Presentation is loading. Please wait.

Presentation is loading. Please wait.

VoIP Information Security Issues in Voice Over Internet Protocol

Published byEunice McCormick Modified over 8 years ago

Similar presentations

Presentation on theme: "VoIP Information Security Issues in Voice Over Internet Protocol"— Presentation transcript:

1 VoIP Information Security Issues in Voice Over Internet Protocol
Satya Bhan, Jonathan Clark, Joshua Cuneo, Jorge Mejia

2 Road Map of Presentation
Introduction and basics Security threats in VoIP Encryption algorithms for VoIP Research and development of VoIP Conclusions

3 What is VOIP? Voice Over Internet Protocol ARPANET - 1973
Dramatic rise in popularity Mobile Cheap Accessible Full of security holes

4 How VOIP Works Resolution of IP Address Analog-digital conversion
Parsed into RTP packets Sent via UDP protocol Extraction of data (8)

5 How VOIP Works H.323 Protocol Umbrella standard
Terminals, gateways, gatekeepers, and multipoint control units (MCUs) (8)

6 How VOIP Works SIP Protocol Location stored in a location server
Proxy server resolves location Session Description Protocol (SDP) for logistics (8)

7 Road Map of Presentation
Introduction and basics Security threats in VoIP Encryption algorithms for VoIP Research and development of VoIP Conclusions

8 VoIP Security Myth “Security administrators assume that because digitized voice travels in packets, they can simply plug VoIP components into their already secured networks and get a stable and secure voice network” - Walsh, T.J.; Kuhn, D.R

9 Why are existing protections unusable?
Most firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) rely on deep packet inspection Encryption adds overheads Max tolerable packet delay is set to 150 ms

10 Denial of Service (DOS)
Most harmful attack – effects customers, Quality of Service (QoS), profits etc. “Latency turns traditional security measures into double-edged swords for VoIP” Walsh, T.J.; Kuhn, D.R

11 Denial of Service – Packet Loss
User Datagram Protocol (UDP) Fast, Lightweight Transmission/Order not guaranteed Small payloads – 10 to 50 bytes 1% loss – unintelligible 5% loss - catastrophic, no matter how good the codec

12 Eavesdropping Public Switch Telephone Networks (PSTN) VoIP
Physical access harder & more detectable Proprietary protocols VoIP Standardized protocols Readily available tools to monitor network Ethereal analyzer Voice over misconfigured Internet telephones (VOMIT)

13 Eavesdropping User software available freely for download
Using Cache-poisoning distribute hacked upgrades Man-in-the-middle attacks Rogue server with modified configuration files containing the IP addresses of call managers Victims’ calls are then routed through the attacker’s call manager

14 Spoofing Identity management complicated Spoof caller’s identification
No physical device Universal Reference Identification (URI) Spoofing available on multiple layers (ip, mac) Spoof caller’s identification Attacker calls regular phone line Flash over using 3 way calling, dial next party First callee’s id or unknown displayed

15 Theft of Service Edwin Pena and Robert Moore VoIP fraud
Routed more than ten million calls through unsuspecting companies Orchestrated a "brute force" attack to identify the prefixes needed to gain access to VoIP networks Sold VoIP services cheap

16 Theft of Service Attackers gain access to VoIP networks
Security vulnerabilities in user’s software Sniffing user accounts and passwords Profitable attacks Toll frauds, identity thefts etc.

17 Spam over Internet Telephony (SPIT)
“where there's a channel, there's a pitchman” Pierce Reid, Qovia VP marketing Mass advertisements over PSTN complex & costly

18 Spam over Internet Telephony (SPIT)
VoIP merges IT & PSTN Easily accessible & cheap unwanted voice messages will clog voice mail Spam tools such as blacklists etc useless against SPIT Session hijacking Video conferences can be hijacked and advertisements shown instead Similarly voice conversations disrupted by advertisements

19 Road Map of Presentation
Introduction and basics Security threats in VoIP Encryption algorithms for VoIP Research and development of VoIP Conclusions

20 PGPfone History Released in 1995
Never gained popularity due to lack of interest Broadband was not widespread Voice over IP was not popular Intended more for point-to-point modem connections

21 PGPfone Motivations Zimmermann believes in a right to privacy provided by the Constitution Released in response to 1994 Digital Telephony law “mandated that phone companies install remote wiretapping ports in their central office digital switches” Says that while warrants were still necessary, a shift in policy could lead to privacy violations NSA program to monitor without warrants

22 PGPfone Details Uses Diffie-Hellman for key generation
Keys generated from random prime numbers Uses TripleDES, Blowfish, or CAST as ciphers Symmetric for speed Run in counter mode Diffie-Hellman has vulnerability to man-in-the-middle attacks Solved by using Short Authentication Strings

23 Secure Real-Time Transfer Protocol
Published in RFC 3711 in March 2004 Goal to create secure version of Real-Time Transfer Protocol Ensure confidentiality and integrity of RTP packets Provides “a framework that permits upgrading” Allows protocol to upgrade to more secure ciphers in the future

24 Secure Real-Time Transfer Protocol
Key exchange is entirely defined in the RFC Uses master key to generate keys Number of keys generated by one master key is up to the user Number of packets encrypted by one key can be set Default cipher is Advanced Encryption Standard (AES) Runs in counter mode by default Keyed-Hashing for Message Authentication- Secure Hash Algorithm (HMAC-SHA1) used to ensure message authenticity

25 ZRTP Created by Phil Zimmermann
Title of RFC is “Extensions to RTP for Diffie-Hellman Key Agreement for SRTP” Features: Similar to PGPfone, but updated to run on top of new standards (RTP, SIP) Backwards compatible with standard RTP Does not rely on public key infrastructure (PKI) Foils man-in-the-middle attacks in similar fashion to PGPfone Adds “shared secret” for added protection

26 Zfone Also written by Phil Zimmermann Implementation of ZRTP
“Lets you turn your existing VoIP client into a secure phone” Simply intercepts and filters RTP packets If Zfone is not running on both sides it will simply revert to standard RTP GUI to let you know if current call is secure SDK to license for developers to integrate ZRTP into their applications

27 Skype Closed source and closed specification
Tom Berson's security analysis Was allowed uninhibited access to the code and the engineers Findings: Skype uses only standard encryption techniques All techniques are properly implemented Uses a central server as public key infrastructure to authenticate messages No backdoors or malware

28 Skype Concerns Closed does not always mean safe
Have to trust Skype when they say their software is secure Single person, company sponsored analysis Closed protocol makes it difficult to verify Small Chinese company claims to have broken protocol Will release software that connects to Skype network soon

29 Road Map of Presentation
Introduction and basics Security threats in VoIP Encryption algorithms for VoIP Research and development of VoIP Conclusions

30 Research and Development in VoIP Security
VoIP security is still a big question in the service Many improvements are still possible Collective effort needed by government, academia, and private companies

31 The 1st IEEE Workshop on VoIP Management and Security (2006)
Open workshop for researchers from any sector to improve state of security of VoIP Projects to cover: Locating SIP users Monitoring VoIP networks Intrusion Detection for VoIP

32 Lightweight Scheme for Locating Users: Goal/Motivation
Group of Georgia Tech Researchers (CoC) Most important challenge in VoIP: Locate communicating parties via internet in secure and reliable way Session Initialization Protocol (SIP) users are at risk because this technology is weak to attacks Mainly, the Integrity of the mapping from SIP to contact address is critical

33 Is Session Initialization Protocol (SIP) Safe?
Terminal registers its contact address Address stored in location services During call initialization, caller finds server in DNS table Callee’s server query location services for Address (1)

34 Lightweight Scheme for Locating Users: Proposed Solution
Don’t use registrar services Let SIP phone sign their own contact address bindings on behalf of their users Verify identity through public keys Have modified SIP infrastructure to distribute public keys

35 Solution Scheme to Interchange Public Keys
Initial Key exchange between 2 users After the key exchange, communication follows through secure channel This is only needed once (1)

36 Monitoring VoIP Networks: Goal/Motivation
Researchers from NEC Japan Goal: VoIP carriers should identify and separate legal from illegal traffic Motivation: Stop SPAM over Internet Telephony (SPIT) from using network resources Result: Prototype implemented to monitor traffic from Skype, SIP phones, Netmeeting

37 Monitoring VoIP Networks: Proposed Scheme/Prototype
Add time stamp to packets and measure size Extract statistical data from the flow (I.e. payload) Verification to check eavesdropping Compare packet against known threats Repeat the process and control the flow (2)

38 Intrusion Detection and Prevention on SIP: Goal/motivation
Researchers from University of Pisa and Switzerland. Goal: Use the same principles of network intrusion detection to provide security to VoIP networks Motivation: Threats will move to VoIP Results: Working prototype using Snort

39 Intrusion Detection and Prevention on SIP: Prototype
Tested successfully against a brute force generator (3)

40 Road Map of Presentation
Introduction and basics Security threats in VoIP Encryption algorithms for VoIP Research and development of VoIP Conclusions

41 Conclusion Great effort to secure VOIP networks
Leadership efforts by companies and universities Ideas both old and revolutionary One solution: encryption Speed New, effective algorithms like ZRTP Technology caught everybody by surprise Encouraging future for VOIP

42 References (1) Kong, L., Balasubramaniyan, V.B., and Ahamad, M. "A lightweight scheme for securely and reliably locating SIP users." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July 2006 < (2) Okabe, T., Kitamura, T., and Shizuno, T. "Statistical traffic identification method based on flow-level behavior for fair VoIP service." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July 2006 < (3) Niccolini, S. et al. "SIP intrusion detection and prevention: recommendations and prototype implementation." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July 2006 < (4) Zimmermann, Philip R. PGPfone Owner’s Manual. 8 July Phil’s Pretty Good Software. 13 July <ftp://ftp.pgpi.org/pub/pgp/pgpfone/manual/pgpfone10b7.pdf>. (5) Baugher, M., et al. The Secure Real-time Protocol (SRTP). March The Internet Society. 13 July < (6) ---, et al. ZRTP: Extensions to RTP for Diffie-Hellman Key Agreement for SRTP. 5 March The Internet Society. 13 July < (7) Zfone Home Page. Phil Zimmermann & Associates. LLC 13 July < (8) Kuhn, D. Richard, Thomas J. Walsh, Steffen Fries. United States. National Institute of Standards and Technology, Technology Administration, Department of Commerce. Security Considerations for Voice Over IP Systems. Gaithersburg, MD: NIST, 2005.

43 Questions?

Download ppt "VoIP Information Security Issues in Voice Over Internet Protocol"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA www.in-arg.com MESH VOIP.

Voice and Data Encryption over mobile networks July 2012 IN-NOVA TECNOLOGIC IN-ARG SA MESH VOIP.
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
Secure Mobile IP Communication

Secure Mobile IP Communication
Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,

Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Chapter 5 standards for multimedia communications

Chapter 5 standards for multimedia communications
1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.

1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.

© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.

5/3/2006 tlpham VOIP/Security 1 Voice Over IP and Security By Thao L. Pham CS 525.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Similar presentations

Ads by Google