Security Analysis of Voice-over-IP Protocols

This paper talks about the state of security or lack of of the VoIP protocols. It talks a lot about encryption and introduces some attacks in that area. Of interest:

• replay attack on SDES key exchange causing SRTP to use the same keystream in multiple sessions. This means that the attacker removes encryption from SRTP-protected data streams.
• An attack on ZRTP involving unauthenticated uesr IDs. This allows bypassing / disabling of authentication or a DoS attack.
• A security issue related to randomness in MIKEY

VoIP security related blogs

Was checking out VOIPSA's blog and noticed that they mention a few blogs of interest which reminds me...

I've been asked to name VoIP security related material that one should check out, so here goes my list:

• Voice of VOIPSA - blog covering VoIP security
• Sipera VIPER Lab - blogging about VoIP vulnerabilities
• Voipsec mailing list - just what the name says ;-)

Will be adding more later on