UAB research to improve online communication security

Through a two-year project funded by Cisco Systems, researchers will test ways to secure voice- and video-over-Internet communications.

University of Alabama at Birmingham (UAB) researchers are working to improve the end-to-end security of an increasingly common means of communication. Through a two-year, $150,000 project funded by Cisco Systems, researchers in the Department of Computer and Information Sciences (CIS) are designing mechanisms to secure voice- and video-over-Internet (VoIP) communications, such as Skype or Jabber.

Click to enlargeClick to enlarge“Given the surge in popularity of computing devices, ensuring the security of VoIP connections is very important for personal users, and especially for business users,” said Nitesh Saxena, Ph.D., associate professor of CIS, a member of the Center for Information Assurance and Joint Forensics Research (CIA|JFR) and the director of the UAB Security and Privacy in Emerging computing and networking Systems (SPIES) research group.

Saxena is serving as the principal investigator of the project along with Purushotham Bangalore, Ph.D., associate professor of CIS.

VoIP communications are vulnerable to eavesdropping and man-in-the-middle attacks, in which a malicious third party makes independent connections with the victims and intercepts or fabricates messages between them. Such attacks can put each user’s device at risk and make confidential information vulnerable.

Securing VoIP sessions requires each user to agree upon a shared cryptographic key. Rather than relying on a third-party entity to provide such a key, the new project will design and test a peer-to-peer mechanism. Users will verbally exchange the information resulting from a cryptographic protocol employing Short Authenticated Strings (SAS) to confirm each other’s identity.

“We hope to make establishing a connection secure and easy to do on the fly,” Saxena said.

In addition to two-party VoIP connections, Saxena’s team will assess the scalability of the mechanism for group conversations like a conference call.

“We believe that this project will make strong impacts — not only on networking security, but also human-computer interaction and real-world usability,” Saxena said.