Detecting trustworthy real-time communications using a web-of-trust

Voice-over-IP protocols (e.g., SIP) are vulnerable to many types of attacks. One core challenge in preventing VoIP attacks is to assess the trustworthiness of the caller's identity. Further, spoofing attacks must be prevented by verifying that the call has been initiated by the user belonging to the caller's identity. In this paper, we propose to adapt a Web-of-Trust model to real-time communication in order to assess the trustworthiness of incoming VoIP calls based on the social relationships among users. We present the design of a system which is capable of cryptographically verifying trust chains associated with VoIP users in real-time, i.e., with minimal overhead during the regular processing of signaling messages. We highlight the benefits of such a system as well as its limitations, discuss open issues, and finally present an evaluation of the proposed approach based on a prototypical implementation. Our results show that indeed real-time cryptographic verification of trust chains among users is feasible for VoIP communications.