DOCSLIB.ORG

SPAM Over Internet Telephony and How to Deal with It

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
SPAM Over Internet Telephony and How to Deal with It SPAM over Internet Telephony and how to deal with it Diploma thesis - Rachid El Khayari Supervisor: Prof. Dr. Claudia Eckert, Dr. Andreas U. Schmidt, Nicolai Kuntze Fraunhofer Institute for Secure Information Technology ’O misery, misery, mumble and moan! Someone invented the telephone, And interrupted a nation’s slumbers, Ringing wrong but similar numbers.’ Ogden Nash (1902 - 1971 / USA) 2 Acknowledgements I want to thank • Prof. Dr. Claudia Eckert for giving me the opportunity to work on this thesis. • Dipl. Inform Nicolai Kuntze and Dr. Andreas U. Schmidt for their great support and trust into my work. • my whole family including my parents Mohamed and Yamina, my brother Soufian, my brother Samir and his wife Nadya, my little niece Sara and last but not least my best friend Inesaf and all others who supported me on my way. 3 Affidavit I hereby declare that the following diploma thesis "SPAM over Internet Telephony and how to deal with it" has been written only by the undersigned and without any assistance from third parties. Furthermore, I confirm that no sources have been used in the preparation of this thesis other than those indicated in the thesis itself. Place, Date Signature 4 Introduction In our modern society telephony has developed to an omnipresent service. People are avail- able at anytime and anywhere. Furthermore the Internet has emerged to an important com- munication medium. These facts and the raising availability of broadband internet access has led to the fusion of these two services. Voice over IP or short VoIP is the keyword, that describes this combina- tion. The advantages of VoIP in comparison to classic telephony are location independence, simpli- fication of transport networks, ability to establish multimedia communications and the low costs. Nevertheless one can easily see, that combining two technologies, always brings up new chal- lenges and problems that have to be solved. It is undeniable that one of the most annoying facet of the Internet nowadays is email spam. According to different sources email spam is considered to be 80 to 90 percent of the email traffic produced. Security experts suspect that this will spread out on VoIP too. The threat of so called voice spam or Spam over Internet Telephony (SPIT) is even more fatal than the threat that arose with email spam, for the annoyance and disturbance factor is much higher. As instance an email that hits the inbox at 4 p.m. is useless but will not disturb the user much. In contrast a ringing phone at 4 p.m. will lead to a much higher disturbance. From the providers point of view both email spam and voice spam produce unwanted traffic and loss of trust of customers into the service. In order to mitigate this threat different approaches from different parties have been devel- oped. This thesis focuses on state of the art anti voice spam solutions, analyzes them to the core and reveals their weak points. In the end a SPIT producing benchmark tool will be im- plemented, that attacks the presented anti voice spam solutions. With this tool it is possible for an administrator of a VoIP network to test how vulnerable his system is. 5 Contents Acknowledgements 2 Affidavit 3 Introduction 4 1 Basics 8 1.1 The history of telecommunication . 8 1.2 Voice over IP . 9 1.3 User Datagram Protocol . 9 1.4 Real-time Transport Protocol . 11 1.4.1 RTP Control Protocol . 13 1.5 Session Initiation Protocol . 13 1.5.1 SIP Transport . 13 1.5.2 SIP Messages . 13 1.5.3 Client/Server . 14 1.5.4 SIP URIs . 14 1.5.5 SIP Requests . 14 1.5.6 SIP Responses . 16 1.5.7 SIP session establishment . 19 1.5.8 SIP transactions/ dialogs . 19 1.5.9 SIP Message layout . 21 1.5.10 Session Description Protocol . 26 1.5.11 User Agent . 27 1.5.12 Registrar . 27 1.5.13 Proxy Server . 29 1.5.14 SIP security mechanisms . 30 1.5.14.1 SIP Digest Authentication . 31 1.5.14.2 SIPS (SIP Security) . 33 1.5.14.3 S/MIME . 34 1.5.14.4 IPSec . 35 2 SPAM over Internet Telephony 36 2.1 SPIT versus SPAM . 36 2.2 Intuitive SPIT definition . 36 2.3 SPIT analysis . 37 2.3.1 Information gathering . 37 2.3.2 SPIT session establishment . 39 6 2.3.3 SPIT media sending . 40 2.3.4 SPIT summary . 40 3 SPIT countermeasures and their weaknesses 41 3.1 Device Fingerprinting . 41 3.1.1 Passive Fingerprinting . 41 3.1.2 Active Fingerprinting . 42 3.1.3 Weakness of Device Fingerprinting . 45 3.2 White Lists, Black Lists, Grey Lists . 46 3.2.1 Weaknesses of White Lists, Black Lists, Grey Lists . 46 3.3 Reputation Systems . 47 3.3.1 Weakness of Reputation Systems . 48 3.4 Turing tests, Computational Puzzles . 48 3.4.1 Weakness of Turing tests and Computational Puzzles . 49 3.5 Payments at risk . 50 3.5.1 Weakness of Payment at risk . 50 3.6 Intrusion Detection Mechanisms, Honey phones . 51 3.6.1 Weakness of Intrusion Detection Mechanisms, Honey phones . 52 3.7 Summary . 53 4 SIP XML Scenario Maker 54 4.1 Technical Basis . 54 4.1.1 Message Editor . 55 4.1.1.1 SIPp message format . 56 4.1.2 Scenario Editor . 63 4.1.3 Shoot Mode . 64 5 Using SXSM as attack tool 68 5.1 Device Spoofing . 69 5.2 SIP Identity Spoofing . 71 5.3 SIP Header Spoofing . 71 5.4 Call Rate Adaption . 72 5.5 Account Switching . 72 5.6 Reputation Pushing or Pulling . 72 5.7 SIP Identity Hijacking . 73 5.8 CAPTCHA Relay Attack . 73 6 Conclusions and Outlook 74 Glossary 75 List of figures 76 List of tables 77 7 References 78 8 1 Basics of presented technology 1.1 The history of telecommunication Ever since people searched for opportunities to communicate over long distances. Optical telegraphs are viewed as the first practical applications of communication over distance and can be dated back to prehistoric times [22]. In order to send out messages, optical signals like light or smoke were sent with a specified code, so that the recipient could see them from far. The electric telegraph based on that principle and was used to transmit messages over elec- tric wires. In the mid 1800s Samuel Morse and Alfred Vail invented a telegraph system in combination with an easy to use code (Morse code)[27]. This led to the success of telegraphy in America and long distance lines were constructed and spread over the country [9]. Only few decades after telegraphy revolutionized telecommunications, telephony began its history in the early 70s of the 19th century with the invention of the telephone[29]. The forefathers of the telephone Antonio Meucci[18], Johann Philipp Reis, Alexander Graham Bell[8] and Elisha Gray, amongst others had a clear vision in common of people being able to talk to each other over distance. Philipp Reis’ first prototype of a telephone was built as an attachment to the existing telegraphy network. The telegraphy network was the common data communica- tion network and with Reis’ invention it was possible to alternatively transport voice through the same electrical wires[29]. Analog telephony is as old as the invention of the telephone itself. The first devices were physically connected through a wire. The voice was transported through modulation of electric signals on this wire. The first telephone exchange started in 1878 in New Haven[29]. The central office had a very simple switchboard and the connections had to be set manually by an operator. In central offices with manual switching, the operator asked the caller for the destination of the call and connected the line of caller and callee. Switching the connections manually reached its limit soon as the number of participants grew. This led to the development of automated switching systems at the turn of the century.[22] The automated switching systems replaced the operators and had to fulfil the same tasks. The caller signalized call initiation by picking up the phone and dialling the number of the destination. According to the pulses generated by the dialled numbers the electromechanical switches selected, which lines had to be connected to establish the call[46] . This type of negotiation is referenced as in-band signalling, because the signalling for call establishment and the voice are sent over the same wire. Parallel to the analog telephone network telex (teleprinter exchange) systems were devel- oped. With this technology written messages could be transported over wire lines. The tele- phone network and the telex network coexisted and in Germany e.g. end users had to have two connections, one for telephone and one for telex. The further evolution of the telephone network proceeded from electromechanical switching systems to digital electronic switching 9 systems in the late 1970s[9]. The transition from analog to digital techniques in telephony led to the development of ISDN (Integrated Service Digital Network ) a telephone network system which upgraded the existing analog system. End to end digital transmission could be realized and voice and data services could be transmitted over the same network. Neverthe- less the Public Switched Telephony Network (PSTN) remained a circuit switched network as far as the communication channels are concerned. A fixed bandwidth channel was reserved between the communication partners, as if they were physically connected through a wire [9]. As the Internet technology arose telephony made the step from the circuit switched to the packet switched communication paradigm and this led to the development of Voice over IP.
Load more

Recommended publications
  • Metody Zajisteni Bezpecnosti Voip Provozu Open Source
    VYSOKÉ U ČENÍ TECHNICKÉ V BRN Ě BRNO UNIVERSITY OF TECHNOLOGY FAKULTA ELEKTROTECHNIKY A KOMUNIKA ČNÍCH TECHNOLOGIÍ ÚSTAV TELEKOMUNIKACÍ FACULTY OF ELECTRICAL ENGINEERING AND COMMUNICATION DEPARTMENT OF TELECOMMUNICATIONS METODY ZAJIŠT ĚŠTENÍ BEZPE ČNOSTI VOIP PROVOZU OPEN SOURCE PBX SECURITY PROVISIONS OF VOIP TRAFFIC IN OPEN SOURCE PBX DIPLOMOVÁ PRÁCE MASTER´S THESIS AUTOR PRÁCE BC. JAROSLAV CHALÁS AUTHOR VEDOUCÍ PRÁCE Ing. PAVEL ŠILHAVÝ, Ph.D. SUPERVISOR BRNO 2010 3 4 ANOTACE Hlavným dôvodom vytvorenia licencie a programu Open Source je vo ľné šírenie zdrojového kódu aplikácii a programov samotných. Ke ďže ide o verejne prístupný bezplatný projekt, upgrade a podporu majú na starosti dobrovoľne príslušné komunity. Aj preto je použitie a samotná implementácia mnohokrát závislá na ďalších vo ľne prístupných nástrojoch a knižniciach, čo mnohokrát bráni v jednoduchosti inštalácie. Vytvoreniu úspešného spojenia pomocou VoIP predchádzajú dve fázy. Prvou je nevyhnutná signalizácia, ktorá spolupracuje so signaliza čnými protokolmi ako H.323 alebo SIP. Okamžite po dohode podmienok hovoru, ktorými sú šifrovanie, hlasový kodek, porty a pod., nastáva druhá fáza, ktorou je prenos hlasu. Teoretická čas ť práce je venovaná protokolom SIP, H.323, MGCP, RTP a IAX, zabezpe čeným možnostiam prenosu signalizácie a dátovej časti hovoru, v podobe bezpe čnostných metód SIPS, SRTP, ZRTP a IPsec. Táto čas ť práce taktiež predstavuje a približuje Open Source ústred ňu Asterisk a pojednáva o jej možnostiach, prednostiach a podpore v komunite. Priblížil som vlastnosti a hlavné rysy jednotlivých podporovaných verzií a predstavil jednotlivé možnosti útokov na VoIP systém, spolu s vo ľne dostupnými a hlavne funk čnými nástrojmi na generovanie takýchto útokov. Praktická čas ť práce je zameraná na možnosti generovania týchto experimentálnych útokov na jednotlivé časti VoIP systému s definovaním dosiahnutého výsledného efektu.
    [Show full text]
  • Pub-Et 12486.Pdf
    1 MASTER THESIS QoS Estimation during Session Initiation of Video Streaming Session under the direction of Prof. Dr. Markuss Rupp DI Michal Ries Institut fur Nachrichtentechnik und Hochfrequenztechnik handed in Technischen Universitat Wien Fakultat fur Nachrichtentechnik und Hochfrequenztechnik by Iria Rodr´ıguez Escola T`ecnicaSuperior d´ Enginyeria de Telecomunicaci´ode Barcelona Universitat Polit`ecnicade Catalunya Matrikelnr: 0627627 Wien, July 2007 2 Executive Summary Executive Summary Purposes of the work The goal of this work is investigate the QoS provision mechanisms that can be used during the media session initialization, the translation of such mechanisms to Session Initiation Protocol an Session Description Protocol signalling and a physi- cal analysis task over an IMS testbed, that give rise to the knowledge of the current IMS deployment in this field. The steps followed to achieve this aim are divided in two different parts. The first part comprises a research study of 3GPP technical specifications and reports, recommendations, proposals, Request for Comments and all the literature involved. The second part deals with the comparison evalu- ation of theoretical supported and available mechanisms, architectures or designs in front of the physical development of all this aspects. The main contribution of this work is, therefore, an accurate State of Art about IMS QoS provision and a lack collection in the available IMS test tools. Organization of the work The outlines of the work have its basis on a decisive an deep research in the meaningful IMS signalling plane aspects and the IMS QoS Provision, with the final merging of both issues by means of Session Initiation Protocol and Session Description Protocol mechanisms for deal with media sessions ensuring QoS.
    [Show full text]
  • Client-Side Name Collision Vulnerability in the New Gtld Era: a Systematic Study
    Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study Qi Alfred Chen, Matthew Thomas†, Eric Osterweil†, Yulong Cao, Jie You, Z. Morley Mao University of Michigan, †Verisign Labs [email protected],{mthomas,eosterweil}@verisign.com,{yulongc,jieyou,zmao}@umich.edu ABSTRACT was recently annouced (US-CERT alert TA16-144A), which specif- The recent unprecedented delegation of new generic top-level do- ically targets the leaked WPAD (Web Proxy Auto-Discovery) ser- mains (gTLDs) has exacerbated an existing, but fallow, problem vice discovery queries [79, 87]. In this attack, the attacker simply called name collisions. One concrete exploit of such problem was needs to register a domain that already receives vulnerable internal discovered recently, which targets internal namespaces and en- WPAD query leaks. Since WPAD queries are designed for discover- ables Man in the Middle (MitM) attacks against end-user devices ing and automatically conguring web proxy services, exploiting from anywhere on the Internet. Analysis of the underlying prob- these leaks allows the attacker to set up Man in the Middle (MitM) lem shows that it is not specic to any single service protocol, but proxies on end-user devices from anywhere on the Internet. little attention has been paid to understand the vulnerability status The cornerstone of this attack exploits the leaked service dis- and the defense solution space at the service level. In this paper, covery queries from the internal network services using DNS- we perform the rst systematic study of the robustness of internal based service discovery. With over 600 services registered to sup- network services under name collision attacks.
    [Show full text]
  • Mobile Wimax Field Trial Test Through Multimedia Performance Evaluation
    Mobile WiMAX field trial test through multimedia performance evaluation Hongguang Zhang, Mohammed Boutabia, Hang Nguyen, Noel Crespi, Ai-Chun Pang, Liang Zhou, Jianming Wei To cite this version: Hongguang Zhang, Mohammed Boutabia, Hang Nguyen, Noel Crespi, Ai-Chun Pang, et al.. Mobile WiMAX field trial test through multimedia performance evaluation. EURASIP Journal on Wireless Communications and Networking, SpringerOpen, 2012, 10.1186/1687-1499-2012-53. hal-00702747 HAL Id: hal-00702747 https://hal.archives-ouvertes.fr/hal-00702747 Submitted on 31 May 2012 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Mobile WiMAX Field Trial Test through Multimedia Performance Evaluation Hongguang Zhang 1, Mohammed Boutabia 2, Hang Nguyen 2, Noël Crespi 2, Ai-Chun Pang 3, Liang Zhou 4, Jianming Wei 1 1Shanghai Advanced Research Institute, Chinese Academy of Sciences, Shanghai, China 2Institut Telecom, Telecom SudParis, Evry, France 3National Taiwan University, Taipei, Taiwan 4Munich University of Technology, Munich, Germany Abstract IEEE 802.16e is a mobile version of Worldwide Interoperability for Microwave Access (WiMAX) that plays an important role in the evolution towards 4G. In this work, we focus on multimedia performance measurement for the purpose of a more realistic mobile WiMAX network test.
    [Show full text]
  • Documentation.Pdf
    Deutsch Unkompliziertes VoIP-Softphone mit Profil-Verwaltung und Kontaktverzeichnis English Easy to use VoIP softphone with profile and contact management. (C) Heiko Sommerfeldt Unkompliziertes VoIP-Softphone mit Profil-Verwaltung und Kontaktverzeichnis Index Allgemein Konfiguration Download Kontakt Was ist PhonerLite? PhonerLite ist eine übersichtliche und leicht zu bedienende Anwendung für Windows, die es ermöglicht, unkompliziert den PC als Internet-Telefon (VoIP , Voice over IP ) zu nutzen.Als Voraussetzungen für den Betrieb des Softphones (Software Phone) dienen lediglich eine full-duplexfähige Soundkarte , ein Mikrofon und Lautsprecher (wahlweise ein Headset ), eine Internet-Verbindung, und die Registrierung bei einem Anbieter, der VoIP über das Protokoll SIP unterstützt. PhonerLite unterstützt mehrere SIP-Profile, die unabhängig voneinander konfiguriert werden können. Ebenso übersichtlich wie leicht bedienbar ist das integrierte Telefonbuch und die Anrufprotokollierung. Wieso heißt PhonerLite eigentlich so? Phoner: Es gibt das Programm Phoner , mit welchem sich PhonerLite eine gemeinsame Code Basis und die "sipper.dll" teilt. Die VoIP-Einstellungen sind 1:1 die gleichen.Konfigurierte VoIP-Profile lassen sich ohne Änderung in PhonerLite und umgekehrtbenutzen. Sind Phoner und PhonerLite im gleichen Verzeichnis installiert, so teilen sich beide die DLL und die dazugehörigen Einstellungen (sipper.ini). Im Grunde benutzt PhonerLite nur eine andere GUI als Phoner. Lite: Wie bei Coca-Cola light suggeriert der Namenszusatz eine "leichte" Variante des Originalprodukts. Bei PhonerLite spart man keine Kalorien , sondern Ressourcen - in diesem Fall also Speicherbedarf und vor allem Einarbeitungszeit. Die Handhabung ist bewusst einfacher als bei Phoner gehalten. Dieser Vorteil hat auch ein paar Nachteile: So werden nicht alle Leistungsmerkmale von Phoner unterstützt. Es gibt hier keinen Anrufbeantworter und keine Unterstützung für TTS .
    [Show full text]
  • Voip-Qualitätsparameter Mouth-To-Ear Delay
    Bachelorarbeit, Abteilung Informatik VoIP-Qualitätsparameter Mouth-to-Ear Delay Hochschule für Technik Rapperswil Frühlingssemester 2016 17. Juni 2016 Autoren: Max Obrist & Pascal Meier Betreuer: Prof. Dr. sc. techn. Peter Heinzmann Co-Referent: Prof. Oliver Augenstein Experte: Dr. Th. Siegenthaler, CSI Consulting AG Industriepartner: Swisscom Arbeitsperiode: 22.02.2016 - 17.06.2016 Arbeitsumfang: 360 Stunden (12 ECTS) pro Student Link: https://bitbucket.org/ba_voip_p2p/ba_voip_p2p ABSTRACT Abstract Die analoge Telefonie hat langsam aber sicher ausgedient. Die Swisscom sowie viele andere Provider, im In- und Ausland, planen in der nahen Zukunft den kompletten Umstieg auf All-IP. Dabei wird das gesamte Telefongespräch über das Internet abgewickelt. Dieser Umstand bringt neben vielen Vorzügen auch einige neue Herausforde- rungen mit sich. Die Umstellung auf eine IP-basierte Telefonie macht die Kommuni- kation anfälliger für Transport- und Netzwerkstörungen. Im Rahmen dieser Arbeit wurde analysiert, welche Umstände zu Qualitätsein- bussen führen. Speziell wurde der Mouth-To-Ear (M2E) Delay analysiert. Neben fixen Delays die auf Grund von Codecs oder Netzwerkgegebenheiten auftreten, gibt es im Gesamtsystem einige dynamische Elemente, die nicht so einfach berechnet werden konnten. Mithilfe von Messungen mit Mikrofon und Aufnahmegerät wurde im eignen Testlabor mittels SIP-Server umfangreiche Tests durchgeführt. Dies führte zum Ergebnis, dass die stark abweichenden M2E-Delays aufgrund von unterschiedlich implementieren Jitter-Buffer zu Stande kommen. Um aussagekräftigere und raschere Qualitätsangaben zu machen, wurde der bekannte VoIP-Client Jitsi so angepasst, dass sich Echtzeitdaten über die wichtigsten Parameter sammeln lassen. Auf einen Schlag ist ersichtlich, wie gross beispielsweise der momentane Jitter-Buffer ausfällt. Max Obrist 15. Juni 2016 3 Pascal Meier AUFGABENSTELLUNG 4 15.
    [Show full text]