TY - GEN
T1 - Intrusion prevention in asterisk-based telephony system
AU - Lomotey, Richard K.
AU - Deters, Ralph
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/10/14
Y1 - 2014/10/14
N2 - Most enterprises today have their own Private Branch Exchange (PBX) systems that enable them to communicate on-premise and with the external or public switch telephone network. Companies that rely on heavy phone calls (especially, debt collectors) find the approach cost effective especially when automation techniques are introduced for auto dialing as a measure to reduce the number of employees who have to do the manual calls. The challenge however is that, PBX telephone systems have long been the target of attacks such as call stealing, server attacks, and sometimes user private data stealing. In this work, we investigate the best ways to prevent intrusion of attackers in a proposed PBX telephone system that is built in Asterisk environment. Instead of using the Asterisk platform as a complete solution, we proposed a cloud-based middleware layer that keeps the most sensitive part of the caller information, and rely on Asterisk only for call dialing, routing, and receiving. The middleware uses the REST standard to interact with the Asterisk platform and other proposed techniques such as message marshaling and demarshaling to enhance privacy. The pilot testing of the proposed approach shows high threshold for security enforcement and intrusion denial.
AB - Most enterprises today have their own Private Branch Exchange (PBX) systems that enable them to communicate on-premise and with the external or public switch telephone network. Companies that rely on heavy phone calls (especially, debt collectors) find the approach cost effective especially when automation techniques are introduced for auto dialing as a measure to reduce the number of employees who have to do the manual calls. The challenge however is that, PBX telephone systems have long been the target of attacks such as call stealing, server attacks, and sometimes user private data stealing. In this work, we investigate the best ways to prevent intrusion of attackers in a proposed PBX telephone system that is built in Asterisk environment. Instead of using the Asterisk platform as a complete solution, we proposed a cloud-based middleware layer that keeps the most sensitive part of the caller information, and rely on Asterisk only for call dialing, routing, and receiving. The middleware uses the REST standard to interact with the Asterisk platform and other proposed techniques such as message marshaling and demarshaling to enhance privacy. The pilot testing of the proposed approach shows high threshold for security enforcement and intrusion denial.
UR - http://www.scopus.com/inward/record.url?scp=84911454795&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84911454795&partnerID=8YFLogxK
U2 - 10.1109/MobServ.2014.25
DO - 10.1109/MobServ.2014.25
M3 - Conference contribution
AN - SCOPUS:84911454795
T3 - Proceedings - 2014 IEEE 3rd International Conference on Mobile Services, MS 2014
SP - 116
EP - 123
BT - Proceedings - 2014 IEEE 3rd International Conference on Mobile Services, MS 2014
A2 - Chang, Rong
A2 - Radia, Nimish
A2 - Wang, Yan
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2014 3rd IEEE International Conference on Mobile Services, MS 2014
Y2 - 27 June 2014 through 2 July 2014
ER -