Information Security Issues in Voice Over Internet Protocol Satya Bhan Jonathan Clark Joshua Cuneo Jorge Mejia-Ramirez CS 4235 Fall 2006 Table of Contents I. Introduction.…………………………………………………………………………1 II. An Overview of VoIP……………………………………………………….……..1 VoIP Protocols…………………………………………………………..……3 III. Common VoIP Security Threats…………………………………………...……..6 Denial of Service Attacks……………………………………………….…… 7 Eavesdropping………………………………………………………….….… 8 Spoofing…………………………………………………………………....…9 Theft of Service…………………………………………………………...…. 10 Spam over Internet Telephony (SPIT)………………………………….....….11 IV. VoIP Encryption Algorithms……………………………………………….…….12 PGPfone………………………………………………………………………12 Motivation………………………………………………………………....….12 Technical Details………………………………………………......… 15 Secure Real-time Transport Protocol………………………………..………..16 ZRTP and Zfone……………………………………………………...……….18 ZRTP………………………………………………………………….18 Zfone………………………………………………………………….20 Skype………………………………………………………………………… 20 V. Research and Development to Improve VoIP Security…………………...……… 23 Locating Users in a Secure and Reliable Way………………………..…...… 23 Current State and Motivation to Change…………………………….. 24 Proposed Scheme…………………………………………..……...….25 Monitoring VoIP Networks………………………………………………….. 26 Motivation………….………..……………………………….……… 26 Current State………………..………………………………….…….. 26 Proposed Idea………………………………………………………….27 Intrusion Detection and Prevention on SIP……………………………………28 The Prototype………………………………………………….………29 VI. Concluding Remarks………………………………………..…………………… 30 VII. Works Cited………………………………………………..…………………… 32 VIII. Glossary……………………………………………………...………………… 35 1 I Introduction Voice Over Internet Protocol (VoIP) is the routing of voice communications over any kind of digital, IP-based network. Although VoIP has been in existence for a long time, it has become a predominant technology within the past few years as users realized its advantages and as companies started offering cheap, easy-to-use VoIP-based services. However, like any other new technology, the rise of new information security issues has accompanied the rise of VoIP, and because this technology is still in its infancy, there are a number of competing methods to deal with these issues. This paper will examine many of the most common VoIP-related security issues and some existing and proposed solutions. The discussion begins with an overview of VoIP and its related protocols to provide the necessary technical background, followed by a summary of common security vulnerabilities and cryptographic techniques for securing voice communications. The last section lists some standard VoIP security measures proposed at an IEEE conference earlier this year. II An Overview of VoIP VoIP is a general term referring to the digitization of an analog voice- generated signal, the transmission of that signal over any IP network, and the transformation back to an analog voice signal at the receiving end. It includes any software, hardware, or protocols—such as H.323 and SIP, discussed later in this paper—related to this transformation (Vagle). Although voice communication travels over the network in packets just like any other data, VoIP cannot be protected just using existing network architecture. The nature of VoIP adds a number of 2 information security and other complications to the network (Kuhn) as discussed in Section III. The concept of a voice signal protocol dates back to 1973 and the experimental Network Voice Protocol developed for the ARPANET, the world’s first packet switching network and the precursor to the internet. For many years, VoIP was a technological prospect for future development. Within the past half decade, however, technology companies have started offering a variety of VoIP services, including a digital interface with a traditional telephone handset, conferencing units that provide VoIP-based conference calls, mobile VoIP units, and PC or “softphone” units that require only a headset and computer (Kuhn). These new services offer users many advantages. VoIP offers increased functionality and can facilitate tasks that are more difficult using public switched telephone network (PSTN) lines. VoIP is extremely mobile and allows users to travel anywhere in the world and still make and receive phone calls. Furthermore, because VoIP bypasses long-distance telephone networks by using existing IP networks, users can make global phone calls at local rates or less. As a result, users have discovered that VoIP offers a cheaper and clearer alternative to traditional PSTN systems, and more organizations and individuals have been moving voice transactions to VoIP systems (Kuhn). However, VoIP technology is still new, so its widespread use means that many data networks are open to a host of new security vulnerabilities that VoIP developers have not yet corrected. A proper examination of these vulnerabilities must begin with an analysis of the dominant protocols used in VoIP. The next section provides an overview of these protocols. 3 VoIP Protocols The establishment of a VoIP communication channel requires a complex series of packet exchanges. Computer systems are addressed using IP addresses, so when the user dials a recipient’s number, several protocols help resolve this number into the corresponding IP address. Once the recipient answers, an analog-digital converter transforms the voice communication to a digitized form. VoIP then parses the voice data into packets that use the Real-time Transfer Protocol (RTP), for RTP has special header fields that hold data needed to reassemble the packets into a continuous voice stream on the recipient’s end. These packets are carried over the internet using the UDP protocol so that network nodes can process them as ordinary data packets. On the recipient’s end, the process is reversed. Data is extracted from the RTP and reassembled, and another analog-digital converter transforms the packets back into analog sound. Figure 1 illustrates this process. Figure 1. Voice data processing is a VoIP system. (Kuhn) 4 A given VoIP network most likely uses one of two protocols that govern the overall transmission of voice communications: H.323 and SIP. H.323 is an International Telecommunications Union (ITU) umbrella specification that defines a series of protocols for audio-visual communication sessions on any packet network. For instance, it uses one standard protocol to negotiate the establishment of a connection and another protocol to create a channel for the flow of RTP packets and to establish the audio codecs used for the voice data. H.323 provided some of the first available standards that satisfied the requirements of VoIP, so it has been widely adopted in a number of VoIP networks (H323 Overview). The standard specifies the four components of a complete network necessary for multimedia communications: terminals, gateways, gatekeepers, and multipoint control units (MCUs). These components can be seen in Figure 2. Figure 2. Components necessary for multimedia communication (Kuhn) The terminal is the end user device, such as a PC or analog telephone. The gatekeeper provides address resolution and bandwidth control on the H.323 network and may use a Back End Service (BES) to maintain data about the network’s users. The gateway functions as a bridge between the H.323 network and the outside world, 5 enabling the transmission of voice data over non-H.323 devices. An MCU is an optional device that allows voice conferencing between more than two end users (Kuhn). The Session Initiation Protocol (SIP) is a protocol and proposed standard for handling interactive multimedia user sessions through a variety of media, including VoIP. As opposed to H.323, a user is not bound to a specific host but instead reports his or her location to a registrar who in turn stores it in a location server. When a user wishes to establish a line of communication with another user, a message is sent to a proxy or redirect server which resolves the specified destination to an IP address using the location server. The server then sends the message to the recipient’s proxy server. This process can be observed in Figure 3. Figure 3. The SIP process (Kuhn) During the setup process, the Session Description Protocol (SDP) helps communicate the appropriate logistical information, such as codecs. When a user wishes to contact another user, the recipient replies with an “OK” message that includes the recipient’s call preferences in SDP format. All information is transferred 6 through one port in a simple text format, as opposed to the complicated port switching found in H.323 networks. III Common VoIP Security Threats The prominence of cheap, readily deployable voice services has come with a massive price tag on security and privacy which may be exploited in the near future if a profitable motive arises. “Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already secured networks and get a stable and secure voice network.” (Walsh and Kuhn 44). However, existing firewalls cannot efficiently handle new VoIP protocols—such as the aforementioned SIP and a wide range of vendor proprietary protocols—since they relay on dynamic port ranges and do not support Network Address Translation (NAT) very well. Some newer firewalls (such as Session Border Controls, or SBCs) address most of these problems, but most firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) and similar security devices rely on deep packet inspection techniques. These
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages40 Page
-
File Size-