By Topic

Voice Interactive Personalized Security (VoIPSEC) protocol: Fortify Internet telephony by providing end-to-end security through inbound key exchange and biometric verification

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Spyros Kopsidas ; Computer Engineering & Telecommunications Department, University of Thessaly, 38221 Volos, Greece. spyros@uth.gr ; Dimitris Zisiadis ; Leandros Tassiulas

Secure end-to-end information exchange is a constant challenge in electronic communications. Novel security architectures and approaches are proposed constantly, to be followed by announcements of sophisticated attack methods that compromise them, while people suspect others, even more sophisticated attack methods never see the daylight. In the present work we propose a novel method for secure end-to-end communication based on biometric evidence to ensure security and integrity of the information exchanged. The traditional approach for securing the communication between two peers is through the use of secret key encryption combined with a public key approach for exchanging the common secret key to be used by the end peers. The public key part of the communication is based on a trusted authority for providing the public keys, a service provided through a public key infrastructure (PKI). Public key infrastructures are vulnerable to man in the middle attacks, among other approaches that compromise their integrity. There has been a lot of work for providing robust PKI infrastructures, the proposed solutions are fairly demanding on network resources, hence public key solutions are not the security approach of choice in several applications that require light weight solutions. Here we propose an approach for providing secure end-to-end communications in environments where it is possible to have biometric based authentication, exploiting the nature of the application; voice communication being the typical example that we use as our paradigm for describing the method. During the establishment of the communication session, the end-peers exchange a challenge/signature token, the integrity of which is confirmed vocally when the voice communication initiates. The security of the method relies on the inability to mechanically impersonate an individual both because of the biometric user specific attributes of the human voice and video as well as the user customized profile of the- exchanged information. The method is appropriate for ensuring the security of an encrypted phone conversation, guaranteeing the integrity of the session key exchanged in the beginning of the conversation. It requires minimal resources from the user handsets and no additional support from the network, so it is inherently scalable and readily deployable as it only needs an appropriately enhanced secure handset

Published in:

2006 1st IEEE Workshop on Hot Topics in Web Systems and Technologies

Date of Conference:

13-14 Nov. 2006