The overall goal of this research project is to improve both the security level and the security awareness when developing, installing, and using (open source) VoIP/PBX/multimedia solutions.

The project is anchored in the newly formed EUX 2010 network where researchers (from the Nordic countries) regularly meet representatives from Nordic (probably extended to other European countries in near future) open source PBX/VoIP developers, integrators and deployers, consultants, support organizations, and (future) customers. The aim of EUX 2010 is to develop, in the coming years, an open integrated communication platform for voice and video communication giving government organisations and larger corporations a better communication infrastructure and a more efficient use of time and effort.

NR's contribution

We improve the security of VoIP systems by building a security testbed, preparing security models for various scenarios, and by performing security protocol verification.

Benefit for customers

Increased security, quality and stability in VoIP infrastructures.

Benefit for society

A more secure, stable VoIP infrastructure with highly knowledable vendors and service providers.


Research articles (with international refree)

  • Lars Strand, Josef Noll, and Wolfgang Leister. "Generic Security Services API authentication support for the Session Initiation Protocol" Accepted for publication at The Seventh Advanced International Conference on Telecommunications (AICT2011), Mar 2011, St. Maarten, The Netherlands Antilles.
  • Lars Strand and Wolfgang Leister. "Improving SIP authentication" Accepted for publication at The Tenth International Conference on Networks (ICN2011), Jan 2011, St. Maarten, The Netherlands Antilles.
  • Arne-Kristian Groven, Kirsten Haaland, Rüdiger Glott, and Anna Tannenberg. "Security measurements within the framework of quality assessment models for free/libre open source software" in Proceedings of the Fourth European Conference on Software Architecture: Companion Volume", ECSA´10, pages 229-235, New York, NY, USA, 2010. ACM. ISBN 978-1-4503-0179-4. doi:
  • Kirsten Haaland, Arne-Kristian Groven, Rüdiger Glott, and Anna Tannenberg. "Free/Libre Open Source Quality Models- a comparison between two approaches" in 4th FLOSS International Workshop on Free/Libre Open Source Software, Jul 2010.
  • Rüdiger Glott, Arne-Kristian Groven, Kirsten Haaland, and Anna Tannenberg. "Quality Models for Free/Libre Open Source Software- Towards the Silver Bullet?" in Software Engineering and Advanced Applications, Euromicro Conference, pages 439-446, 2010, doi:
  • Lars Strand and Wolfgang Leister. "A Survey of SIP Peering", at NATO ASI - Architects of secure Networks (ASIGE10), May 2010.
  • Anders Moen Hagalisletto and Lars Strand. "Designing Attacks on SIP Call Setup" International Journal of Applied Cryptography, Volume 2, Number 1, July 2010, pp. 13-22.
  • Lothar Fritsch, Arne-Kristian Groven, Lars Strand, "A holistic approach to Open-Source VoIP security: Preliminary results from the EUX2010SEC project", in The Eighth International Conference on Networks (ICN2009), Mar 2009. (Awarded best paper)

Research reports/notes

  • Lothar Fritsch, Arne-Kristian Groven, "VoIP stakeholder profiling: Public stakeholders and infrastructure owners", DART/06/2009, NR note, Des 15., 2009.
  • Till Halbach, "Evaluation of VoIP Linux Distributions Based on Asterisk", DART/02/2010, NR note, Mar 16., 2010.
  • Lars Strand, "VoIP Lab as a Research Tool in the EUX2010sec Project", DART/08/2010, NR note, Apr 28., 2010.
  • Lars Strand, "Internal VoIP Lab Documentation for the EUX2010sec Project", DART/09/2010, NR note, Apr 28., 2010.
  • Thor Kristoffersen, Lars Strand, Arne-Kristian Groven, "Penetrasjonstesting av IP-telefoniløsningen i Buskerud fylkeskommune", DART/17/2010, NR note, Des 22., 2010.


  • Groven, Arne-Kristian: RiskNet Open Workshop, 24. June 2009, Oslo, Norway.
  • Fritsch, Lothar: RiskNet Open Workshop, 24. June 2009, Oslo, Norway.
  • Strand, Lars: "Introduction to Linux and networking", a one day lecture held for project partners as part of a three day VoIP course held in collaboration with Ibidium, 7-8 January 2009, Oslo, Norway.
  • Strand, Lars: "Authentication in SIP", poster presentation at VERDIKT programme conference 2008, 29-30 October 2008, Bergen, Norway.

Project material

Please refer also to our results list at the project site.