홈으로ArticlesAll Issue
ArticlesScalable Lightweight Blockchain-Based Authentication Mechanism for Secure VoIP Communication
  • Abir El Azzaoui, Min Yeong Choi, Chang Hoon Lee, and Jong Hyuk Park*

Human-centric Computing and Information Sciences volume 12, Article number: 08 (2022)
Cite this article 2 Accesses
https://doi.org/10.22967/HCIS.2022.12.008

Abstract

Currently, the world is experiencing a global pandemic due to the spread of coronavirus disease 2019 (COVID-19), a disease stemming from a novel coronavirus. The main measure used to contain the rapid spread and to control this virus’s contamination rate is social distancing. This method has dramatically affected citizens’ daily lives. To this end, replacing face-to-face meetings with virtual meetings using cloud videoconferencing application solutions has emerged. This approach has indeed solved this problem for millions of schools, companies, governments, and individuals worldwide. However, security and privacy concerns arise. The number of videoconferencing users has increased during the pandemic, yet some applications offer only unencrypted communication for unpaid users. Moreover, uninvited attendees can join virtual meetings, collect sensitive information about users and shared files, and participate in them using deepfake tools. To resolve this dilemma, we propose in this paper a lightweight, scalable blockchain-based authentication mechanism to secure cloud videoconferencing. Private blockchain, as a decentralized network, can handle user authentication and provide complete data privacy to shared information in a virtual meeting. Moreover, to reduce the latency and mining processing overhead and for scalability of the system, we use a time-based consensus algorithm. Our simulation shows very low latency results, perfect for a video system.


Keywords

Blockchain Videoconferencing, Security, Privacy, Authentication


Introduction

Videoconferencing is not a new term. This concept dates to the late 19th century under the name of videotelephony [1]. The year 1930 marked the first publicly available videotelephone, which was in a booth installed in a post office. With the development of Internet technologies and the widespread use of computers, AT&T successfully created the first version of videoconferencing in 1970, by which anyone could subscribe to and use the service in the comfort of their own home. Web-based videoconferencing allows users in different locations to engage in real-time face-to-face interactions over the Internet. This technology revolutionized numerous industries, including finance, medical, and education, among others. With regard to medications, for example, patients with mild symptoms are not required to visit hospitals and wait in line to talk to a doctor or physician; instead, they can use telemedicine, which is a form of videoconferencing hosted by doctors and their patients. Telemedicine accordingly helps with the practice of medicine using technology at a distance and reduces the stress of visitors on hospitals, thus reducing contamination and virus propagation.
Videoconferencing has been used and developed over the years for various reasons; notably, with the current global pandemic of coronavirus disease 2019 (COVID-19), multiple industries are forced to work remotely instead of in regular offices. Principally with the launch of 5G network technology, it enhances videoconferencing resolution and the quality-of-service perceptions, which significantly influenced users. The usage of videoconferencing applications has noticeably increased during the global pandemic. For example, “Zoom,” a videoconferencing application, was founded in 2011 but only received attention from the public in 2020 due to the COVID-19 epidemic, reaching 300 million daily users, with 3 trillion annual meeting minutes [2]. This well-known videoconferencing software was downloaded 485 million times in 2020 alone. Users worldwide, including companies, schools, hospitals, and individuals, rely on web-based videoconferencing such as Zoom, Google Meet, Skype, and many more, for various reasons. Videoconferencing appears to connect people regardless of their distance and/or circumstances. Users only need a device connected to the Internet, such as a smartphone or computer, to connect, have face-to-face meetings, socialize with friends and family, follow real-time courses, and receive quick advice from their doctors.
Videoconferencing technology is helping millions worldwide in their daily lives, generally during unique and challenging situations such as COVID-19 and over long distances. However, concerns about its security and privacy arise. During a virtual meeting over the Internet, users tend to share sensitive information, such as their faces, full names, ID numbers, company data, and medical data, among other types. Moreover, videoconferencing software allows file and screen sharing as well; such files may include confidential data but are openly shared over the Internet. Some videoconferencing applications do not provide robust data security for unpaid users, exposing the data transmitted by normal users openly. This is a critical issue that users and service providers should not disregard. Recently, it was reported that nearly 352 Zoom application users accounts were comprised. These accounts include those of healthcare providers and school institutions in the United States. Moreover, more than 500,000 instances of account information were leaked and sold over the dark web. Hence, videoconferencing security and privacy are significant concerns that urge quick responses from service providers as the usage of this technology has grown over time.
On the other hand, blockchain technology, as a secure, shared ledger, and its sub-technologies such as smart contracts can bring about desirable security and privacy to videoconferencing systems. Blockchain is a technology that has been used recently to secure data and ensure the authentication of multiple services in an innovative city environment. To this end, and to solve the security concerns related to videoconferencing technologies, we propose in this paper the usage of blockchain technology fully to support the confidentiality, integrity, authentication, and privacy of users and entities such as companies. We discuss various types of potential attacks on videoconferencing software and the types of data that can be leaked. Moreover, through our proposed architecture and the use of a lightweight private blockchain, we satisfy the latency and real-time communication requirements while not affecting the quality-of-service and quality-of-experience metrics. Our primary research contributions are presented below

We propose a simple architecture based on blockchain to secure communication between users over videoconferencing software. Blockchain technology is used to secure users’ identities and shared data and to control authentication and the users who have access to the data.

An organized study of potential attacks and data leakage events is provided to demonstrate the threats and the types of data that can be exposed.

We discuss the potential of the proposed architecture by simulating it, calculating the latency, and explaining how it can be prone to cyberattacks.

Open research issues related to the use of blockchain for videoconferencing technology are discussed, as are related performance issues.


The rest of the paper is organized as follows. In Section 2, we present a general overview of blockchain and videoconferencing technologies and some recent related works. Section 3 discusses the convergence of blockchain for videoconferencing technology supported by a detailed architecture. In Section 4, we discuss some of the most critical open research challenges and performance issues. We conclude this work by in Section 5.


Related Work

In this section, first we discuss some of the main seminal contributions, offer an overview of blockchain and videoconferencing systems, and discuss the primary key consideration of the proposed framework.

Existing Research
Kiah et al. [3] proposed a novel design of a videoconferencing framework for real-time telemedicine applications. Their proposal utilized secure group-based communication architecture and Java media framework application programming interface classes to test the feasibility of their framework. The authors used as well Rivest-Shamir-Adleman (RSA) and Advanced Encryption Standard (AES) algorithms to provide the required security services. However, in their results, the encryption phase notably increases the videoconferencing computational time. On the other hand, Khalaf et al. [4] deployed blockchain technology for live streaming video transmissions and telecommunication algorithms. Their proposal focuses more on the reliability and flexibility of video streaming services; however, security concerns are not considered. Jan et al. [5] discussed as well the usability of blockchain technology for the Internet of Multimedia Things. Their survey stressed the importance of blockchain for authentication, privacy, trust, and security in multimedia, such as videoconferencing services. The authors reviewed some of the existing blockchain-enabled multimedia platforms, such as Theta, Livepeer, Moecp, Waltonchain, IoTeX, and OriginTrail. However, their study does not include a robust security analysis, nor does it provide results. Meanwhile, Gipp et al. [6] deployed blockchain’s Bitcoin for the security and integrity of videos and video-camera-enabled smartphones. Their proposal hashes the bits of each video into SHA256 and transmits the hash to a blockchain transaction. It seems promising as it provides the desired levels of security and privacy. However, it cannot be utilized for real-time video transmissions such as videoconferencing as it is computationally heavy and not cost-effective. Hasan and Salah [7] considered a very interesting security issue in videoconferencing, that of deepfake videos. The authors used blockchain, smart contracts, and the InterPlanetary File System (IPFS) to generate a unique hash for each video and to validate the video’s owner, both on-chain and off-chain.
Multiple studies have discussed security issues as they related to video streaming, multimedia as well as, videoconferencing using blockchain. However, to the best of our knowledge, no study has yet deployed blockchain for real-time video streaming applications. During COVID-19, and with the increased use of videoconferencing platforms for work, research, meetings, and socialization, the risk of cyber-attacks has increased. Primarily, most videoconferencing service providers do not provide security measures for unsubscribed users. Thus, in this study, we propose a blockchain-based secure authentication scheme to verify, validate, and create a cluster of authentic users. Adopting this method ensures that only honest users have the right to participate in a given video call, including sending and receiving files, viewing files, and joining either the video, audio, or both.

Core Technologies
In this paper, the leading deployed technologies are blockchain and videoconferencing systems; we will review below the concepts and components of these technologies.

Blockchain
Blockchain is a chain data structure in which all data are structured into blocks connected based on adding time [8]. Blockchain is proved to be cryptographically secured against data manipulation. Thus, using it can ensure network stability and security. Despite its short history, blockchain has been successfully integrated into multiple applications and industry sectors due to its security benefits [9]. Apart from its financial uses, such as Bitcoin and similar applications, Blockchain has proved its role as a secure and decentralized database based on blockchain technology. The decentralized storage in the blockchain can be used to store extensive complex data into securely connected blocks. The decentralized and secure nature of blockchain makes it a promising solution for videoconferencing. Blockchain was initially designed as a linear infrastructure based on linked data structures and hashing strategies. However, recently, non-linear infrastructures are being adopted for real-time applications, as they can handle big data based on graph theory and queuing information models, making this technology perfect for latency-intolerant applications on videoconferencing systems. We can distinguish four types of blockchain [10]: public or permission-less blockchain, an open ledger where all nodes can participate in the validation process; private or permissioned blockchain, where a particular entity makes a restriction; a smart contract that executes acts included automatically once conditions are fulfilled without the intervention of a third party; and finally the consortium blockchain or semi-decentralized blockchain. Unlike the private blockchain, the consortium blockchain is controlled by a group of approved entities.

Videoconferencing
Videoconferencing is the technology that allows two or more users to interact, share files, and have a real-time face-to-face meeting [11]. Its infrastructure consists of four main layers; the endpoint is the user’s device, such as a computer or a smartphone. Peripheral equipment such as webcams and microphones are used during the interaction. Videoconferencing servers are used to process meeting data and manage videoconferencing [12]. The last layer is the software infrastructure, including content transmission and storage.
In Fig. 1(a), the end-to-end videoconferencing concept, also known as point-to-point video-conferencing, is explained. A centralized server residing in the cloud usually controls and manages the communication and interaction between two users at different locations. Unlike the end-to-end architecture, the centralized multi-point videoconferencing system allows multiple users to interact using a multi-point conferencing unit (MCU), as depicted in Fig. 1(b).

Fig. 1. (a) End-to-end videoconferencing systems and (b) centralized multi-point videoconferencing.


Threat modeling
In recent years, security experts have warned about the growing risk and potential impact of cyber-physical attacks on important systems. The videoconferencing system is highly dependent on the physical server and storage, and telemetry vulnerabilities of the hardware can allow cyber tampering and the interception of data, as discussed in [13].

Spoofing: Spoofing in videoconferencing can be divided into three categories source device spoofing, content spoofing, and action spoofing [14]. Source device spoofing is when an attacker steals device-related data such as the identification and IP address and pretends to be the actual device to access the server. Content spoofing refers to the modification of video or audio contents during a videoconferencing call. Action spoofing is when an attacker successfully enters a system and alters an action by replacing it with another one. Thus, when a user chose this action, he will be prone to attacks as well.

Tampering: The tampering of data based on cloud services occurs when an attacker manages to access data storage devices and manipulate video/audio files and shared files data [15]. An attacker can delete, modify, and manipulate the stored data in a method known as, log data tampering.

Repudiation: When a user is not honest, he can deny receiving any data or, in more severe cases, manipulate the data obtained. This is known as content data repudiation [16].

Activity hiding: An attacker can manage to hide all his activities and refuse to participate in a future investigation with the system [14]

Information disclosure: When an unauthorized user joins a system, this user can disclose other participants’ data, such as their names, locations, faces, and voice patterns, among other types. Moreover, the attacker can disclose other users’ device information, such as their IPs, locations, and shared files [17].

Call data disclosure: An unauthorized user can make a soft copy of a video call and share it with other malicious attackers for various reasons [18]. In secret video meetings such as company videoconferencing, or juridical videoconferencing, any disclosure or copy of the information shared has high costs.

Denial of service: Denial of service (DoS) is performed by an attacker to make a service non-accessible by authorized users. This can be done by sending falsified packs and creating traffic in the system. On the other hand, a distributed denial of service (DDoS) attack refers to multiple devices joining in, making the entire system inaccessible. In some cases, even the participant’s devices can be a source of DDoS attacks [19].

Elevation of privilege: The elevation of privilege attack is when an attacker manages to have the admin or service provider’s control. It is usually a typical attack that requires much experience and various technologies. Thus, it is critical to the system. In most cases, the service provider does not know it has been compromised by an attacker in such cases [20].


Other potential attacks have also been explained in the literature [21], as depicted in Fig. 4. They can be described as follow:

Hardware integrity attack: After successfully joining a system, an attacker may access honest users’ devices and manipulate them [22]. The attacker can bypass the security measures set by video-conferencing services such as firewalls and passwords.

Reverse engineering: An attacker can access the service provider’s application code and reverse-engineer it based on a desire to perform more serious attacks [23].

Footprinting: This attack refers to when an intruder manages to learn about video call session aspects, such as the time, number of participants, and subject [24]. This may not be directly a harmful attack, but it can lead to more critical issues.

Fuzzing: Fuzzing is a testing method for software to discover its weaknesses and security issues [25]. Cyber-attackers widely use this method to learn more about the software and system.

Brute Force: A brute force attack is a type of trial-and-error attack during which an attacker launches a variety of attacks simultaneously to discover the best way to access the system [26].



Key consideration
The primary considerations of the proposed framework are described below.
Security and privacy: Videoconferencing system are very fragile as they contain sensitive shared information from their users, such as personal and work files; spoken information such as names, ages, addressers; and other personal and professional details. Moreover, videoconferencing is a space where users openly share their voice and face records. This information is prone to attacks; thus, securing these forms of data from any possible attack is critical. We address this problem by allowing access only to pre-authenticated users.
Confidentiality: The main challenge of videoconferencing systems and applications is the confidentiality of the corresponding platforms’ shared information and data. Sensitive data are prone to leakages and attacks from third parties, leading to data manipulation, losses, or exposure by unauthorized individuals.
Integrity: Users often share data and files over videoconferencing systems. An attacker may use malware or a masquerade attack to erase such data. Data manipulation and losses are other serious issues related to the integrity of a videoconferencing system.
Availability: Due to the real-time nature of videoconferencing systems, data and shared information require fast accessibility. Data should be accessible by authorized individuals and parties upon request. Assuring the availability and accessibility of data and services is critical to maintaining high quality-of-service and quality-of-experience levels.
Authenticity: For a videoconferencing system, joining a video meeting without a prior invitation is one of the easiest types of cyber-attacks. “Zoom bombing,” a new term for this attack, was coined given the increased usage of the Zoom videoconferencing application, referring to when an un-invited user succeeds in joining a Zoom meeting (work, study, or socializing meetings). The attacker is capable of listening, viewing, and participating in the conversation. Improving authentication methods and mechanisms is a critical step for a secure videoconferencing experience.


Proposed Framework

System Overview
The proposed blockchain-based videoconferencing security framework consists of three main layers: (1) the device layer, (2) the edge layer, and (3) the cloud layer.
The device layer involves several users, joining videoconferencing devices such as phones, computers, cameras, projectors, and Internet connections such as 5G networks. The user layer is based on heterogeny; honest and misbehaving users are all parts of this layer. The edge layer is where our blockchain resides. In this layer, blockchain is used to verify, validate, and authenticate users. Honest users will be added to the Blockchain ledger as a transaction with a signed certificate.
While dishonest devices will be excluded from the ledger, only users with signed validated certificates can participate in the videoconferencing system. Instruments that show signs of manipulation will be signaled to the blockchain and rejected from the communication channel. The last layer of the proposed framework is the cloud layer. The cloud layer is where the data center resides, and it serves as a means of communication between users. Real-time videos are uploaded and downloaded from the data center at the cloud layer. The cloud data center manages all users and hosts videoconferencing applications such as Zoom software. The details mentioned above are depicted in Fig. 2.

Fig. 2. System overview of the proposed framework.


Methodology and System Workflow
To explain the workflow of our system, system considerations should be discussed first. The type of blockchain we use in this proposal is a private blockchain. A trusted entity controls the blockchain; we assume that the trusted entity is the videoconferencing platform provider. The platform provider will select a group of other trusted nodes or users to verify and validate other users. The private blockchain is considered to be a lightweight form of blockchain and thus consuming less energy and time during the consensus phase. Moreover, it is more suitable for real-time applications such as videoconferencing systems. We consider that the encryption and decryption methods are performed on the service provider side. The steps of users’ authentication and validation can be described as follows:

Step 1: The first user who intends to start a videoconferencing call must send a request with its own device identification, the pseudo name used, the timestamp, and a nonce, to the service provider. The timestamp and nonce are used to verify the consistency of the messages sent by the same user.

Step 2: The videoconferencing platform provider will verify the identification of the first sender and judge the validity of this user.

Step 3: If the first user is judged to be honest by the service provider, the blockchain consensus protocol will be initialized. The service provider will send a public key to the first user. This key is calculated in the MD5 digest and with a 128-bit hash value.

Step 4: The first user utilizes the received public key to encrypt a message and send it to users who intend to join the videoconference call, including a timestamp and a nonce. Because the nonce and timestamp are different every time, this step eliminates the possibility of a reply attack. Moreover, there is a giving time delay rate to be accepted, and if the time delay is exceeded, the receiver would know that there is a man-in-the-middle attack occurring in the system.

Step 5: Every user who receives the message from the first user will forward the message to the blockchain pre-selected verification nodes, with the received encrypted message, timestamp, and nonce, adding a new timestamp that indicates the time of message reception.

Step 6: The blockchain pre-selected verification nodes, acquiring pre-knowledge of the service provider public key, will decrypt and verify the message and the timestamps received. The system has a certain amount of an acceptable time delay. The decryption phase and details are out of the scope of this study.

Step 7: If the timestamp exceeds the system accepted time delay or if the message is incorrect, the verification node will declare the user as malicious. Otherwise, the user will be stated as honest.

Step 8: All participating verification nodes continue to send replies to the service provider until the received number of messages exceeds 51% of the participating nodes. Once the required number of messages is received, the system reaches a consensus.

Step 9: The service provider will verify the received replies. If the user is judged as honest, a new block is created. Otherwise, the identification of the malicious user will be stored at the service provider’s server at the cloud layer and this user will be denied access to the videoconferencing call.

Step 10: If the same user ID is declared a malicious device more than five times, the device will be denied access to the service or used as a penalty. At the same time, honest devices once identified will be capable of joining the service and participating in the videoconferencing call and passing subsequent verification.

As discussed above, the server at the cloud layer will store the identification of all malicious nodes and accumulate these entities in its memory, matching the number of times the same device has been declared as a malicious node. If this number exceeds five, the device will be rejected from using the system forever. Moreover, honest devices participating in multiple rounds and proved, to be frank, can become verification nodes in the future. This system utilizes a lightweight blockchain (private blockchain) to verify and validate users before the videoconferencing call starts. If a malicious device wants to join the call, it must have the encrypted message sent by the first user as an invitation. Moreover, it needs to send a request for verification in a short amount of time. Otherwise, it will be denied the service and rejected if the number of denials exceeds five. Algorithm 1 depicted the proposed system. Table 1 provides the notations utilized and their respective meanings, while Fig. 3 shows a flowchart of the proposed method.
Algorithm 1. Lightweight blockchain authentication
Input: The first user request message
Output: Honest and malicious users list
Process:
R.send(<$R_{id},Msg,t$>,request,$SP_k$);
$SP_k$. receive (request);
$SP_k$. verify (<$R_{id},Msg,t$>);
  if verify == false {
    $SP_k$. omit(request);     $SP_k$. add (<$R_{id}>, ML$);
  } else {
  $SP_k$. send ($<SP_{pid},t,n>,R_{id}$);
  $R_{id}$. receive (<$SP_{pid}$>,t,n);
  $R_{id}$. encrypt (<$SP_{pid}$>,Bmsg);
  $R_{id}$. broadcast (Bmsg, t, n);
  $U_{i}$. receive (Bmsg, t, n);
  $U_{i}$. send (Bmsg, t, n, $U_{id}$);
  }
While Bmsg.receive =$! \frac{VN}{2}+ 1do${
  $VN$. recieve (Bmsg, t, n, $U_{id}$;
  $VN$. verify (Bmsg, t, n, $U_{id}$;
  if Bmsg =! True or $t > Δt$ {
    $VN$. omit ($U_{id}$)
    $VN$. add (<$U_{id}$>, ML)
    }
    else {
      $VN$. add (<$U_{id}$>, HL)
    }   } End

Table 1. Notations utilized
Variable Definition Variable Definition
$R, R_{id}$ The root node, the first node to request a video conference call and its respective identification $U_{id}$ Identification
$SP_k$ Service Provider $VN$ Verification nodes
$Msg$ Message $Δt$ Permissioned delay
t Timestamp $HL$ Honest user list
$ML$ Malicious nodes list $SP_{pid}$ Pseudo key of the service provider
$Bmsg$ Broadcasted message $n$ Random nonce


Fig. 3. Flowchart of the proposed system.


Analysis and Open Issues

System Analysis
To evaluate our system, we utilized Network Simulator-3 (ns-3), based on C++, to implement virtual nodes representing a video call participant. Go-Ethereum is used to implement and test the blockchain network feasibility and execution time based on the fault-tolerance node. The simulation was performed on an Intel Core-i7 computer with 16 GB of RAM running under Ubuntu Linux. As shown in Fig. 4, the proposed Blockchain algorithm for validation scores better in terms of the execution time, making it perfect for latency-intolerant applications such as videoconferencing software. Moreover, comparing the utilization of blockchain to verify and validate the participating nodes contributes directly to decreasing the number of potential attacks such as spoofing, tampering, repudiation, information disclosure, call data disclosure, denial of service, elevation of privilege, and hardware integrity attacks, among others. The proposed method covers large security measures as the verification and authentication phase is executed before the video call.

Fig. 4. Proposed blockchain algorithm execution time.


Discussion and Open Issues
Blockchain technology is a promising tool for security and privacy concerns. For systems such as videoconferencing, which are latency-sensitive, a fast and efficient tool must be used. Thus, we have deployed in the proposed framework a lightweight blockchain ledger that relies on a private blockchain. In the private blockchain, a group of pre-selected and trusted nodes participate in a consensus algorithm and are controlled by a single entity, thus reducing the time and computation power needed. The proposed framework provides the required privacy and security levels by authenticating nodes that can participate in the videoconferencing call.
However, some issues are not yet addressed in our proposal. Firstly, a root user who requests to initialize a videoconferencing call is verified only using its identification by the service provider; if a malicious node managed to become a root for a videoconferencing initialization, and even if all other users are honest, the communication will not be secure. Another point is related to the service provider itself. In cyber-attacks, an attacker can manage to impersonate a device or a server; thus, if a malicious node imitates the service provider to receive requests, all communications are at risk as a hostile server can view these messages. Providing secure communication and ensuring the privacy of videoconferencing systems are challenging tasks. Most current service providers do not cover security for unsubscribed users, which creates a greater chance of malicious attacks to occur. Users should be cautious when using these systems, as their data can be leaked, as can biometric information such as voice and facial identification data. The information mentioned above can be used for severe attacks such as deepfake attacks. Moreover, files shared during a videoconferencing call must be protected by an additional password in case an uninvited user joins the system. Table 2 presents a comparative analysis between our paper and other related state-of-the-art approaches.

Table 2. Comparison with existing research
Study Technology Efficiency Security Privacy
Kiah et al. [3] RSA and AES No Yes Yes
Khalaf et al. [4] Blockchain Yes No No
Jan et al. [5] Blockchain Yes No Yes
Gipp et al. [6] Blockchain, SHA256 No Yes Yes
Hasan and Salah [7] Blockchain No Yes Yes
This work Blockchain Yes Yes Yes


Conclusion

The videoconferencing system is an emerging technology, especially with the recent COVID-19 pandemic and the increased usage of such platforms. With the development of 5G technologies, videoconferencing systems are essential in our daily lives, whether in relation to work, study, or for simple and casual meetings. However, security issues and dilemmas arise. Multiple cases of deepfake video and Zoom bombing have been recorded in increased numbers during the pandemic. To this end, and in this paper, we propose the deployment of blockchain technology. A private blockchain as a secure ledger can ensure the security and privacy desired for such systems. Moreover, a private blockchain channel can verify, validate, and authenticate all participating users on the same videoconferencing call. Users who have been reported as malicious devices more than five times will be permanently rejected from the service. Blockchain deployment for videoconferencing security is a necessary step that requires urgent integration to create a safe and private environment for videoconferencing.


Acknowledgements

This research was supported by Energy Cloud R&D Program (No. 2019M3F2A1073386) through the National Research Foundation of Korea, both funded by the Ministry of Science and ICT.


Author Contributions

Conceptualization, AEA, MYC. Methodology, AEA. Software, AEA. Validation, AEA, MYC. Formal analysis, AEA. Investigation, AEA. Resources, AEA, MYC. Writing—original draft preparation, AEA, MYC. Writing—review and editing, AEA, MYC, JHP. Visualization, AEA. Supervision, JHP. Project administration, JHP, CHL. Funding acquisition, CHL. All authors have read and agreed to the published version of the manuscript.


Competing Interests

The authors declare that they have no competing interests.


Authors Biography

Authors
Abir El Azzaoui received a B.S. degree in computer science from the University of PicardieJules-Verne, Amiens, France. And a master’s degree from the Seoul University of Science and Technology, Seoul, South Korea. She is currently pursuing a PhD degree in computer science and engineering with the Ubiquitous Computing Security (UCS) Laboratory, Seoul National University of Science and Technology, Seoul, South Korea, under the supervision of Prof. Jong Hyuk Park. Her current research interests include Quantum communication, Blockchain, Internet-of-Things (IoT) security, and cloud security. She is also a reviewer of the IEEE Access, and IEE TII journal.

Authors
Minyeong Choi received a B.S. degree in electrical engineering from JeonBuk national university, Jeonju, South Korea. He is currently pursuing his master’s degree in computer science and engineering with Cyber Information Security (CIS) Laboratory at Seoul National University of Science and Technology. His research interests include digital forensics, encryption, information security, cyber threat intelligence, and lightweight cryptography.

Authors
Seungwon Jung received a B.S. degree in computer science from Seoul National University of Science and Technology, Seoul, South Korea. He is currently pursuing his master’s degree at the same university with Cyber Information Security (CIS) Laboratory. His research interests include digital forensics, cryptography, information security, and cyber threat intelligence.

Authors
Dr. Changhoon Lee received his Ph.D. degree in Graduate School of Information Management and Security (GSIMS) from Korea University, Korea. In 2008, he was a research professor at the Center for Information Security Technologies in Korea University. In 2009-2011, he was a professor in the School of Computer Engineering in Hanshin University. He is now a professor at the Department of Computer Science and Engineering, Seoul National University of Science and Technology(SeoulTech), Korea. He has been serving not only as chairs, program committee, or organizing committee chair for many international conferences and workshops but also as a (guest) editor for international journals by some publishers. His research interests include Cyber Threats Intelligence(CTI), Information Security, Cryptography, Digital Forensics, IoT Security, Computer Theory etc. He is currently a member of the IEEE, IEEE Computer Society, IEEE Communications, IACR, KIISC, KDFS, KIPS, KITCS, KMMS, KONI, and KIIT societies.

Authors
Dr. Jong Hyuk (James J.) Park received Ph.D. degrees in the Graduate School of Information Security from Korea University, Korea. He is a professor at the Department of Computer Science and Engineering and Department of Interdisciplinary Bio IT Materials, Seoul National University of Science and Technology (SeoulTech), Korea. He is editor-in-chief of Human-centric Computing and Information Sciences (HCIS) by KIPS, The Journal of Information Processing Systems (JIPS) by KIPS, and Journal of Convergence (JoC) by KIPS CSWRG. His research interests include IoT, Human-centric Ubiquitous Computing, Information Security, Digital Forensics, Vehicular Cloud Computing, Multimedia Computing, and so on. In addition, he has been serving as a Guest Editor for international journals by some publishers: Springer, Elsevier, John Wiley, Oxford University Press, Emerald, Inderscience, and MDPI.


References

[1] Wikipedia, “Videotelephony,” 2021 [Online]. Available: https://en.wikipedia.org/wiki/Videotelephony.
[2] Business of Apps, “Zoom revenue and usage statistics,” 2021 [Online]. Available: https://www.businessofapps.com/data/zoom-statistics/.
[3] M. M. Kiah, S. H. Al-Bakri, A. A. Zaidan, B. B. Zaidan, and M. Hussain, “Design and develop a video conferencing framework for real-time telemedicine applications using secure group-based communication architecture,” Journal of Medical Systems, vol. 38, article no. 133, 2014. https://doi.org/10.1007/s10916-014-0133-y
[4] O. I. Khalaf, G. M. Abdulsahib, H. D. Kasmaei, and K. A. Ogudo, “A new algorithm on application of blockchain technology in live stream video transmissions and telecommunications,” International Journal of e-Collaboration (IJeC), vol. 16, no. 1, pp. 16-32, 2020.
[5] M. A. Jan, J. Cai, X. C. Gao, F. Khan, S. Mastorakis, M. Usman, M. Alazab, and P. Watters, “Security and blockchain convergence with Internet of Multimedia Things: current trends, research challenges and future directions,” Journal of Network and Computer Applications, 175, 102918, 2021. https://doi.org/10.1016/j.jnca.2020.102918
[6] B. Gipp, J. Kosti, and C. Breitinger, “Securing video integrity using decentralized trusted timestamping on the bitcoin blockchain,” in Proceedings of the10th Mediterranean Conference on Information Systems (MCIS), Paphos, Cyprus, 2016.
[7] H. R. Hasan and K. Salah, “Combating deepfake videos using blockchain and smart contracts,” IEEE Access, vol. 7, pp. 41596-41606, 2019.
[8] A. El Azzaoui, S. K. Singh, Y. Pan, and J. H. Park, “Block5gintell: blockchain for ai-enabled 5G networks,” IEEE Access, vol. 8, pp. 145918-145935, 2020.
[9] M. M. Salim, V. Shanmuganathan, V. Loia, and J. H. Park, “Deep learning enabled secure IoT Handover authentication for blockchain networks,” Human-centric Computing and Information Sciences, vol. 11, article no. 21, 2021. https://doi.org/10.22967/HCIS.2021.11.021
[10] Y. Lee, S. Rathore, J. H. Park, and J. H. Park, “A blockchain-based smart home gateway architecture for preventing data forgery,” Human-centric Computing and Information Sciences, vol. 10, article no. 9, 2020. https://doi.org/10.1186/s13673-020-0214-5
[11] C. Egido, “Video conferencing as a technology to support group work: a review of its failures,” in Proceedings of the 1988 ACM Conference on Computer-Supported Cooperative Work, Portland, OR, 1988, pp. 13-24.
[12] A. C. Florentino, S. C. M. Barbalho, and R. C. S. Machado, “Proposal and validation of a standard protection profile for homologation of commercial videoconferencing equipment,” IEEE Access, vol. 9, pp. 24288-24304, 2021.
[13] R. Hasan and R. Hasan, “Rowards a threat model and security analysis of video conferencing systems,” in Proceedings of 2021 IEEE 18th Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, 2021, pp. 1-4.
[14] Z. Yu, C. Zhao, Z. Wang, Y. Qin, Z. Su, X. Li, F. Zhou, and G. Zhao, “Searching central difference convolutional networks for face anti-spoofing,” in Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, Seattle, WA, 2020, pp. 5295-5305.
[15] Q. Y. Zhang, D. H. Zhang, and F. J. Xu, “An encrypted speech authentication and tampering recovery method based on perceptual hashing,” Multimedia Tools and Applications, vol. 80, pp. 24925–24948, 2021.
[16] J. Sun, X. Yao, S. Wang, and Y. Wu, “Non-repudiation storage and access control scheme of insurance data based on blockchain in IPFS,” IEEE Access, vol. 8, pp. 155145-155155, 2020.
[17] L. Yu, H. Li, W. He, F. K. Wang, and S. Jiao, “A meta-analysis to explore privacy cognition and information disclosure of internet users,” International Journal of Information Management, vol. 51, article no. 102015, 2020. https://doi.org/10.1016/j.ijinfomgt.2019.09.011
[18] S. Schmitz-Berndt and S. Schiffner, “Don’t tell them now (or at all)–responsible disclosure of security incidents under NIS Directive and GDPR.” International Review of Law, Computers & Technology, vol. 35, no. 2, pp. 101-115, 2021.
[19] A. Mishra, N. Gupta, and B. B. Gupta, “Defense mechanisms against DDoS attack based on entropy in SDN-cloud using POX controller,” Telecommunication Systems, vol. 77, no. 1, pp. 47-62, 2021.
[20] L. Li, L. Yu, C. Yang, J. Gou, J. Yin, and X. Gong, “Rolling attack: an efficient way to reduce armors of office automation devices,” in Information Security and Privacy. Cham, Switzerland: Springer, 2020, pp. 479-504.
[21] D. Kagan, G. F. Alpert, and M. Fire, “Zooming into video conferencing privacy and security threats,” 2020 [Online]. Available: https://arxiv.org/abs/2007.01059.
[22] R. Montasari, A. Daneshkhah, H. Jahankhani, and A. Hosseinian-Far, “Cloud computing security: hardware-based attacks and countermeasures,” in Digital Forensic Investigation of Internet of Things (IoT) Devices. Cham, Switzerland: Springer, 2021, pp. 155-167.
[23] K. Yoshida, T. Kubota, S. Okura, M. Shiozaki, and T. Fujino, “Model reverse-engineering attack using correlation power analysis against systolic array based neural network accelerator,” in Proceedings of 2020 IEEE International Symposium on Circuits and Systems (ISCAS), Seville, Spain, 2020, pp. 1-5.
[24] X. R. Liu, M. M. Zhang, and M. L. Gross, “Mass spectrometry-based protein footprinting for higher-order structure analysis: fundamentals and applications,” Chemical Reviews, vol. 120, no. 10, pp. 4355-4454, 2020.
[25] G. Casteur, A. Aubaret, B. Blondeau, V. Clouet, A. Quemat, V. Pical, and R. Zitouni, “Fuzzing attacks for vulnerability discovery within MQTT protocol,” in Proceedings of 2020 International Wireless Communications and Mobile Computing (IWCMC), Limassol, Cyprus, 2020, pp. 420-425.
[26] A. Rechavi and T. Berenblum, “What's in a Name? Using words' uniqueness to identify hackers in brute force attacks,” International Journal of Cyber Criminology, vol. 14, no. 1, pp. 361-382, 2020.

About this article
Cite this article

Abir El Azzaoui, Min Yeong Choi, Chang Hoon Lee, and Jong Hyuk Park*, Scalable Lightweight Blockchain-Based Authentication Mechanism for Secure VoIP Communication, Article number: 12:08 (2022) Cite this article 2 Accesses

Download citation
  • Recived8 September 2021
  • Accepted1 November 2021
  • Published28 February 2022
Share this article

Anyone you share the following link with will be able to read this content:

Provided by the Springer Nature SharedIt content-sharing initiative

Keywords