VOICE-OVER-IP Security: Enhancing ZRTP Protocol by Proposing an additional Human Authentication Approach First A. Remon Shawki Fahim, B. Prof. Dr. Mohammed M. Kouta, Jr., and Third C. Prof. Dr. Ali Moharam, Member, IEEE Abstract — Since the appearance of the Internet protocol (IP) as a universal network infrastructure that is available on both Local and public area networks such as the public Internet, securing the VOIP networks is considered a challenging task duo to the publicly accessible nature of these networks. II. VOICE OVER IP DEFINITIONS AND PROTOCOLS In this paper we present a structured analysis of one of the Voice Over IP: The Voice Over Internet Protocol is the latest VOIP security and encryption protocols the ZRTP, protocol of routing the voice packets through the internet, ZRTP has been created by the creator of the famous Pretty or other packet switched networks. VOIP can be Good Privacy Protocol Philip Zimmerman. the potential threats to the authentication of this protocol will covered on considered as an alternative of the traditional PSTN phone this paper, beside a proposed solution as a trial to decrease the lines that provides cheaper and clearer voice service. probability of these threads by adding a voice verification VOIP Technology uses the following protocols: system used to verify the caller’s certificate, and the caller’s a. The Real Time Transport Protocol is used for the voice print by using the voice xml technology, this Human transmission of the voice and video packets Authentication system is proposed to act as an additional layer between the two communicating end points in addition to the standard security procedures that are used on the ZRTP protocol for authentication. through the IP Networks. Keywords —AES, Diffie Hellman Key exchange, Human b. The Real Time Control Transport Protocol is Authentication, Private Key, Public Key, Voice Biometric, used in conjunction with the RTP, In the RTP VoiceXml, ZRTP. session the RTCP is used to check the quality of the service provided by the RTP. I. INTRODUCTION c. The Secured Real Time Transport Protocol is HE voice -over-internet protocol is vulnerable to used in order to protect the privacy of the calls T numerous security issues that occurs to the IP based data networks such as unauthorized access by third against the eavesdroppers. Secure RTP provides party so he/she can intercept the call (eavesdropping), and encryption and authentication and integrity of the voice fraud in which an attacker fakes an id and pertains to voice or video packets during the transmission, be someone you already know, therefore, it is just like any Security protocols such as the ZRTP protocol may technology that involves transfer data/voice packets onto a used as an extension to RTP in order to create a compromised network. Secure SRTP session. One of the primary methods of securing voice -over-IP is the encryption. ZRTP protocol [1] creates a secured d. The SIP and H323 are used before the process of channel that is opened between two back ends by encrypting the voice packets on real time; the transmitting the packets (initiating the call encryption/decryption key is a shared key that is created by operation), they are used to locate the remote exchanging the keys between the two parties by using the device and make the negotiations that sets up the diffie and Hellman key exchange. Zrtp uses The Block both devices to establish the communication Cipher Advanced Encryption Standard (AES) and the key channel, this process is referred as the “Call length is 128 bit and 256 bit to encrypt the call sessions [1]. Signaling Process’’, other protocols that can be The signaling protocol that is used to establish, negotiate also used for this process are RAS, DNS, TRIP, (discovery phase), and terminate the calls between parties is the Session Initiation Protocol (SIP). ENUM. F. A. author is now with the Arab Academy for Science and Maritime e. H.248 and MGCP are called Device Control Transport, Egypt (phone: +20-123862677; e-mail: Protocols, the purpose of these protocols is to deal [email protected]). S. B. author is now with the Arab Academy for Science and Maritime with the gateways that are used to connect the Transport, Egypt (phone: +20101684016; e-mail: traditional PSTN telephone networks to the IP [email protected]). based computer networks, thus, in VOIP area, a gateway is a device that offers an IP interface from one side and some sort of a legacy PSTN switch on the other side. 203 f. The International Communication Union which is therefore, SIP is the signaling protocol that is used on the also known as ITU is working on a new signaling IP telephony to initiate or create calls between two parties protocol that contains more capabilities than SIP or multiple parties (conferences). The SIP is popular because of the following benefits: and H.323, the purpose of this protocol is to a. Light weight and efficient protocol [4]. enable the voice and video and data communication capabilities that work with b. Text based protocol which makes it more convenient separate devices such as mobile phone and for the users just like the HTTP protocol (Hyper HDTV. Text Transfer Protocol) [4]. g. The Internet is a datagram network, so, to transmit Easy to implement thus, it is suitable for the small the voice packets from one network node to companies. another, the real time packets has to be The SIP Protocol has been defined on the RFC 2543 and encapsulated on a data gram protocol, The then a newer RFC 3261 that obsoletes 2543 has been also Universal Datagram Protocol is used for this introduced to the IETF [8]. process. The SIP Session may look like the following figure: III. VOIP PROCESS According to the draft that has been published on the National Institute of Standards and Technology, NIST sp800 document [3], once the call is answered the voice is converted to digitized form and segmented into stream of packets for the transmission; this process is occurred by applying the following steps: Fig. 1 the SIP session Format [17] a. The voice digitized form requires large number of Since the protocol is a text based protocol the INVITE bits; a compression algorithm is used to reduce the Messages may looks like the following: volume of the data that is going to be transmitted. INVITE sip:[email protected] SIP/2.0 Via: SIP/2.0/UDP b. Since the data has to be transmitted on real time, pc33.atlanta.com;branch=z9hG4bK776asdhd the RTP Real –Time Transport Protocol is used, Max-Forwards: 70 the data samples or voice samples are inserted into To: Bob <sip:[email protected]> RTP Packets to be carried on the internet because From: Alince <sip:[email protected]>;tag=1928301774 the RTP packets can hold the data needed to re- Call-ID: [email protected] assemble the segmented packets into voice signals CSeq: 314159 INVITE on the other end. Contact: <sip:[email protected]> Content-Type: application/sdp c. The voice RTP packets will be carried as payload Content-Length: 142 [8]. by the UDP (Universal Data-Gram Protocol) which The main idea behind the SIP is that the caller or the sender can be processed by the ordinary data transmission sends an invitation message to establish a session to the on the ordinary networks. Payload term is called on receiver and wait for an acceptance from the receiver which the actual data in order to differentiate between the is called the 200 ok signal in order to start establish the session, when the session has been accepted and the actual data and the information that defines these acknowledgement is done, the multimedia session has been data on the telecommunication or computer created and the transmission of the voice and the video networks. packets will start. This process can be done as directly as peer to peer, or through a third party like a server that is The whole process will be reversed on the other end (the used for get registration information from the both the receiver node); the packets will be disassembled and sender and the receiver, The SIP protocol works also with rearranged to the correct order using the information hold the gateways that connects the internet with other by the special header fields of the RTP packets. The traditional networks such as the PSTN networks in order to digitized packets will be converted again to analog establish a call between a classic phone and the VOIP node continuous voice again by using Digital to Analog which can be a VOIP telephone or a computer. converter (DAC). V. ZRTP PROTOCOL IV. SESSION INITIATION PROTOCOL (SIP) The ZRTP is defined on the Internet draft that is submitted The SIP or the Session Initiation Protocol is a signaling to the IETF [1] as a “key agreement protocol which protocol that is located on the application-layer of the five performs diffie Hellman key exchange during call setup in layer TCP/IP model. band in the Real Time Transport Stream which has been SIP protocol is used for initiating, modifying, and established by using other Signaling protocol called the SIP terminating session between two or more participants, protocol”. The purpose of the ZRTP protocol is to initiate a 204 secured encrypted channel between two parties, in other words, it creates a secured session where the data are transferred by the SRTP or the Secure Real Time Protocol. The key agreement that is used for this protocol is the Diffie-Hellman key agreement that is defined on the RFC 2631, June 1999 [5].