Security Consideration For Voice Over Ip Systems

Last modified date

Introduction

This is a sample dissertation on Voice Over IP Systems. You may also contact us to write customized assignments and dissertations.

VoIP emerges as one of the most disruptive services in the telecommunications industry driven by a large available market, high availability of broadband access, and consumer’s willingness to accept the new technology to cut telephony costs while potentially reaping the benefits of a converged network.

As one example, Verizon, a major telecommunications service provider, stood out in 3Q:05 with 7.5 percent year-over-year decline in the number of its PSTN customers, which highlights the competitive losses to VoIP services from multiple systems operators (or MSOs, e.g., Comcast, Time Warner, and Cablevision) in Verizon’s Northeast markets (Bonenfant and Leopold (2006). Cisco also shipped over 980,000 residential VoIP gateways in 1Q 2005 equivalent to a 35% growth year- over-year).

The keen interest of the telecommunication industry in VoIP telephony is overwhelming, in spite of its relatively poor voice quality and lower overall availability of the Internet to support voice traffic compared to the traditional circuit switched telephony. Three major factors could explain such interest and the rapid development and deployment of the VoIP services. These are addressed as follows:

• Business Drive

• Technology innovation

• Customer Comfort

The primary driving factor of VoIP networks is the business benefits, which are summarized as follows:

·         Consolidated voice and data network expenses

A single integrated telecommunications network with a common switching and transmission system is created to carry both the data traffic and the voice traffic. The integration of data and voice use the bandwidth and the equipment more efficiently. Voice packets share bandwidth among multiple logical connections alongside the data packets.

In traditional circuit-switched telephony system like the PSTN, in order to combine different 64/kbps channels into high-speed upper links for transmission, a substantial amount of equipment is needed. In the packet-switched IP telephony system such as VoIP, in order to integrate the voice traffic and data traffic, the IP network utilizes statistical multiplexing. This consolidation represents substantial savings on capital equipment and operations costs (Wallace, 2006).

·         Increased revenues from new services

VoIP networks not only support real-time voice communication, but also enable new services, such as instant messaging, unified messaging (voicemail to email), video conferencing and distributed games. These new services differentiate companies and service providers in their respective markets. Simultaneously, these new services encourage employees of the businesses using such services to improve productivity and, therefore, profit margins.

 

Aims and Objectives of the Project

As discussed in the previous section, although VOIP offer many advantages to its customer with regard to ease of use and low cost as compared to the traditional phone services, however, there are some security risks involved which renders these VIOPs vulnerable to the hackers and intruders. Thus, it is imperative to select the most secure system among the available VOIPs in the market and also it would be beneficial for the industry if flaws and breaches are detected and rectified in the chosen system(s). Considering these aims and objectives of this project, the researcher divided this dissertation into two parts. In the first part theoretical framework is discussed while in the second part a practical analysis is made on the SIP regarding the security weaknesses of SIP in the functionality of SIP. Thus, the specific objectives of this dissertation are:

  1. To identify the vulnerabilities and threats against the VOIP systems
  2. To examine SIP as VOIP application and find out its strengths and weaknesses against the security threats
  3. To find the most secure ways of using VOIP
  4. To recommend security measures for the  VOIP application
  5.  To produce a report regarding to achievements of the project

Research Method

In order to investigate the security threats of the VOIP, the researcher has chosen SIP application for testing its vulnerability against the security threats. In the first part, the researcher will analyze its strengths and weaknesses in the light of previous literature available focusing on the performance of the SIP application as a VOIP service provider. In the next part, the researcher will analyze and test the application as a practical step for this project. In the final part, the researcher will offer the findings and conclusions based on this test.

Technology Innovation

The second major reason for the rapid growth of VoIP networks is the development of technologies and new innovations, which make the VoIP networks feasible.

As we know, the main challenge of VoIP networks is that they could not provide the same Quality of Service as PSTN does. However, the maturation of various codecs (voice coders and decoders) and high speed Digital Signal Processors that perform voice packetization and compression, greatly improve the voice quality over the IP infrastructure.

Another aspect of technology innovations is the rapid emergence of new user applications and access to new communications devices, such as wireless devices, videophones, multimedia terminals, and personal digital assistants (PDAs). Upon demand by customers, service providers can much more easily enable new devices, offer larger volume of communications, and serve more subscribers in a packet switched environment. Further, VoIP services have been aggressively marketed as a component of a compelling voice/data/video services bundle.

Customer Comfort

As we have mentioned above, access to new devices and advanced applications will satisfy the customer and make their communication much more convenient and effective. VoIP has the potential to provide almost equal voice quality but multi-function service when compared to the traditional PSTN service, without increasing the price the customer pays. In VoIP networks, long-distance charges – including charges for international calls – canbe transformed into a flat monthly fee or, in the case of the advertising-supported service providers, eliminated entirely (Thomsen and Jani, 2000).

Indeed, the flat-fee charging model already exists for the Internet where most users pay a fixed monthly fee independent of the number of bits they send or receive. The amount of information transmitted or received is limited only by the access speed (Stallings, 1997).

You may also like to read sample assignment on Directive Leadership.

Comparison of PSTN and VoIP Networks

Over the last 100 years, voice services have been provided through PSTN impressively. The PSTN core network uses 64 kb/s digital channels to provide dedicated end-to-end circuit connections in each direction. Voice terminals have both analog and digital access to the PSTN. Analog and digital telephone sets are generally connected to the central office with copper wire, called subscriber loops. Digital terminals use the ISDN protocols to access the network services. In contrast to PSTN, VoIP technology digitizes voice and transmits data in frames over IP networks, where the reception of packets is not guaranteed because it relies on best-effort transport architecture. VoIP is rapidly establishing itself as an attractive technology for telephony with the maturation of related technologies and the recovery of the telecommunication industry.

PSTN has made very impressive achievement in terms of coverage, reliability, and ease of use. People can hear the dial tone whenever they pick up the phone, and they expect to be connected to any destination in less than a minute. The availability of telephone service in such plain old telephone system (POTS) is 99.999%, also referred to as a five-nine’s reliability.

At the present time, the Internet does not offer the same degree of reliability as the PSTN due to a variety of reasons: The complexity of multiple protocols, lack of standardization, multiplicity of equipment vendors and service providers, varying operating systems and network management systems, can cause lack of end-to-end interoperability. Also, packet switched networks experience variable delays in the transmission process. In contrast, the PSTN doesn’t suffer from variable delays, although it can experience blocking when all the available circuits are being used by other calls. The public Internet is collectively available only 61% of the time (Maresca, Zingirian and Baglietto, 2004). The best private data networks are available about 94% of the time, on average, meaning that a user can be without the digital equivalent of dial tone about 22 days per year (Chong, and Matthews,2004). The PSTN-based Emergency-911 (E-911) services report the exact location of the telephone. Increasingly, this service is also required in VoIP. The location of a VoIP user is obtained by updating in the E911 database. VOIP has not yet been regulated because IP-based telephony services are not regarded as traditional telephony services (Hamdi, Verscheure, Hubaux, Dalgic and Wang, 1999).

Major Challenges in VoIP Networks

Quality of Service

Quality of Service is one of the most important concerns in voice communications (Hardy, 2001), determined by many factors, such as packet loss, speech coding options, delay, echo and jitter. The connection-oriented, circuit-switched network provide each user with dedicated bandwidth for the duration of each call, which results in extremely low delay and jitter, minimum disruption due to “noise” on the connections. High quality provided by the PSTN and private PBX-based networks drives telephone users to expect high QoS of the VOIP (Jha and Hassan 2002; Armitage, 2000).

As we know, VOIP uses different codecs to interwork, and codecs affect the quality of voice in a significant way, so it is especially important to measure the quality of a voice call in a standardized manner. One such measure is through the Mean Opinion Score (MOS). According to ITU-T, opinion rating is generally used to assess subjective quality, which is the measurement based on a large number of users’ perception of service quality under various conditions.

Pricing

An important issue in designing pricing policies for today’s networks is to balance the trade-off between traffic engineering and economic efficiency (Christos and Afrodite, 2004; Odlyzko, 2001). A recent work (Qu and Verma, 2005) has addressed the impact of multiple hops (or switches between the ingress and egress switching nodes) on the grade of service offered by a circuit switched telephone network. A similar approach is adopted in the context of packet switching. Accordingly, the grade of service is replaced by the threshold delay which is an appropriate measure for perceived Quality of Service in a packet switched network. In a circuit switched network, an incomplete call is lost and does not generate any revenue. In the packet switched networks, there are no calls that are lost as such; however, some of the packets may suffer delays above the acceptable delay bound and are, similarly, not considered to provide effective throughput. Just as a caller in a circuit switched network does not pay for an incomplete call, the VoIP caller over a packet switched network in our construct does not pay for packets that suffer an unacceptable level of delay. The new pricing scheme proposed is based on the cost of lost opportunity vs. the cost of consumption of resources, which is the contemporary practice.

Session Initiation Protocol (SIP)

As the main aim of this dissertation was to examine and investigate the security threats of the VoIP, the researcher chose SIP for this purpose as a case study. SIP is an application-layer protocol that is used for starting and stopping a communication session between two or more participants. SIP incorporates the use of other Internet protocols such as the Hyper Text Transport Protocol (HTTP) and the Simple Mail Transport Protocol (SMTP) From HTTP, SIP makes use of the client-server design and the Uniform Resource Locators (URL)/ Universal Resource Identifiers ((URI) in its messages. With SMTP, SIP makes use of the text encoding scheme and the header style in its own SIP packet headers. As shown in figure 1, SIP authenticates the loggers by entering password and user name in order to restrict unauthorized access to the system.

Figure 1: Log in screen of SIP client

When a request for authentication, the proxy server examines the request in order to decide whether the user should be authenticated or nor before the request is processed. In this direction the proxy can challenge the originator by returning a 407 response with a Proxy-Authenticate header containing the challenge. The SIP has builtin capability to challenge the authtication through a cryptographic hash for certain values, such as password, to protect these from unauthorized attackers (see figure 2).

Figure 2: The authentication scenario in SIP.

Security weaknesses of SIP

As discussed previously, the specific objectives of this study were to examine SIP in order to determine the functionality and higher security Facilities as well as the possible security breaches of it. For this purpose, the researcher run a test on SIP phone clients because it is an open source application and is available for free on the internet. SIP application is UNIX/LINUX base application and it runs on ASTERIX server. In the following sections, the weaknesses and disadvantages of SIP as the result of this test are discussed. Figure 2 shows the layout structure of the SIP client.

Figure 3: Structure layout of SIP Client

Despite many advantages of SIP, it is subject to various kinds of Denial of Service attacks. User authentication is becoming more and more important to prevent unauthorized users from using someone else’s identity to fool other users or accounting and charging systems. Further, mutual authentication of the calling-callee pair is an essential requirement for the successful execution of several applications executed over a voice platform.

Figure 4: Simple Internet Multimedia Protocal Stack

 

Performance analysis of SIP

This section highlights the results of the tests that were performed on SIP under the ASTERIX server. Studying its behavior is important so that its capacity can be increased through its developmental stages. In order to do so, it was necessary to measure and model the SIP system.

The SIP requests are generated by the user agent client (UAC) with a call flow. There can be more than one UAC used during a test. The UAC talks to the server and generates all the messages that are required for the caller. The information needed at the UAC include the inter-arrival time for the requests for each host, the type of request, transport protocol, and the number of request to generate.

Figure 5: A SecureMOVA OCL pattern-selection

The load generated by the UAC is sent to the call handler called the user agent server (UAS). The UAS receives the INVITE request from the UAC and answers with a “180 Ringing” message and “200 OK” message. The UAS also has the ability to act as a redirect point for a cal. This UAS acts as a SIP server where it handles the requests sent by the UAC.

By sending a message out of its expected sequence, an attacker can disrupt the regular call flow. A CANCEL attack is a one where an attacker spoofs one of the call participants and sends a CANCEL message to server. Under normal circumstances the server cannot distinguish between a genuine CANCEL message and one that was spoofed. Hence on receiving such a message, the server would perform its normal processing, which is to terminate the ongoing call request. Figure 2 shows a sample CANCEL attack.

Figure 6: A CANCEL Attack

Hardware configuration and setup

In the SIP environment, there are two different sets of machines: driver machines and server machines. The driver machines contain the code for the load driver wile the server machines contain the code for the load balancer or the SIP application. For the standalone configuration, only the SIP application server is present.

You can also read sample assignment on MOBILE FOOD TRUCK DRAGON’S DEN PRESENTATION

For a clustered environment, the load balance machine is mounted between the driver machine and the server machine. The driver machine is located on one chassis and the load balancer and the SIP server is located on the other chassis. The reason for putting the load balancer and the SIP serer on the same chasis is the they represent the SIP cluster under the WAS sewer. The users send SIP requests to this cluser and tall the work is done on this chassis to handle the request.

Comparative Analysis of Existing Authentication Schemes

IPSec provides security services at the IP layer by enabling a system to select required security protocols, determine the algorithms to use for services, and put in place any cryptographic keys required to provide the requested services. IP Encapsulating Security Payload (ESP) (Kent and Atkinson, 1998) in the tunnel mode is preferred for IP tunneling across the Internet, although it involves substantial overhead. With IPSec used in tunnel mode, payload efficiency (ratio of payload to total packet size) of a 40-bypte VoIP packet drops from 50% to less than 30%, since the RTP/UDP/IP header is 40 bytes for IPv4.

Transport Layer Security (TLS) provides a reliable end-to-end secure channel over connection oriented protocol. Both ends of the channel are identified by X.509 certificate [125] exchange. Making use of TLS to secure SIP signaling is transparent, which allows a signaling message at the application layer to be encrypted by TLS and then transferred through the TCP connection. If a TLS connection is requested, a SIP Secure URI (SIPS) is used. TLS is impractical to deploy in a wide area network since the TLS is built upon connection-oriented TCP protocol, restricting itself to limited applications, while most VoIP applications offer a continuous stream of RTP/UDP/IP packets. Further, if one hop along the path does not support TLS, the transit trust loses its meaning (Housley, et al.2002).

Some other solutions are proposed in the literature based on combinations of these four schemes. Johan Bilien has recommended solutions to secure VoIP using S/MIME, TLS and MIKEY for SIP signaling to provide end-to-end authentication and session key distribution, using SRTP on payload to protect voice media (Ramsdell 1999; Bilien, Eliasson, Orrblad, Vatn, 2005). NTT Network Service Systems Laboratories has proposed two approaches to

Proposed Requirements of Authentication

Our proposed scheme offers the caller and callee options for authentication independently. In other words,

  • The caller might choose to remain anonymous to the callee (not network).
  • The callee might choose to reject anonymous calls.
  • Both caller and callee can choose protection against eavesdropping, i.e., invoke encryption of the message.
  • Callee can ask for more details related to caller’s identity leading to a higher level authentication, such as website, birthday, or last transaction.

It is also important that the proposed network based authentication scheme accommodate authentication across one or more networks.

VoIP Security Solutions

As discussed in previous sections, VoIP is vulnerable to the traditional IP network attacks as well as specified attacks for voice services. A successful VoIP network requires strong security because non-secure VoIP networks do not maintain the expected levels of quality and reliability. The main goal of securing VoIP systems is to keep communication private and protect sensitive data from being accessed by unauthorized users. These requirements include:

  • Protection of privacy of call conversation: It could be provided by encrypting all connections between network elements.
  • Protection against unauthorized access: It is provided by user authentication, which verifies that a user or client is legitimate.
  • Protection of data integrity: It is provided by message authentication, which verifies message integrity by using techniques such as AES-CBCMAC.
  • Protection of encryption key: It is provided by using a key management technique such as RSA or, Elliptic Curve (ECC).
  • Protection of service disruption: It is provided by using a firewall, which prevents service disruption such as DoS.

VoIP Security Protocols

There are several characteristics and requirements unique to VoIP which make providing security to VoIP much more complex and more difficult than securing a traditional circuit-switched voice network. There are many security protocols used to secure data communication. Examples include SSL, SSH, S/MIME, S/WAN, IPSec, and Kereberos. The most popular and widely-used among these protocols are IPSec and SSL. Out of these security protocols intended for data, only IPSec is suitable for VoIP (Chong, and Matthews, 2004). Moreover, Secure Real-Time Transport Protocol (SRTP), which is the secure version of Real-Time Transport Protocol (RTP), is intended for securing the transmission of media over IP. Therefore, we limit our discussion to these two protocols, IPSec and SRTP. IPSec stands for “IP Security”, which is a protocol used to provide security services to the IP layer. These security services include authentication, encryption/decryption, data integrity, and dynamic rekeying, which helps avoid attacks. IPSec requires that all participating network equipment be consistent. This is achieved using a Security Association (SA), which is a state stored at each endpoint of a secure connection. It indicates how to protect traffic, what traffic is to be protected, and with whom protection is performed. Three protocols are used in IPSec implementation:

Authentication Header (AH): This protocol provides packet authentication by attaching strong crypto checksum to the packet. Packet authentication ensures proof-of-data origin, data integrity, and anti-replay protection, but does not provide data confidentiality.

Encapsulated Security Payload (ESP): This protocol provides a combined authentication/encryption facility that adds data confidentiality to the functions of AH.

Internet Key Exchange (IKE) This protocol organizes the process of exchanging security keys required for encryption and authentication and ensures their privacy. The Diffie-Hellman public key exchange mechanism is used for the purpose of negotiating the shared secret key.

Both AH and ESP support two modes of use: Transport mode, which protects only layers above the IP layer and Tunnel mode, which protects the IP as well as the above layers. IPSec works on entire packets. The main functions of IPSec include checking the validity of the packet to avoid replay attacks, authenticating the packet using authentication algorithms, and encrypting and decrypting the payload to ensure data confidentiality.

The IPSec protocol utilizes either hashing algorithms (such as HMAC-SHA1, HMAC-MD5, etc.) or block ciphers (AES, TDES, RC5, etc.) in CBC-MAC mode for authentication. On the other hand, the IPSec utilizes a block cipher (AES, TDES, RC5, etc.) in the CBC mode for encryption/decryption.

Secure Real-time Transport Protocol (SRTP)

Real-time Transport Protocol (RTP) is commonly used to transmit real-time audio and video on a packet-switched network. RTP does not provide security to voice conversation, which in turn allows eavesdropping and other attacks. The Secure Real- time Transport Protocol (SRTP) defines a profile of RTP to provide confidentiality, message authentication, and replay protection to the data in both unicast and multicast sessions. SRTP was developed by a small team of IP protocol and cryptographic experts from Cisco and Ericsson. It was standardized by IETF and published in March 2004 as RFC 3711.

Since RTP is closely related to RTCP (Real-Time Control Protocol) which can be used to control an RTP session, SRTP also has a sister protocol, called Secure RTCP (SRTCP). SRTCP provides the same security-related features to RTCP, as the ones provided by SRTP to RTP.

SRTP provides the following security-related features to RTP:

Encryption/Decryption. For the confidentiality of data flow (i.e., encryption and decryption), SRTP (together with SRTCP) standardizes utilization of only a single cipher, AES, which can be used in two cipher operational modes (counter mode (CTR) and F8 mode), allowing the AES block cipher to work as a stream cipher:

Counter Mode (CTR): A typical Counter mode, allows random access to any blocks, which is essential for RTP traffic running over unreliable network with possible loss of packets. In general, any function can be used in the role of “counter”, assuming that this function does not repeat for a long number of iterations. But the standard counter mode utilizes a usual integer incremental counter for the encryption of RTP data. AES running in this mode is used with a default encryption key length of 128 bits.

Conclusion

Due to its certain advantages, VOIP has attracted many consumers as well as organizations. However, security and threat to privacy is still a major concern for using VOIP which needs much attention of the developers and service providers as any hacker and intruder can easily intervene and intercept the conversations going on over the network. The particular focus of this study was to examine the security measures taken by the Session Initiation Protocol (SIP). SIP incorporates the use of other Internet protocols such as the Hyper Text Transport Protocol (HTTP) and the Simple Mail Transport Protocol (SMTP). There are certain security weaknesses found in the SIP. The most visible weakness of this system is the Denial of Service (DoS) attacks. The purpose of DoS is to deplete the resources on the server resulting in denial of services to legitimate users. Through this attack the hackers sends messages with bogus credentials in order to keep the server busy performing complex authentication computations. Although such attacks are difficult to prevent, there are certain steps that can help reduce the magnitude of DoS attacks. For example, a combination of monitoring, logging and filtering activities can be useful approach in preventing DoS attacks.

References

Armitage (2000).Quality of Service in IP Networks. Indiana, USA: Macmillan Technical Publishing.

Bilien, J. Eliasson, E. Orrblad, J. and Vatn, J.O. (2005). Secure VoIP: call establishment and media protection. 2nd Workshop on Securing Voice over IP, Washington DC

Bonenfant, P.A. and Leopold, S.M. (2006). Trends in the U.S. communications equipment market: a Wall Street perspective. IEEE Communications Magazine, vol. 44, pp. 102 –108.

Chong, H.M. and Matthews, H.S. (2004) Comparative analysis of traditional telephone and voice-over-Internet protocol (VoIP) systems. Electronics and the Environment, IEEE International Symposium, pp. 106 – 111

Christos B. and Afrodite S. (2004). Pricing QoS over transport networks Internet Research, Volume 14 · Number 2 · 2004 · pp. 167-174

Franks, J. et al. (1999). HTTP authentication: Basic and Digest Access Authentication IETF RFC 2617.

Hamdi, M. Verscheure, O. Hubaux, J.P. Dalgic I. and Wang P. (1999) Voice Service Interworking for PSTN and IP Networks. IEEE Commun. Mag, Vol. 37, issue 5, pp. 104-111

Hardy, W. C. (2001). QoS Measurement and Evaluation of Telecommunications Quality of Service, West Sussex, England: John Wiley & Sons

Housley, R. et al.,(2002). InternetX.509 Public Key Infrastructure: Certificate and CRL Profile. IETF RFC 3280.

Jha S. and Hassan M. (2002).Engineering Internet QoS. London, UK: Artech House,

Kent S. and Atkinson, R. (1998). IP Encapsulating Security Payload (ESP). RFC 2406.

Maresca, M. Zingirian N. and Baglietto, P. (2004). Internet protocol support for telephony Proc. IEEE, Vol. 92, pp. 1463-1477

Odlyzko, A. (2001). Internet pricing and the history of communications. Computer Networks, Vol. 36 No. 5, pp. 493-517.

Qu, Y., Verma, P.K (2005). Notion of cost and quality in telecommunication networks: an abstract approach. IEE Proc.Commun. Vol. 152, pp. 167-171

Ramsdell B. (1999). SMIME Version 3 Message Specification. IETF RFC 2633.

Rosenberg, J. Schulzrinne, H. Camarillo, Johnston, Peterson, Sparks, Handley and Schooler, (2002). SIP: Session initiation protocol v.2.0 IETF RFC 3261

Salsano, S. Veltri, L. and Papalilo, D. (2002). SIP security issues: The SIP authentication procedure and its processing load. IEEE Network, vol. 16, no. 6, pp. 38–44.

Stallings, W. (1997).Data and Computer Communications, New Jersey, USA: Prentice-Hall

Thomsen, G. and Jani, Y. (2000). Internet Telephony: Going Like Crazy. IEEE spectrum.  Vol. 37, no.5, pp. 52-58.

Wallace, K. (2006). Authorized Self-Study Guide Cisco Voice over IP (CVoice), Cisco Press,

Walsh, T.J. Kuhn, D.R. (2005) Challenges in securing voice over IP. IEEE Security & Privacy Magazine, vol. 3, pp. 44 – 49.

Dissertation Master