TWC: Small: Securing the New Converged Telephony Landscape

TWC：小型：确保新的融合电话格局的安全

• 批准号: 1318167
• 负责人: Mustaque Ahamad
• 金额: $ 50万
• 依托单位: Georgia Tech Research Corporation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-09-01 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1318167&HistoricalAwards=false
• 关键词: TWC; Small; Securing; New; Converged

The telephony system, which enabled near universal voice communication, has undergone a dramatic change due to technological advances and legal and regulatory changes. Although these changes offer many benefits, including low cost calling and richer functionality, they have introduced new vulnerabilities that can seriously undermine the trust people have in transactions conducted over the telephony channel. In fact, caller impersonation and social engineering over the phone are increasingly being used to commit fraud and steal credentials for online account takeovers. This project focuses on research that can help secure the emerging telephony landscape against these and other emerging threats. To better understand security threats, the project first explores the feasibility of using a telephony honeypot for characterizing the sources and nature of unwanted and malicious calls, and the vulnerabilities exploited by these calls. Based on an understanding of these threats and vulnerabilities, new techniques are investigated to combat and mitigate telephony based attacks. For example, to address call metadata manipulation, features embedded into the call audio itself are investigated, which can potentially be used to establish the source of a call in a more robust manner. The project also seeks to understand cross channel malicious activity in which attackers utilize both the web and telephony channels to devise and mount sophisticated attacks. Telephony has been a trusted channel in the past and the project explores how trustworthy communication can be enabled in the future when voice communication will increasingly be integrated with our other online activities.

由于技术进步以及法律的和规章制度的变化，使得几乎能够实现普遍语音通信的电话系统经历了巨大的变化。 虽然这些变化提供了许多好处，包括低成本呼叫和更丰富的功能，但它们引入了新的漏洞，可能严重破坏人们对通过电话渠道进行的交易的信任。事实上，电话上的呼叫者模仿和社会工程越来越多地被用来实施欺诈和窃取在线帐户接管的凭据。该项目的重点是研究，可以帮助保护新兴的电话景观对这些和其他新兴的威胁。为了更好地了解安全威胁，该项目首先探索了使用电话蜜罐来表征不必要和恶意呼叫的来源和性质以及这些呼叫所利用的漏洞的可行性。基于对这些威胁和漏洞的理解，研究了新技术来打击和减轻基于电话的攻击。例如，为了解决呼叫元数据操纵，研究嵌入到呼叫音频本身中的特征，其可以潜在地用于以更鲁棒的方式建立呼叫的源。 该项目还试图了解跨渠道的恶意活动，其中攻击者利用Web和电话渠道来设计和实施复杂的攻击。电话在过去一直是一个值得信赖的渠道，该项目探讨了当语音通信越来越多地与我们的其他在线活动相结合时，如何在未来实现值得信赖的通信。