Intrusion prevention in asterisk-based telephony system

Richard K. Lomotey, Ralph Deters

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Most enterprises today have their own Private Branch Exchange (PBX) systems that enable them to communicate on-premise and with the external or public switch telephone network. Companies that rely on heavy phone calls (especially, debt collectors) find the approach cost effective especially when automation techniques are introduced for auto dialing as a measure to reduce the number of employees who have to do the manual calls. The challenge however is that, PBX telephone systems have long been the target of attacks such as call stealing, server attacks, and sometimes user private data stealing. In this work, we investigate the best ways to prevent intrusion of attackers in a proposed PBX telephone system that is built in Asterisk environment. Instead of using the Asterisk platform as a complete solution, we proposed a cloud-based middleware layer that keeps the most sensitive part of the caller information, and rely on Asterisk only for call dialing, routing, and receiving. The middleware uses the REST standard to interact with the Asterisk platform and other proposed techniques such as message marshaling and demarshaling to enhance privacy. The pilot testing of the proposed approach shows high threshold for security enforcement and intrusion denial.

Original languageEnglish (US)
Title of host publicationProceedings - 2014 IEEE 3rd International Conference on Mobile Services, MS 2014
EditorsRong Chang, Nimish Radia, Yan Wang
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages116-123
Number of pages8
ISBN (Electronic)9781479950607
DOIs
StatePublished - Oct 14 2014
Event2014 3rd IEEE International Conference on Mobile Services, MS 2014 - Anchorage, United States
Duration: Jun 27 2014Jul 2 2014

Publication series

NameProceedings - 2014 IEEE 3rd International Conference on Mobile Services, MS 2014

Other

Other2014 3rd IEEE International Conference on Mobile Services, MS 2014
Country/TerritoryUnited States
CityAnchorage
Period6/27/147/2/14

All Science Journal Classification (ASJC) codes

  • Communication
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Intrusion prevention in asterisk-based telephony system'. Together they form a unique fingerprint.

Cite this