Christian Schanes
Projektass. Dipl.-Ing. Dr.techn.
Christian Schanes
- Email: christian.schanes@tuwien.ac.at
- Phone: +43-1-58801-183411
- Office: (1040 Wien, Favoritenstrasse 11)
- About:
- Orcid:
- Keywords:
- Roles: PostDoc Researcher
Publications
Trapping and analyzing malicious voip traffic using a honeynet approach.
Markus GruberFlorian FankhauserStefan TaberChristian SchanesThomas GrechenigKeywords:
Astract: Since several years the number of VoIP (Voice over
IP) infrastructures increases and, consequently, the number of
VoIP users increases too. Under these circumstances VoIP systems
get more and more attractive for attackers, since the probability
of successful attacks increases and attackers gain benefits, e.g.,
money with fee-based telephone numbers. Therefore, this paper
describes a solution to capture, monitor and report VoIP attacks
to gain more knowledge on current and new VoIP attacks.
Gruber, M., Fankhauser, F., Taber, S., Schanes, C., & Grechenig, T. (2011). Trapping and analyzing malicious voip traffic using a honeynet approach. In Proceedings of the 6th International Conference on Internet Technology and Secured Transactions (pp. 442–447). IEEE. http://hdl.handle.net/20.500.12708/54037
Generic data format approach for generation of security test data
Christian SchanesFlorian FankhauserStefan TaberThomas GrechenigKeywords:
Astract: Security testing is an important and at the same
time also expensive task for developing robust and secure
systems. Test automation can reduce costs of security tests
and increase test coverage and, therefore, increase the number
of detected security issues during development. A common
data format as the basis for specific test cases ensures that
the implementation of the generation logic for security test
data is only needed once and can be used for various data
formats by transforming the data to the common data format,
generating the test data and transforming back to the original
data format. The introduced approach enables to generate test
data for various formats using a single implementation of the
generation algorithm and applying the results for specific test
cases in different data formats.
Schanes, C., Fankhauser, F., Taber, S., & Grechenig, T. (2011). Generic data format approach for generation of security test data. In Proceedings of the Third International Conference on Advances in System Testing and Validation Lifecycle (pp. 103–108). IARIA. http://hdl.handle.net/20.500.12708/54038
Security status of voip based on the observation of real-world attacks on a honeynet
Markus GruberFlorian FankhauserStefan TaberChristian SchanesThomas GrechenigKeywords:
Astract: VoIP (Voice over IP) systems more and more replacing PSTN (Public Switched Telephone Network) infrastructureswhat increases dependency of available and secure VoIP systems for successful business. Attacks against VoIP systems are becoming more imaginative and many attacks can cause damage, e.g., gain money for attackers or create costs for the victim. Therefore, in this paper the current security status of VoIP systems are described with observations of VoIP attacks in a honeynet. The achieved results can help to adapt existing prevention system to avoid the recognized and analyzed attacks in a productive environment.
Gruber, M., Fankhauser, F., Taber, S., Schanes, C., & Grechenig, T. (2011). Security status of voip based on the observation of real-world attacks on a honeynet. In Proceedings of the Third IEEE International Conference on Information Privacy, Security, Risk and Trust (pp. 1041–1047). IEEE. http://hdl.handle.net/20.500.12708/54039
Automated Security Test Approach for SIP based VoIP Softphones
Stefan TaberChristian SchanesClemens HlauschekFlorian FankhauserThomas GrechenigKeywords:
Astract: Robustness of applications used for Voice
over Internet Protocol based systems against attacks
is a critical part to secure such systems. Automatic
security testing is required to detect security vulnera-
bilities in an efficient way. This enables to harden the
applications early during the development phase. In the
paper we present a fuzzer framework to detect security
vulnerabilities in Voice over IP (VoIP) Softphones which
implement Session Initiation Protocol (SIP). The pre-
sented approach automates the Graphical User Interface
(GUI) interaction for softphones during fuzzing and
also observes the behavior of the softphone GUIs to
automatically detect application errors. Results of testing
two open source softphones by using our fuzzer showed
that various unknown vulnerabilities could be identified
with the implemented fuzzer and some vulnerabilities
were found that are only detectable by using GUI
observation.
Taber, S., Schanes, C., Hlauschek, C., Fankhauser, F., & Grechenig, T. (2010). Automated Security Test Approach for SIP based VoIP Softphones. In Proceedings of The Second International Conference on Advances in System Testing and Validation Lifecycle (pp. 114–119). IEEE Computer Society Press. http://hdl.handle.net/20.500.12708/53539
A Robust and Flexible Test Environment for VoIP Security Tests.
Maximilian RonnigerFlorian FankhauserChristian SchanesThomas GrechenigKeywords:
Astract: Voice over IP (VoIP) is in wide use today, replacing
phone lines in many scenarios. However, often, security
isn´t considered well enough, even though many security
attacks are already known. More research on VoIP security
is needed to enhance the level of security of VoIP systems
and to show the implications of failing to take appropriate
security measures. This paper presents an architecture and
implementation of a robust and flexible VoIP test environ-
ment for security related tests. Experiences using the im-
plemented environment for different VoIP security tests are
shown to demonstrate the suitability of the proposed test en-
vironment for research purposes.
Ronniger, M., Fankhauser, F., Schanes, C., & Grechenig, T. (2010). A Robust and Flexible Test Environment for VoIP Security Tests. In Proceedings of The 5th International Conference for Internet Technology and Secured Transactions (pp. 96–101). Infonomics Society, UK. http://hdl.handle.net/20.500.12708/53543
Team
Business Informatics Group, TU Wien
Professors
Christian Huemer
Ao.Univ.Prof. Mag.rer.soc.oec.Dr.rer.soc.oec.
Dominik Bork
Associate Prof. Dipl.-Wirtsch.Inf.Univ.Dr.rer.pol.
Gerti Kappel
O.Univ.Prof.in Dipl.-Ing.inMag.a Dr.in techn.
Henderik Proper
Univ.Prof. PhDResearchers
Aleksandar Gavric
Univ.Ass. MEng. B.Eng.Galina Paskaleva
Projektass.in Dipl.-Ing.inDipl.-Ing.in BSc
Marianne Schnellmann
Univ.Ass.in BSc MScMarion Murzek
Senior Lecturer Mag.a rer.soc.oec.Dr.in rer.soc.oec.
Marion Scholz
Senior Lecturer Dipl.-Ing.inMag.a rer.soc.oec.