, Marko Laakso, University of Oulu, Finland (15 minutes)
21. Vulnerability Analysis of SOHO VoIP Gateways, Peter Thermos, 
 and Guy Hadsall, Telcordia (15 minutes)


Coffee and Snacks


VoIP Security: R & D  (10:30 -11:45 AM)

Chair: Duminda Wijesekera George Mason University
  1. SAFENeT: Server-based Architecture For Enterprise NAT and Firewall Traversal David T. Stott, Lucent Technologies, Whippany, New Jersy (15 minutes)
  1. Secure VoIP: call establishment and media protection,  Johan Bilien Erik Eliasson Joachim Orrblad Jon-Olov Vatn,  Royal Institute of Technology (KTH), Stockholm, Sweden (15 minutes)
  1. SIP Service Providers and The Spam Problem, Y. Rebahi, D. Sisalem, Fraunhofer Institut Fokus, Berlin, Germany (15 minutes)
  1. A Security Model for SPIT Prevention, Baruch Sterman, Kayote Networks, Passaic, New Jersey (15 minutes)
  1. Voice Spam Control with Gray Leveling, Dongwook Shin and Choon Shim, Qovia (15 minutes)


Next Course of Actions, Program Committee (11:45 – 12:45 PM)

Chair: Roger Cressey

One of our main objectives of the workshop is to capture few critical issues or challenges 
from Day1 and brainstorm the solutions during the next day. As part of the action plan, 
we would like to use a research network for experimentation (e.g., interconnect our labs 
or use network like SIP.EDU). This network will enable the researchers in the universities 
and possibly startup companies and service providers for validating the solutions on a wide 
area VoIP network. Some thoughts:      
      - Execute identified threat types and assess damage.
      - Develop security algorithms, solutions and methodology
         for quick recovery/secure distribution of the solution.
      - Techniques to isolate threats and attacks to a carrier domain,
      - Trace and contain offending hosts, etc.


Action Plan

-                Network Elements and Connectivity
-                Algorithms
-                Resources (Equipment and People)
-                Project Plan and timeline
-                Outcomes
Closing Remarks
Paul Kurtz and Ram Dantu (12:45 – 1 PM)