Analysis of secured VoIP services

Slides:



Advertisements
Similar presentations
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Lecture 22 Internet Security Protocols and Standards modified from slides of Lawrie Brown.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.
IP Security
Computer and Network Security
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
Virtual Private Networks and IPSec
Module 4: Configuring Site to Site VPN with Pre-shared keys
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
IPsec Problems and Solutions
IPSec Detailed Description and VPN
Chapter 5 Network Security Protocols in Practice Part I
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
IPv6 Security & QoS Babu Ram Dawadi.
IPSecurity.
Virtual Private Networks
CSE 4905 IPsec.
Cryptography and Network Security
Chapter 18 IP Security  IP Security (IPSec)
Somesh Jha University of Wisconsin
SECURING NETWORK TRAFFIC WITH IPSEC
Internet and Intranet Fundamentals
CSE 4905 IPsec II.
IT443 – Network Security Administration Instructor: Bo Sheng
Secure Sockets Layer (SSL)
UNIT.4 IP Security.
CSCE 715: Network Systems Security
Module 8: Securing Network Traffic by Using IPSec and Certificates
Chapter 8 Network Security.
BINF 711 Amr El Mougy Sherif Ismail
CSE565: Computer Security Lecture 23 IP Security
Cryptography and Network Security
No.9: IP Security Network Information Security 网络信息安全
Cryptography and Network Security
CSE 4095 Transport Layer Security TLS
Cryptography and Network Security
IP Security - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall Slides by Henric Johnson Blekinge Institute.
IP Security - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall Slides by Henric Johnson Blekinge Institute.
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
Sheila Frankel Systems and Network Security Group, ITL
Virtual Private Networks (VPNs)
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
The University of Adelaide, School of Computer Science
Module 8: Securing Network Traffic by Using IPSec and Certificates
Introduction to Network Security
Network Security 4/21/2019 Raj Rajarajan.
Virtual Private Networks (VPN)
Chapter 6 IP Security.
Lecture 36.
Lecture 36.
Cryptography and Network Security
Presentation transcript:

Analysis of secured VoIP services Kamruzzaman Ryan Tarikul Islam Md. Azizur Rahaman Analysis of secured VoIP services

Introduction Achieving security of VoIP traffic is a challenging task. We implemented security protocol stack to secure VoIP traffic, which consists of Transport Layer Security (TLS), Secure Real Time Protocol (SRTP) protocol and site to site VPN IPSec and also we analyzed the secured VoIP performance after implementing those security protocols. Analysis of secured VoIP services

Why Security The basic security objectives for communication between network systems are Confidentiality, Data Integrity and Availability. These objectives may not be attained since there are many security threats in open communication architectures, and in particular in TCP/IP based networks with standard protocols. Analysis of secured VoIP services

-Linux Operating System(Ubuntu 14.0) -Call Server(Asterisk-13.6.0) Requirements To develop our Secured Corporate VoIP network we have used following tools: -Linux Operating System(Ubuntu 14.0) -Call Server(Asterisk-13.6.0) -Cisco Switch(s2950) -Cisco Router(s1700, IOS version 12.4 T) -SRTP and TLS supported Soft Phone (Zoiper/Blink) -Wireshark to Analysis our secured traffic -Minicom Analysis of secured VoIP services

Project Layout Analysis of secured VoIP services

DNSSEC (public keys, signed data in DNS) Security protocols Kerberos S/MIME, PGP SSL/TLS IPSec SRTP Secure Shell DNSSEC (public keys, signed data in DNS) Analysis of secured VoIP services

IPSec aims at the following security objectives for IP Packet: Confidentiality: Protection against eavesdropping of IP packets. Data Integrity and Message Authentication: Protection against manipulated IP packets. Access Control of IP traffic. Replay protection against recorded and replayed packets. Analysis of secured VoIP services

IPSec provides security in three situations: IPSec Architecture IPSec provides security in three situations: Host-to-host, host-to-gateway and gateway-to-gateway IPSec operates in two modes: Transport mode (for end-to-end) Tunnel mode (for VPN) Analysis of secured VoIP services

There are some steps to configure IPsec: Create Access List IPSec Configuration There are some steps to configure IPsec: Create Access List Configure Key management policy Define Remote IP to share key Configure IPSec transform and setting Create Crypto MAP Attach crypto MAP to the interface IPSec Configuration Example HQ Router: access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 access-list 110 permit ip 192.168.2.0 0.0.0.255 192.168.5.0 0.0.0.255 Analysis of secured VoIP services

Define Internet Key Exchange (IKE) policies crypto isakmp policy 1 IPSec Configuration Example HQ Router Define Internet Key Exchange (IKE) policies crypto isakmp policy 1 authentication pre-share Configure a pre shared authentication key crypto isakmp key cisco address 192.168.3.2 Define a transform set (Combination of security protocol) crypto ipsec transform-set MYSET esp-aes esp-sha-hmac Create Crypto MAP crypto map MYMAP 1 ipsec-isakmp set peer 192.168.3.2 set transform-set MYSET match address 110 Attach crypto MAP to the interface interface Serial1/0 crypto map MYMAP Analysis of secured VoIP services

TLS implements the following security services: Transport Layer Security TLS is one of the most important Internet security protocols. It realizes End-to-End Security between the communication endpoints. TLS implements the following security services: Bilateral entity authentication, although often only unilateral (server) authentication is used, Encryption of messages, Message authentication, Protection against message delete and replay. Analysis of secured VoIP services

provides data confidentiality using symmetric key cryptography TLS Protocols TLS Record Protocol : provides data confidentiality using symmetric key cryptography provides data integrity using a keyed message authentication checksum (MAC) TLS Handshake Protocol: authenticate the client and the server exchange cryptographic keys negotiate the used encryption and data integrity algorithms before the applications start to communicate with each other Analysis of secured VoIP services

TLS Handshake Protocol Analysis of secured VoIP services

There some steps to configure TLS: Generate server certificate TLS Configuration There some steps to configure TLS: Generate server certificate Generate client certificates SIP configuration to use TLS End devices configuration to use TLS Analysis of secured VoIP services

Generate server certificate TLS Configuration Generate server certificate sh /usr/src/asterisk-13.6.0/contrib/scripts /ast_tls_cert –C 192.168.1.3 -O “AMC LAB” –d /etc/asterisk/keys Generate Client Certificate sh /usr/src/asterisk-13.6.0/contrib/scripts/ast_tls_cert -m client – c /etc/asterisk/keys/ca.crt –k /etc/asterisk/keys/ca.key –C 1000.192.168.1.3 –O “AMC LAB” –d /etc/asterisk/keys –o 1000 SIP Configuration [general] tlsanable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 transport=tls port=5061 Analysis of secured VoIP services

TLS Configuration Client Configuration Analysis of secured VoIP services

TLS Configuration Client Configuration Analysis of secured VoIP services

SRTP SRTP (Secure Real-Time Transport Protocol or Secure RTP) is an extension to RTP (Real-Time Transport Protocol) that incorporates enhanced security features. Like RTP, it is intended particularly for VoIP (Voice over IP) communications. SRTP was conceived and developed by communications experts from Cisco and Ericsson and was formally published in March 2004 by the Internet Engineering Task Force (IETF ) as Request for Comments (RFC) 3711. SRTP uses encryption and authentication to minimize the risk of denial of service(Dos) attacks. Analysis of secured VoIP services

There are some steps to configure SRTP: Extension Configuration SRTP Configuration There are some steps to configure SRTP: Extension Configuration SIP Configuration Client Configuration SRTP configuration Example: exten => _XXXX,1,GotoIf($["${CHANNEL(secure_media)}" = "1"]?:fail) exten => _XXXX,n,Dial(SIP/1000) exten => _XXXX,n,Hangup encryption=true media_encryption=sdes Analysis of secured VoIP services

IPSec Traffic Analysis . Analysis of secured VoIP services

IPSec Traffic Analysis . Analysis of secured VoIP services

TLS Traffic Analysis . Analysis of secured VoIP services

TLS Traffic Analysis . Analysis of secured VoIP services

TLS Traffic Analysis . Analysis of secured VoIP services

SRTP Traffic Analysis . Analysis of secured VoIP services

Feedback Questions ? Analysis of secured VoIP services

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.