Global experimental verification of Docker-based secured mVoIP to protect against eavesdropping and DoS attacks
© The Author(s) 2017
Received: 29 June 2016
Accepted: 20 March 2017
Published: 4 April 2017
The cloud-computing paradigm has been driving the cloud-leveraged refactoring of existing information and communications technology services, including voice over IP (VoIP). In this paper, we design a prototype secure mobile VoIP (mVoIP) service with the open-source Asterisk private branch exchange (PBX) software, using Docker lightweight virtualization for mobile devices with the immutable concept of continuous integration and continuous deployment (CI/CD). In addition, the secure mVoIP service provides protection against eavesdropping and denial-of-service (DoS) attacks, using secure voice coding and real-time migration. We also experimentally verify the quality of the secure voice and the associated communication delay over a distributed global connectivity environment to protect against eavesdropping and real-time migration to mitigate DoS attacks.
KeywordsDocker Secure mVoIP Virtualization Communication verification test Eavesdropping/DoS attacks
Recently, cloud computing has become one of the hottest keywords in the information and communications technology (ICT) sector . Cloud computing is a kind of Internet-based computing service that provides shared computing resources (computing, networking, and storage) and data to computers and other devices on demand. In addition, Docker lightweight virtualization (i.e., containerization) is quickly emerging from the Linux camp. Cloud computing is a means of innovation to change an enterprise’s business environment, allowing it to evolve into an IT service model. When associated with a business, cloud computing can add value through business agility, operational efficiency, and infrastructure stability. In addition, the existing legacy application software can be made to evolve in the IT service model through the stability of the IT infrastructure. The existing ICT service and solution provider can add value in the move from a hardware (HW)-centric approach to a software (SW)-centric approach. The ability to constantly grow by evolving the service delivery approaches that generate stable revenue is important. In summary, the exploding cloud-computing paradigm has been driving the cloud-leveraged refactoring of existing ICT services. In this paper, to check the merit of a cloud native computing paradigm, we select the example of secure mobile voice over IP (mVoIP). That is, we attempt to apply the power of cloud computing to improve the security of voice communications in smartphones. We attempt to support secure mVoIP as a software-as-a-service (SaaS) application. Thus, we design prototype secure mobile VoIP services with the open-source Asterisk private branch exchange (PBX) SW by employing Docker lightweight virtualization for mobile devices with the immutable concept of continuous integration (CI)/continuous delivery (CD) [2, 3]. In addition, the proposed secure mVoIP service supports protection against eavesdropping and denial-of-service (DoS) attacks using secure voice coding and real-time migration. We also experimentally verify the quality of the secure voice and the associated communication delay over a distributed global connectivity environment in a domestic/international zone to protect against eavesdropping and real-time migration to mitigate DoS attacks.
2 Related work
In this section, we describe the related basic concepts of mVoIP, voice over long-term evolution (VoLTE), security aspects, and service quality in VoIP, Docker lightweight virtualization with CI/CD to implement a secure mobile VoIP, 5G, and Cisco Application Centric Infrastructure (ACI).
2.1 mVoIP, PBX SW Asterisk, and VoLTE
There are several methodologies that allow a mobile handset to be integrated into a VoIP network. One implementation turns the mobile device into a standard session initiation protocol (SIP) client, which uses a data network to send and receive SIP messaging and the real-time transport protocol (RTP) for the voice traffic. This methodology requires minimum support from a mobile handset and high-speed IP communication. The standard VoIP protocols (typically SIP) can be used over any broadband IP-capable wireless network connection. Lastly, Asterisk  is a SW implementation of a telephone PBX; it allows attached telephones to make calls to one another and to connect to other telephone services, such as the public switched telephone network (PSTN) and VoIP services. Its name is inspired by the asterisk symbol “*.”
VoLTE is a network-based IP Multimedia Subsystem (IMS) with specific profiles for the control plane and media plane of a voice service on LTE as defined by the GSMA in PRD IR.92 . The result of this approach is voice service (control and media planes) delivery as a flow of data within the LTE data bearer. This means that there is no dependency on (or, ultimately, requirement for) maintaining the legacy circuit-switched voice network. VoLTE has a greater capacity for voice and data, up to a factor of 3 compared with 3G universal mobile telecommunications systems (UMTS), and up to a factor of 6 compared with 2G global systems for mobile communications (GSM). Furthermore, it saves bandwidth because VoLTE’s packet headers are smaller than in unoptimized VoIP/LTE .
2.2 Security issues and service quality of VoIP
Issue 1: VoIP traffic might be Internet bound.
Issue 2: Gateway security options for VoIP are limited.
Issue 3: Patching problems.
Issue 4: VoIP security is only as reliable as the underlying network security.
Issue 5: Many call-processing systems run on common operating systems (OSs), and they have their own security issues to worry about.
Issue 6: DoS takes down telephony.
Issue 7: Eavesdropping on calls using VOMIT or SipTap.
Issue 8: Spam over IP telephony (SPIT).
Issue 9: More ports open means more ports to secure.
Issue 10: Wireless phones require advanced wireless security.
NIST summarized these problems into seven items for QoS issues in VoIP: latency, jitter, packet loss, bandwidth and effective bandwidth, throughput speed, power failure and backup systems, and QoS implementations for security.
With regard to VoIP security, in this study, we focus on eavesdropping (issue 7) and DoS attacks (issue 6). Eavesdropping is secretly listening to the private conversations of others without their consent. DoS attacks are an attempt to make a machine or network resource become unavailable to its intended users, such as temporarily or indefinitely interrupting or suspending the services of a host connected to the Internet.
2.3 Docker lightweight virtualization technology and CI/CD
2.4 5G wireless systems and Cisco ACI
The 5G technology [13, 14] will provide further services and added benefits to the world compared with 4G. It will provide very high bandwidth, which the user will not have experienced previously. It also has many advanced features which makes it a powerful tool for wireless communication. By pushing 5G into VoIP-enabled devices, users will experience a level of data transmission and call volume as never before. Moreover, 5G technology will offer high QoS in many fields such as product engineering, Internet of Things (IoT), Internet of Everything (IoE), All to One (AtO), Industrial IoT (I2oT), and electronic transactions (e-payments, e-tickets, and e-transactions).
Accelerate application delivery
Reduce operating costs
Greatly increase business agility
Cisco Application Centric Infrastructure (ACI)  is a comprehensive SDN-based architecture. The policy-based automation solution of Cisco ACI supports a business-relevant application policy language and provides greater scalability through a distributed enforcement system and greater network visibility. These benefits are realized through the integration of physical and virtual environments under one policy model for networks, servers, storage, services, and security.
3 Design and implementation of Docker-based secure mVoIP with CI/CD
To support a secure mVoIP app (cf. issue 7 in Section 2.2), Fig. 6 (a) shows the continuous delivery server with generated images using the Dockerfile. Figure 6 (b) shows the architecture of the Docker-based PBX SW Asterisk and dashboard FreePBX in the backend server. As shown in Fig. 6 (c), Dockerfile keywords used to generate the Docker image are presented. The functions of the Dockerfile support CI/CD. The idea behind CI/CD is that we should create jobs that perform certain operations such as building, testing, delivering, and deploying. Those jobs should be linked together to create a CI/CD pipeline.
The main concept of Docker is the immutable infrastructure concept that extends CI/CD as shown in Fig. 6, and the features of the immutable infrastructure are summarized as follows: manageability, scalability, testability, and portability. Figure 6 (d) and (e) show the user interface (UI) screen of the secure mVoIP app based on an Android device for a secure voice communication service. In particular, to prevent eavesdropping on calls using VOMIT or SipTap, Fig. 6 (d) shows the secure key generation process to support secure voice communication including the steps of voice sampling, white-noise removal, and secure key generation .
4 Verification of the secure voice test to protect against eavesdropping and the global communication test of secure mVoIP
In this section, we perform verification testing between the user’s original voice and the user’s secure voice for respectively real voice communication and secure voice communication testing of global and domestic communication environments using the developed secure mVoIP based on Docker.
4.1 Verification of the secure voice test to protect against eavesdropping
4.2 Verification of the domestic voice communication test
Experimental verification of the domestic voice communication test results
Minimum delay time (ms)
Maximum delay time (ms)
4.3 Verification of the voice communication test in South-East Asia
Voice communication test result between Gwangju metro-city and South-East Asian locations
Minimum delay time (ms)
Maximum delay time (ms)
4.4 Verification of the voice communication test in Europe
Voice communication test result between Gwangju metro-city and Europe
Minimum delay time (ms)
Maximum delay time (ms)
5 Cloud-based real-time migration test of VoIP to mitigate DoS attacks
Recently, the paradigm of the computing environment has changed, and following changes to the communication environment, VoIP technology is being revisited to support various services in the ICT field. In this paper, we designed a prototype secure mVoIP service with the open-source Asterisk PBX SW by employing Docker lightweight virtualization for mobile devices with the immutable concept of CI/CD. In addition, the secured mVoIP service supports protection against eavesdropping and DoS attacks using secure voice coding and real-time migration. We also experimentally verified the quality of the secure voice and the associated communication delay over a distributed global connectivity environment. In particular, the global real voice communication test was conducted in both South-East Asia and Europe. The real voice communication speed of the entire European zone was consistent, and the real communication speed of the South-East Asian zone was variable. We have shown that real-time migration has the potential to provide DoS attack mitigation.
This work was supported by an Institute for Information Communications Technology Promotion (IITP) grant and funded by the Korean government (MSIP) (no. B0190-15-2030, Web Service User Account Information Management and Spill/Exploit Detection Technology Development) and by the Human Resource Training Program for Regional Innovation and Creativity, through the Ministry of Education and National Research Foundation of Korea (2015H1C1A1035823).
The authors declare that they have no competing interests.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License(http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
- Gartner Group. http://www.gartner.com/. Accessed 28 Mar 2017.
- CI/CD. https://www.docker.com/use-cases/cicd. Accessed 28 Mar 2017.https://www.docker.com/use-cases/cicd
- CI/CD. http://www.asp.net/aspnet/overview/developing-apps-with-windows-azure. building-real-world-cloud-apps-with-windows-azure/continuous-integration-and-continuous-delivery. Accessed 28 Mar 2017.
- VoIP. http://www.voip-info.org/wiki/view/What+is+VOIP. Accessed 28 Mar 2017.
- Mobile VoIP. https://www.mobilevoip.com/. Accessed 28 Mar 2017.https://www.mobilevoip.com/
- Asterisk. http://www.asterisk.org/. Accessed 28 Mar 2017.
- N Russell, Official document IR.92 - IMS profile for voice and SMS. GSMA (2015).
- E Elkin, The secret value of VoLTE. TMCnet (2014).
- M Ruck, Top ten security issues with voice over IP. 2010 White Paper Series, Technology Consultants and Network Engineers (2010).
- DR Kuhn, TJ Walsh, S Fries, Security considerations for voice over IP systems. NIST Special Publication 800-58, 1–91 (2005).
- Docker. https://www.docker.com/. Accessed 28 Mar 2017.https://www.docker.com/
- Hypervisor. https://en.wikipedia.org/wiki/Hypervisor. Accessed 28 Mar 2017.https://en.wikipedia.org/wiki/Hypervisor
- A Aryaputra, N Bhuvaneshwari, in Proceedings of the World Congress on Engineering and Computer Science 2011 Vol II.5G- the future of mobile network, (2011), pp. 19–21.
- X Li, A Gani, R Salleh, O Zakaria, The future of mobile wireless communication networks. International Conference on Communication Software and Networks, 554–557 (2009).
- SDN. https://www.opennetworking.org/sdn-resources/sdn-definition. Accessed 28 Mar 2017.https://www.opennetworking.org/sdn-resources/sdn-definition
- Cisco ACI. http://www.cisco.com/c/en/us/solutions/data-center-virtualization/application-centric-infrastructure/index.html. Accessed 28 Mar 2017.
- FreePBX. https://www.freepbx.org/. Accessed 28 Mar 2017.https://www.freepbx.org/
- Dockerfile. https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/. Accessed 28 Mar 2017.https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
- BR Cha, SJ Shim, S Park, JW Kim, Secured mVoIP service over cloud and container-based improvement. 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, 791–795 (2015).
- Fast Fourier transformation (FFT). http://mathworld.wolfram.com/FastFourierTransform.html. Accessed 28 Mar 2017.http://mathworld.wolfram.com/FastFourierTransform.html
- Cacti. http://www.cacti.net/. Accessed 28 Mar 2017.