• DocumentCode
    121086
  • Title

    Intrusion Prevention in Asterisk-Based Telephony System

  • Author

    Lomotey, Richard K. ; Deters, Ralph

  • Author_Institution
    Dept. of Comput. Sci., Univ. of Saskatchewan, Saskatoon, SK, Canada
  • fYear
    2014
  • fDate
    June 27 2014-July 2 2014
  • Firstpage
    116
  • Lastpage
    123
  • Abstract
    Most enterprises today have their own Private Branch Exchange (PBX) systems that enable them to communicate on-premise and with the external or public switch telephone network. Companies that rely on heavy phone calls (especially, debt collectors) find the approach cost effective especially when automation techniques are introduced for auto dialing as a measure to reduce the number of employees who have to do the manual calls. The challenge however is that, PBX telephone systems have long been the target of attacks such as call stealing, server attacks, and sometimes user private data stealing. In this work, we investigate the best ways to prevent intrusion of attackers in a proposed PBX telephone system that is built in Asterisk environment. Instead of using the Asterisk platform as a complete solution, we proposed a cloud-based middleware layer that keeps the most sensitive part of the caller information, and rely on Asterisk only for call dialing, routing, and receiving. The middleware uses the REST standard to interact with the Asterisk platform and other proposed techniques such as message marshaling and demarshaling to enhance privacy. The pilot testing of the proposed approach shows high threshold for security enforcement and intrusion denial.
  • Keywords
    data privacy; private telephone exchanges; telecommunication security; telephony; Asterisk platform; PBX telephone systems; asterisk based telephony system; auto dialing; automation techniques; call stealing; cloud based middleware layer; debt collectors; intrusion denial; intrusion prevention; manual calls; private branch exchange; public switch telephone network; security enforcement; server attacks; user private data stealing; Companies; IP networks; Security; Servers; Web services; Asterisk; Intrusion Prevention; Middleware; PBX; REST; Web services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Mobile Services (MS), 2014 IEEE International Conference on
  • Conference_Location
    Anchorage, AK
  • Print_ISBN
    978-1-4799-5059-1
  • Type

    conf

  • DOI
    10.1109/MobServ.2014.25
  • Filename
    6924302