Security in VoIP


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security in VoIP

  1. 1. VoIP Security (Voice over Internet Protocol) Brian Martin Matt Protacio February 28, 2007
  2. 2. History of VoIP <ul><li>First “internet phone” service offered in 1995 by a company called Vocaltec </li></ul><ul><ul><li>Most people didn’t yet have broadband, and most soundcards were half duplex. </li></ul></ul><ul><li>First PC to phone service in 1998, followed by phone to phone service. Cisco, Nortel, and Lucent develop hardware VOIP switches (gateways). </li></ul><ul><li>VOIP traffic exceeded 3% of voice traffic by 2000 </li></ul>
  3. 3. History of VoIP (Continued) <ul><li>Around 2004 began mass marketing for “digital phone” service bundled with broadband arranged so calls would be received over regular phones. </li></ul><ul><li>“ Digital phone” services use an adaptor from the modem to a phone jack so there is almost no difference between that and regular phone service. Other services use software clients requiring a computer with a microphone. </li></ul>
  4. 4. VoIP vs. Old Phones <ul><li>Benefits: </li></ul><ul><ul><li>More efficient bandwidth usage </li></ul></ul><ul><ul><li>Only one type of network required, data abstraction in the network </li></ul></ul><ul><li>Criticisms: </li></ul><ul><ul><li>911 localization doesn’t always work </li></ul></ul><ul><ul><li>Phones aren’t useable in a power outage, unless UPS are deployed </li></ul></ul><ul><ul><li>Fax machines might not work </li></ul></ul>
  5. 5. Common VoIP Security Threats <ul><li>VoIP Security Alliance, founded in 2005 </li></ul><ul><ul><li>Threat Taxonomy </li></ul></ul><ul><ul><li>Forums, Articles </li></ul></ul><ul><li>Caller misrepresentation, caller id spoofing </li></ul><ul><li>Unwanted calls, spam or stalking </li></ul>
  6. 6. Common VoIP Security Threats (Continued) <ul><li>Traffic Capture </li></ul><ul><li>Eavesdropping </li></ul><ul><li>Interception </li></ul><ul><li>Alteration (conversion quality, content) </li></ul><ul><li>Black holing </li></ul><ul><li>Call Hijacking </li></ul><ul><ul><li>SIP (Session Initiation Protocol) register hijacking </li></ul></ul><ul><li>DoS </li></ul>
  7. 7. SIP registration hijacking with SiVuS and a botnet <ul><li>SIP </li></ul><ul><ul><li>Session Initiation Protocol </li></ul></ul><ul><ul><li>Application layer control protocol for initiating VOIP sessions </li></ul></ul><ul><ul><li>Control messages were not encrypted and had no mechanism to verify integrity </li></ul></ul><ul><ul><ul><li>So even if registration requires authentication, it can be sniffed easily </li></ul></ul></ul>
  8. 8. The basic attack plan <ul><li>Both Callers must register with a registrar server before a call may be initiated </li></ul><ul><ul><li>DoS the receiver with zombie minions </li></ul></ul><ul><ul><li>Deregister him with the registrar </li></ul></ul><ul><ul><li>Falsify his registration with SiVuS </li></ul></ul><ul><ul><li>Anyone planning to call him will not know and you can try to claim you are the legitimate call receiver. </li></ul></ul><ul><ul><li>Chances are the intended call receiver will not notice either </li></ul></ul>
  9. 12. Good Ideas <ul><li>If using SIP use TLS </li></ul><ul><ul><li>Transport Layer Security (encryption, basically) </li></ul></ul><ul><ul><li>The text based messages of SIP are considered a feature though </li></ul></ul><ul><li>If only VoIP appliances are connected to the the network, then no PCs are available to launch attacks from. </li></ul><ul><li>Segregate data and voice to their own Virtual Lans (VLANs) </li></ul><ul><li>Encrypt!!! </li></ul><ul><ul><li>Prevents voice injections and casual eavesdropping </li></ul></ul><ul><li>Redundant network to deal with DoS. </li></ul><ul><li>Secure IP-PBX and gateway boxes </li></ul>
  10. 13. VoIP Popularity <ul><li>“ VoIP use has more than doubled in the past year, according to Telegeography Research, and experts expect the growth to continue.” </li></ul><ul><ul><li>New York Daily News, Februray 26, 2007 </li></ul></ul>
  11. 14. Popular VoIP Services <ul><li>Enterprise </li></ul><ul><ul><li>Cisco CallManager </li></ul></ul><ul><li>Home </li></ul><ul><ul><li>Vonage </li></ul></ul><ul><ul><li>Skype </li></ul></ul><ul><ul><li>Cable Companies (Time Warner, Insight, Comcast, etc.) </li></ul></ul>
  12. 15. Cisco CallManager <ul><li>Enterprise VoIP Product </li></ul><ul><li>Marketed towards companies and organizations looking to replace legacy PBX (Private Business Exchange) systems or install a new IP telephony based system </li></ul>
  13. 16. Cisco CallManager System Design <ul><li>Phones </li></ul><ul><ul><li>Deskphones, model 7960 </li></ul></ul><ul><ul><ul><li>Ethernet, PoE (Power over Ethernet) </li></ul></ul></ul><ul><ul><li>Software Phone </li></ul></ul><ul><ul><ul><li>IP Communicator </li></ul></ul></ul><ul><ul><ul><li>Popular for using across a VPN </li></ul></ul></ul>
  14. 17. Software Phone: IP Communicator
  15. 18. Cisco CallManager System Design (continued) <ul><li>Servers </li></ul><ul><ul><li>CallManager Subscribers and Publishers </li></ul></ul><ul><ul><ul><li>Windows or Linux Servers running Cisco Software </li></ul></ul></ul><ul><ul><ul><li>Process all calls </li></ul></ul></ul><ul><ul><ul><li>Interface with existing PBX systems </li></ul></ul></ul>
  16. 19. CallManager Security <ul><li>Multiple VLANs </li></ul><ul><ul><li>Separate VLANs for Voice and Data </li></ul></ul><ul><ul><li>Higher Security by isolating voice on separate VLAN </li></ul></ul><ul><li>Primary Protocols </li></ul><ul><ul><li>SIP </li></ul></ul><ul><ul><li>H.323 </li></ul></ul>
  17. 20. H.323 Attack <ul><li>Attacker can exploit the open standard protocol to establish malicious phone calls </li></ul><ul><li>Microsoft Netmeeting can be used to initiate an H.323 Phone Call </li></ul><ul><li>Malicous phone calls can be established to make international calls </li></ul><ul><li>Threat can be eliminated by not allowing international dialing on lines from telephone company </li></ul>
  18. 21. IP Phone Tap <ul><li>Capture IP packets from Phone </li></ul><ul><ul><li>Use Ethereal network sniffer </li></ul></ul><ul><li>Extract audio from packets </li></ul><ul><li>Export audio file of phone call </li></ul>
  19. 27. Prevent Phone Tapping <ul><li>Encrypt voice traffic </li></ul><ul><li>Prevent attacker from capturing traffic out of a phone </li></ul><ul><ul><li>Lock down access to network switch phone is connected to </li></ul></ul>
  20. 28. Conclusion <ul><li>VoIP is established as the future of telephones </li></ul><ul><li>Security is critical when designing and maintaining VoIP systems </li></ul><ul><li>Questions? </li></ul>