Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysis of secured VoIP services

Published byAlexandra King Modified over 6 years ago

Similar presentations

Presentation on theme: "Analysis of secured VoIP services"— Presentation transcript:

1 Analysis of secured VoIP services
Kamruzzaman Ryan Tarikul Islam Md. Azizur Rahaman Analysis of secured VoIP services

2 Introduction Achieving security of VoIP traffic is a challenging task. We implemented security protocol stack to secure VoIP traffic, which consists of Transport Layer Security (TLS), Secure Real Time Protocol (SRTP) protocol and site to site VPN IPSec and also we analyzed the secured VoIP performance after implementing those security protocols. Analysis of secured VoIP services

3 Why Security The basic security objectives for communication between network systems are Confidentiality, Data Integrity and Availability. These objectives may not be attained since there are many security threats in open communication architectures, and in particular in TCP/IP based networks with standard protocols. Analysis of secured VoIP services

4 -Linux Operating System(Ubuntu 14.0) -Call Server(Asterisk-13.6.0)
Requirements To develop our Secured Corporate VoIP network we have used following tools: -Linux Operating System(Ubuntu 14.0) -Call Server(Asterisk ) -Cisco Switch(s2950) -Cisco Router(s1700, IOS version 12.4 T) -SRTP and TLS supported Soft Phone (Zoiper/Blink) -Wireshark to Analysis our secured traffic -Minicom Analysis of secured VoIP services

5 Project Layout Analysis of secured VoIP services

6 DNSSEC (public keys, signed data in DNS)
Security protocols Kerberos S/MIME, PGP SSL/TLS IPSec SRTP Secure Shell DNSSEC (public keys, signed data in DNS) Analysis of secured VoIP services

7 IPSec aims at the following security objectives for IP Packet:
Confidentiality: Protection against eavesdropping of IP packets. Data Integrity and Message Authentication: Protection against manipulated IP packets. Access Control of IP traffic. Replay protection against recorded and replayed packets. Analysis of secured VoIP services

8 IPSec provides security in three situations:
IPSec Architecture IPSec provides security in three situations: Host-to-host, host-to-gateway and gateway-to-gateway IPSec operates in two modes: Transport mode (for end-to-end) Tunnel mode (for VPN) Analysis of secured VoIP services

9 There are some steps to configure IPsec: Create Access List
IPSec Configuration There are some steps to configure IPsec: Create Access List Configure Key management policy Define Remote IP to share key Configure IPSec transform and setting Create Crypto MAP Attach crypto MAP to the interface IPSec Configuration Example HQ Router: access-list 110 permit ip access-list 110 permit ip Analysis of secured VoIP services

10 Define Internet Key Exchange (IKE) policies crypto isakmp policy 1
IPSec Configuration Example HQ Router Define Internet Key Exchange (IKE) policies crypto isakmp policy 1 authentication pre-share Configure a pre shared authentication key crypto isakmp key cisco address Define a transform set (Combination of security protocol) crypto ipsec transform-set MYSET esp-aes esp-sha-hmac Create Crypto MAP crypto map MYMAP 1 ipsec-isakmp set peer set transform-set MYSET match address 110 Attach crypto MAP to the interface interface Serial1/ crypto map MYMAP Analysis of secured VoIP services

11 TLS implements the following security services:
Transport Layer Security TLS is one of the most important Internet security protocols. It realizes End-to-End Security between the communication endpoints. TLS implements the following security services: Bilateral entity authentication, although often only unilateral (server) authentication is used, Encryption of messages, Message authentication, Protection against message delete and replay. Analysis of secured VoIP services

12 provides data confidentiality using symmetric key cryptography
TLS Protocols TLS Record Protocol : provides data confidentiality using symmetric key cryptography provides data integrity using a keyed message authentication checksum (MAC) TLS Handshake Protocol: authenticate the client and the server exchange cryptographic keys negotiate the used encryption and data integrity algorithms before the applications start to communicate with each other Analysis of secured VoIP services

13 TLS Handshake Protocol
Analysis of secured VoIP services

14 There some steps to configure TLS: Generate server certificate
TLS Configuration There some steps to configure TLS: Generate server certificate Generate client certificates SIP configuration to use TLS End devices configuration to use TLS Analysis of secured VoIP services

15 Generate server certificate
TLS Configuration Generate server certificate sh /usr/src/asterisk /contrib/scripts /ast_tls_cert –C O “AMC LAB” –d /etc/asterisk/keys Generate Client Certificate sh /usr/src/asterisk /contrib/scripts/ast_tls_cert -m client – c /etc/asterisk/keys/ca.crt –k /etc/asterisk/keys/ca.key –C –O “AMC LAB” –d /etc/asterisk/keys –o 1000 SIP Configuration [general] tlsanable=yes tlsbindaddr= tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 transport=tls port=5061 Analysis of secured VoIP services

16 TLS Configuration Client Configuration
Analysis of secured VoIP services

17 TLS Configuration Client Configuration
Analysis of secured VoIP services

18 SRTP SRTP (Secure Real-Time Transport Protocol or Secure RTP) is an extension to RTP (Real-Time Transport Protocol) that incorporates enhanced security features. Like RTP, it is intended particularly for VoIP (Voice over IP) communications. SRTP was conceived and developed by communications experts from Cisco and Ericsson and was formally published in March 2004 by the Internet Engineering Task Force (IETF ) as Request for Comments (RFC) SRTP uses encryption and authentication to minimize the risk of denial of service(Dos) attacks. Analysis of secured VoIP services

19 There are some steps to configure SRTP: Extension Configuration
SRTP Configuration There are some steps to configure SRTP: Extension Configuration SIP Configuration Client Configuration SRTP configuration Example: exten => _XXXX,1,GotoIf($["${CHANNEL(secure_media)}" = "1"]?:fail) exten => _XXXX,n,Dial(SIP/1000) exten => _XXXX,n,Hangup encryption=true media_encryption=sdes Analysis of secured VoIP services

20 IPSec Traffic Analysis
. Analysis of secured VoIP services

21 IPSec Traffic Analysis
. Analysis of secured VoIP services

22 TLS Traffic Analysis . Analysis of secured VoIP services

23 TLS Traffic Analysis . Analysis of secured VoIP services

24 TLS Traffic Analysis . Analysis of secured VoIP services

25 SRTP Traffic Analysis . Analysis of secured VoIP services

26 Feedback Questions ? Analysis of secured VoIP services

Download ppt "Analysis of secured VoIP services"

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Lecture 22 Internet Security Protocols and Standards modified from slides of Lawrie Brown.

Lecture 22 Internet Security Protocols and Standards modified from slides of Lawrie Brown.
Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.

Creating an IPsec VPN using IOS command syntax. What is IPSec IPsec, Internet Protocol Security, is a set of protocols defined by the IETF, Internet Engineering.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
2003-2004 - Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)

Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam.

IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.

Similar presentations

Ads by Google