| INTRODUCTION | | | | Virtual private networks are one of the basic |
| The evolution in the networks & | | | | forms of security mechanisms. Here, the |
| internet has increased different types of applications. | | | | communicating parties establish a sort of association |
| One such application is VOIP which has become an | | | | with each other using tunnels & the end points are |
| alternative to traditional telephone network (public | | | | connected through layer 2 techniques like |
| switched telephone network, or PSTN) offering | | | | Frame-Relay, ATM or MPLS. |
| versatile, flexible & economical speech | | | | With the end-to-end encryption, communicating |
| communication. The PSTN of course, is not | | | | entities initially exchange a secret key pair which they |
| invulnerable to security breaches. Some of the earliest | | | | will be using to encrypt the data. This key exchange |
| hackers were "phone phreakers", who specialized in | | | | could be carried out in multiple ways including manually |
| making unauthorized long distance calls. | | | | sending the key or through a complex key exchange |
| Today, the threat caused by hackers to IP | | | | protocol. After the key exchange process, all the data |
| networks goes far beyond the cost of unauthorized | | | | between the communicating nodes will be encrypted. |
| long-distance calls. An attack could take down the | | | | Even if an attacker gets access to the datagram’s, |
| network (and thus the company's phone service) for | | | | he/she will not be able decode the data immediately. |
| hours or days, and the content of calls intercepted, | | | | As the encryption algorithm becomes complex, it |
| divulging trade secrets, | | | | becomes harder for the attacker to decode the data |
| 1. confidential client information and more. That makes | | | | within the encrypted datagram. |
| security a very important issue .Here we are going to | | | | The most likely widespread solution to the |
| discuss the the attacks and the relevant counter | | | | network address translation is UDP encapsulation of |
| measure to provide appropriate levels of security for | | | | IPsec. This implementation is supported by the IETF |
| VOIP networks. | | | | and effectively allows all ESP traffic to traverse the |
| VOIP (Voice Over Internet Protocol) | | | | NAT. In tunnel mode, this model wraps the encrypted |
| The first experiment on telephony networks | | | | IPsec packet in a UDP packet with a new IP header |
| were conducted by the researchers at MIT in 1970s | | | | and a new UDP header, usually using port 500. |
| & the internet protocol specification RFC741 for | | | | Problems arising from VOIPsec |
| “Network Voice Protocol “ was published in the | | | | There are certain issues associated with |
| year 1977.VOIP uses packet switching which sends | | | | VOIP that are not applicable to normal data traffic. |
| digitized data packets over the internet using many | | | | Chief among them are latency, jitter, and packet loss. |
| possible paths. These packets are reassembled at the | | | | These issues are introduced into the VOIP |
| destination to generate voice signals. | | | | environment because it is a real time media transfer. In |
| Before any voice can be sent, a call must be placed. In | | | | standard data transfer over TCP, if a packet is lost, it |
| an ordinary phone system, this process involves dialing | | | | can be resent by request. In VOIP, there is no time to |
| the digits of the called number, which are then | | | | do this. Packets must arrive at their destination and |
| processed by the telephone company’s system to | | | | they must arrive fast. |
| ring the called number. With VOIP, the user must enter | | | | Solutions to VOIPsec issues |
| the dialed number, which can take the form of a | | | | Latency: When an end to end encryption is |
| number dialed on a telephone keypad or the selection | | | | performed in VOIP it (cryptographic engine) introduces |
| of a Universal Resource Indicator (URI).The telephone | | | | the studies reveals that cryptographic engine as a |
| number or URI must be linked with an IP address to | | | | bottleneck for voice traffic transmitted over IPsec. |
| reach the called party. | | | | One proposed solution to the |
| A number of protocols are involved in | | | | bottlenecking at the routers due to the encryption |
| determining the IP address that corresponds to the | | | | issues is to handle encryption/decryption solely at the |
| called party’s telephone number. This process is | | | | endpoints in the VOIP network [33]. One consideration |
| shown in fig.1. VOIP is increasingly popular because it is | | | | with this method is that the endpoints must be |
| cheaper than traditional phone service and in some | | | | computationally powerful enough to handle the |
| cases free. Organizations can run their own VOIP | | | | encryption mechanism. But typically endpoints are less |
| service using products from vendors such as Cisco. | | | | powerful than gateways, which can leverage |
| For consumers, companies including Packet8 and | | | | hardware acceleration across multiple clients. Though |
| Vonage offer an actual phone that plugs into a | | | | ideally encryption should be maintained at every hop in |
| broadband connection, while others including Skype | | | | a VOIP packet’s lifetime, this may not be feasible |
| offer software that runs on a PC. Most popular instant | | | | with simple IP phones with little in the way of software |
| messaging applications also have VOIP capabilities. | | | | or computational power. |
| What are the threats? | | | | In such cases, it may be preferable for the |
| Some of the security issues that affect VOIP are the | | | | data be encrypted between the endpoint and the |
| same ones that affect any IP network, and some are | | | | router (or vice versa) but unencrypted traffic on the |
| unique to voice communications. The threats include: | | | | LAN is slightly less damaging than unencrypted traffic |
| - A virus or worm can be introduced to the network | | | | across the Internet. Fortunately, the increased |
| and crash the VoIP servers/gateways | | | | processing power of newer phones is making endpoint |
| - A denial of service attack can overwhelm the | | | | encryption less of an issue. In addition, SRTP and |
| network and bring it down | | | | MIKEY are future protocols for media encryption and |
| - A hacker can access the call server to listen in to, | | | | key management enabling secure interworking |
| record, or disrupt calls | | | | between H.323 and SIP based clients. |
| - A hacker can give himself/herself or others access | | | | Secure Real Time Protocol (SRTP) |
| to services that are supposed to be restricted | | | | Jitter: refers to non-uniform packet delays. Jitter can |
| - Hackers can access the trunk gateway to the PSTN | | | | cause packets to arrive and be processed out of |
| and make unauthorized toll calls | | | | sequence. RTP, the protocol used to transport voice |
| - A hacker who accesses the call server can register | | | | media, is based on UDP so packets out of order are |
| "rogue" IP phones, which can then use the company's | | | | not reassembled at the protocol level. However, RTP |
| VoIP services | | | | allows applications to do the reordering using the |
| A different but related problem with VoIP is the | | | | sequence number and timestamp fields. The overhead |
| possibility of receiving SPIT (Spam over IP Telephony). | | | | in reassembling these packets is non-trivial, especially |
| Another is the phenomenon is VoIP Phishing. | | | | when dealing with the tight time constraints of VOIP. |
| Security Issues of Voip Applications | | | | RTP (Real-time Transport Protocol) is |
| With the introduction of VOIP, the need for | | | | commonly used for the transmission of real-time audio |
| security is compounded because now we must | | | | video data in Internet telephony applications. Without |
| protect two invaluable assets, our data and our voice. | | | | protection RTP is considered insecure, as a telephone |
| For example, when ordering merchandise over the | | | | conversation over IP can easily be eavesdropped. |
| phone, most people will read their credit card number | | | | Additionally, manipulation and replay of RTP data could |
| to the person on the other end. The numbers are | | | | lead to poor voice quality due to jamming of the audio |
| transmitted without encryption to the seller. In contrast, | | | | video stream. Modified RTCP (Real-time Transport |
| the risk of sending unencrypted data across the | | | | Control Protocol) data could even lead to an |
| Internet is more significant. Packets sent from a | | | | unauthorized change of negotiated quality of service |
| user’s home computer to an online retailer may | | | | and disrupt the processing of the RTP stream. |
| pass through 15-20 systems that are not under the | | | | The Secure Real-time Protocol is a profile |
| control of the user’s ISP or the retailer. | | | | of the Real-time Transport Protocol (RTP) offering not |
| Because digits are transmitted using a | | | | only confidentiality, but also message authentication, |
| standard for transmitting digits out of band as special | | | | and replay protection for the RTP traffic as well as |
| messages, anyone with access to these systems | | | | RTCP (Real-time Transport Control Protocol). SRTP |
| could install software that scans packets for credit | | | | was being standardized at the IETF in the AVT |
| card information. For this reason, online retailers use | | | | working group. It was released as RFC 3711 in March |
| encryption software to protect a user’s information | | | | 2004. |
| and credit card number. Hence, we are to transmit | | | | SRTP provides a framework for encryption and |
| voice over the Internet Protocol, and specifically across | | | | message authentication of RTP and RTCP streams. |
| the Internet, similar security measures must be applied. | | | | SRTP can achieve high throughput and low packet |
| The current Internet architecture does not provide the | | | | expansion. |
| same physical wire security as the phone lines. The | | | | Packet Loss |
| key to securing VOIP is to use the security | | | | VOIP is exceptionally intolerant of |
| mechanisms like those deployed in data networks | | | | packet loss. Packet loss can result from excess |
| (firewalls, encryption, etc.). | | | | latency, where a group of packets arrives late and |
| The vulnerabilities in VOIP encompass not | | | | must be discarded in favor of newer ones. It can also |
| only the flaws inherent within the VOIP application itself, | | | | be the result of jitter, that is, when a packet arrives |
| but also in the underlying operating systems, | | | | after its surrounding packets have been flushed from |
| applications, and protocols that VOIP depends on. The | | | | the buffer, making the received packet useless. |
| complexity of VOIP creates a high number of | | | | Despite the infeasibility of using a guaranteed delivery |
| vulnerabilities that affect the three classic areas of | | | | protocol such as TCP, there are some remedies for |
| information security: confidentiality, integrity, and | | | | the packet loss problem. |
| availability. | | | | One cannot guarantee all packets |
| A virus is a piece of malicious code loaded | | | | are delivered, but if bandwidth is available, sending |
| onto the computer systems without your knowledge | | | | redundant information can probabilistically annul the |
| and runs against your wishes. As VoIP applications | | | | chance of loss. Such bandwidth is not always |
| move beyond simply handling voice calls to running | | | | accessible and the redundant information will have to |
| different applications, the virus risk is likely to increase | | | | be processed, introducing even more latency to the |
| because all VoIP applications have their own IP | | | | system and ironically, possibly producing even greater |
| address like the computer systems on IP networks. | | | | packet loss. Newer codecs such as internet Low |
| Thus, a virus attack could bevery effective against the | | | | Bit-rate Codec (iLBC) are also being developed that |
| VoIP applications. One of the common examples is | | | | offer roughly the voice quality and computational |
| that virus injects small replication code through stack | | | | complexity of G.729A, while providing increased |
| overflow to damage the VoIP applications or even | | | | tolerance to packet loss. |
| bring down the IP networks. To tackle this scenario, | | | | Better Scheduling Schemes |
| VoIP applications should provide a security mechanism | | | | The incorporation of AES or some other |
| to verify received data packet size to avoid exceed | | | | speedy encryption algorithm could help temporarily |
| bounds of available memory on stack. In summary, | | | | alleviate the bottleneck, but this is not a scalable |
| virus attacks could generate security threats to | | | | solution because it does not address the highest |
| integrity and availability. | | | | degree cause of the slowdown. Without a way for |
| Denial of Service (DoS) attacks always | | | | the crypto-engine to prioritize packets, the engine will |
| refer to the prevention of access to a network | | | | still be susceptible to DoS attacks and starvation from |
| service by bombarding servers, proxy servers or | | | | data traffic impeding the time-urgent VOIP traffic. A |
| voice-gateway servers with malicious packets. An | | | | few large packets can clog the queue long enough to |
| incident in which a user is deprived of the services or | | | | make the VOIP packets over 150 ms late (sometimes |
| resource they would normally expect to have. | | | | called head-of-line blocking), effectively destroying the |
| Intruders can launch the full spectrum of DoS attacks | | | | call. Ideally, the crypto-engine would implement QoS |
| (e.g., unauthenticated call control packets) against VoIP | | | | scheduling to favor the voice packets, but this is not a |
| application’s underlying networks and protocols like | | | | realistic scenario due to speed and compactness |
| traditional PBX. For example, voicemail and short | | | | constraints on the crypto-engine. |
| messaging services in IP telephony systems can | | | | One solution implemented in the latest |
| become the targets of message flooding attacks. The | | | | routers is to schedule the packets with QoS in mind |
| result may prevent legitimate attempts to leave a | | | | prior to the encryption phase. Although this heuristic |
| subscriber a message. | | | | solves the problem for all packet poised to enter the |
| Man in the Middle attacks always refer to an | | | | crypto engine at a given time, it does not address the |
| intruder who is able to read, and modify at will, | | | | problem of VOIP packets arriving at a |
| messages between two parties without either party | | | | crypto–engine queue that is already saturated with |
| knowing that the link between them has been | | | | previously scheduled data packets. |
| compromised. The most common man in the middle | | | | QoS prioritizing can also be done after the |
| attack usually involves Address Resolution Protocol | | | | encryption process provided your encryption |
| (ARP), which can cause an VoIP application to redirect | | | | procedures preserve the ToS bits from the original IP |
| its traffic to the attack computer system. Then the | | | | header in the new IPsec header. This functionality is |
| attack computer system can gain complete control | | | | not guaranteed and is dependent on one’s network |
| over that VoIP application’s sessions, which can be | | | | hardware and software, but if it is implemented it |
| altered, dropped, or recorded. For example, an | | | | allows for QoS scheduling to be used at every hop |
| attacker can inject speech, noise or delay (e.g., silent | | | | the encrypted packets encounter. |
| gaps) into a conversation .In general, there are three | | | | There are security concerns any time |
| types of vulnerabilities:(1) Eavesdropping: Unauthorized | | | | information on the contents of a packet is left in the |
| interception of voice data packets or | | | | clear, including this ToS-forwarding scheme, but with |
| Real-Time Transport Protocol (RTP) media | | | | the sending and receiving addresses concealed, this is |
| stream and decoding of signaling messages; (2) | | | | not as egregious as a cursory glance would make it |
| Packet Spoofing: Intercept a call by impersonating | | | | seem. Still neither the pre-encryption or post-encryption |
| voice packets or transmitting information; and (3) | | | | schemes actually implement QoS or any other |
| Replay: Retransmit genuine sessions so that the VoIP | | | | prioritizing scheme to enhance the crypto-engine’s |
| applications will reprocess the information. | | | | FIFO scheduler. Speed and compactness constraints |
| To tackle all these types of vulnerabilities, VoIP | | | | on this device may not allow such algorithms to be |
| applications can adopt the Public Key Infrastructure | | | | applied for some time. |
| (PKI) a security mechanism to ensure confidentiality of | | | | CONCLUSION |
| all transmitted data, and to verify and authenticate the | | | | This paper has discussed on VOIP |
| validity of each party in the context of public and | | | | architecture, security issues & security |
| private key. Without proper encryption, anyone can | | | | mechanisms followed in the VOIP architecture. The |
| sniff any voice data packets transmitted over IP | | | | generic problems & the solution for the VOIP |
| networks that make security threats to confidentiality | | | | system are discussed. Future work may include |
| and integrity. In summary, Man in the Middle attacks | | | | software attacks prevention through solid security |
| create security threats to confidentiality and integrity | | | | policies and their enforcement. |
| because this type of attack may release the voice | | | | REFERENCES |
| data packets to authorized parties or modify the | | | | 1.W.C. Hardy, QoS Measurement and Evaluation of |
| content of conversations. | | | | Telecommunications Quality of Service, John Wiley |
| Security in IPsec | | | | & Sons, 2001. |
| IP network is prone to maximum number of | | | | 2.W.C. Hardy, VOIP Service Quality: Measuring and |
| security breaches. Hence a lot of network protocols | | | | Evaluating Packet-Switched Voice, McGraw-Hill, 2003. |
| are developed to protect IP networks. Voice Over IP | | | | 3.International Telecommunications Union. ITU-T |
| is vulnerable towards the same attack as the normal | | | | Recommendation G.114 (1998): "Delay". |
| data traffic. Here the attacker can directly enter the | | | | 4.P. Mehta and S. Udani, “Overview of Voice |
| network to disrupt the service or he could generate | | | | over IP”. Technical Report MS-CIS-01-31, |
| excess traffic to disrupt the service. | | | | Department of Computer Information Science, |
| IPsec is the preferred form of VPN tunneling | | | | University of Pennsylvania, February 2001. |
| across the Internet. There are two basic protocols | | | | 5.B. Goode, “Voice Over Internet Protocol |
| defined in IPsec: Encapsulating Security Payload (ESP) | | | | (VOIP)”. Proceedings of thee IEEE, VOL. 90, NO. 9, |
| and Authentication Header (AH). Both schemes | | | | Sept. 2002. |
| provide connectionless integrity, source authentication, | | | | 6.R. Barbieri, D. Bruschi, E Rosti, “Voice over IPsec: |
| and an anti-replay service. | | | | Analysis and Solutions”. Proceedings of the 18th |
| IPsec also supports two modes of delivery: | | | | Annual Computer Security Applications |
| Transport and Tunnel. Transport mode encrypts the | | | | Conference,2002. |
| payload (data) and upper layer headers in the IP | | | | 7.Anonymous, “Voice Over IP Via Virtual Private |
| packet. The IP header and the new IPsec header are | | | | Networks: An Overview”. White Paper, AVAYA |
| left in plain sight. So if an attacker were to intercept an | | | | Communication, Feb. 2001. |
| IPsec packet in transport mode, they could not | | | | 8.R. Sinden, “Comparison of Voice over IP with |
| determine what it contained; but they could tell where it | | | | circuit switching techniques”. Department of |
| was headed, allowing rudimentary traffic analysis. On a | | | | electronics and Computer Science, Southampton |
| network entirely devoted to VOIP, this would equate to | | | | University, UK, Jan. 2002. |
| logging which parties were calling each other, when, | | | | 9.K. Percy and M. Hommer, “Tips from the trenches |
| and for how long. Tunnel mode encrypts the entire IP | | | | on VOIP”. Network World Fusion, Jan. 2003 |
| datagram and places it in a new IP Packet. Both the | | | | 10.Anti-phishing working group. Online: |
| payload and the IP header are encrypted. The IPsec | | | | 11. Blau, J., 2005. Cabir worm wriggles into U.S. mobile |
| header and the new IP Header for this encapsulating | | | | phones. PC World. Online: |
| packet are the only information left in the clear. Usually | | | | 12.Chen, X. and Heidemann, J., 2002. Flash crowd |
| each “tunnel” is between two network elements | | | | mitigation via adaptive admission control based on |
| such as a router or a gateway.. | | | | application-level measurement. Technical Report |
| The IP addresses of these nodes are | | | | ISI-TR-557, UniversityofSouthernCalifornia. Online: |
| used as the unencrypted IP address at each hop. | | | | 13.Defense Information Systems Agency (DISA), 2004. |
| Hence, at no point is a plain IP header sent out | | | | Voice Over Internet Protocol (VOIP), SecurityTechnical |
| containing both the source and destination IP. Thus if | | | | Implementation Guide, Version 1, Release 1, 13. |
| an attacker were to intercept such packets, they | | | | 14.Demers, S., et al., 1989. Analysis and simulation of a |
| would be unable to discern the packet contents or the | | | | fair queuing algorithm. Proc. Special Interest Group on |
| origin and destination. Note that some traffic analysis is | | | | Data Communication (SIGCOMM), Austin, USA. |
| possible even in tunnel mode, because gateway | | | | 15.Gregory, P.H., 2004. Microsoft ignoring the biggest |
| addresses are readable. If a gateway is used | | | | source of security threats? Computerworld, February |
| exclusively by a particular organization, an attacker can | | | | 16.online: |
| determine the identity of one or both communicating | | | | 17.Hensell, L., 2003. The new security risk of VoIP. |
| organizations from the gateway addresses. IPsec | | | | E-Commerce Times, October 2. Online article: |
| allows nodes in the network to negotiate not only a | | | | 18.Ioannidis, J. and Bellovin, S.M., 2002. Router-based |
| security policy, which defines the security protocol and | | | | defense against DDoS attacks. Proc. Network and |
| transport mode as described previously, but also a | | | | Distributed System Security Symposium (NDSS), San |
| security association defining the encryption algorithm. | | | | Diego, USA. |
| Security mechanisms for VOIP | | | | 19.Jung, J., et al., 2002. Flash crowds and denial of |
| The prominent security mechanisms used | | | | service attacks: Characterization and implications for |
| along with voice traffic include virtual private networks | | | | CDNs and Web sites. Proc. of the 11th International |
| (VPN), end-to-end encryption and address translation. | | | | World Wide Web Conference, Honolulu, USA. |