Keywords: PSTN; Security; Telephony; VoIP. I. INTRODUCTION. Voice over Internet Protocol (VoIP) is a rapidly growing. Internet service. It gained popularity as ...
Pan African International Conference on Information Science, Computing and Telecommunications (2013)
Securing VoIP Network: An Overview of Applied Approaches and Analysis Michael Oche, Student Member IEEE, Mostofa Kamal Nasir, Abubakar Bello Tambawal, Rafidah Md Noor, Member IEEE Faculty of Computer Science and Information Technology University of Malaya, Kuala Lumpur. Malaysia corresponding realistic security requirements” . This is no different in case of VoIP. Most efforts were till today invested in providing more advanced services and applications, with less attention paid to security. Another prevailing problem lies in users' perception of VoIP telephony, the fact that VoIP telephony idea is not completely new, it follows the exemplification of traditional telephony and it’s seen by the users as a replacement to traditional telephony. A replacement users presumed should provide similar security level. But unfortunately, VoIP is different, in the sense that its security is usually treated as one of the service properties configurable by the user. As such in this paper we reviewed and analyzed basic VOIP network security requirements, with the aim of empowering public VoIP users and equipping them with relevant basic tools or information on how to better secure their VOIP telephony system.
Abstract - VoIP is becoming more and more popular and as such a potential target for hackers. Providing security for VoIP services is therefore pertinent for telecommunications. Without correct mechanisms to ensure callers’ authentication, transmission confidentiality and availability of the service, security of the VoIP users is at risk. The fact that VoIP relies on IP infrastructure make it vulnerable to any attack that targets the network. Consequently, whatever may be the nature of the attack, there is a good chance that the attacker is capitalizing on a weakness in the VoIP protocol being used. VoIP is different from other IP services in the sense that its security is normally treated as one of the service properties configurable by the user. This article provides an overview of the VoIP security configuration requirement, aimed at empowering public VoIP user With the strategies to mitigate threats.
Keywords: PSTN; Security; Telephony; VoIP
The rest of the paper is organized as follows. In section 2, give a detailed review of literature, include the stages of development of traditional telephony to what is known today as VoIP. Section 3 described the typical VoIP architecture. In section 4, basic elements and concepts of a VoIP system was discussed. Section 5 presents the various mitigation methods used in securing a VoIP system. And finally in section five present the summary and future work.
I. INTRODUCTION Voice over Internet Protocol (VoIP) is a rapidly growing Internet service. It gained popularity as a way to cut costs of international telephone connections by transporting voice over public IP networks [1]. Today it is being implemented in many IP applications, where it enables direct, and most time free communication over the Internet to users globally, for example free Skype to Skype international call. As a consequence, VoIP technology slowly replaces traditional telephony. There are numerous attack vectors when dealing with VoIP, since VoIP depends on the IP infrastructure, any attack that targets the network can be a potential hazard for VoIP. Consequently, whatever may be the nature of the attack, there is a good possibility that the attacker is capitalizing on a weakness in the VoIP protocol being used. Providing security for this service is therefore pertinent for telecommunications. User private information, business negotiation details or even state secrets could be revealed if not well protected. Without a correct mechanism to ensure callers’ Authentication, transmission confidentiality and service availability, the security of VoIP users are at risk. In view of this, it is pertinent and imperative to investigate VOIP security problem and evaluate the service to assure that moving telephony to a new IP-based platform does not compromise its security [2]. In most cases “advances and trends in information technology typically surpass the
II. LITERAURE REVIEW Voice over Internet Protocol is a somehow a different technology, even though an average telecommunication user know it concerns the Internet and it’s relatively cheap, he/she probably may not know any details beyond that. The traditional telephony system since its introduction in 1878 involved three main stages, first it existed in a form of a first general telephone network which required a constant human presence to switch and setup call. Later in 1891 [3] Plain Old Telephone System (POTS) was introduced. POTS provides for automated switching, which completely eliminated the need for human presence. In 1970 POTS was replaced with a more advanced system known as the Public Switched Telephone Network (PSTN). Unlike POTS, the PSTN uses digital signals, which allowed voice to be transmitted as digital signal instead of the analogue signal,
104
Pan African International Conference on Information Science, Computing and Telecommunications (2013)
as in the case of POTS. This development made it possible for services such as fax and other database services to be offered in addition to voice. The introduction of the PSTN system marks the beginning of the digital communication era, and to make communication even more seamless the new PSTN was made to be compatible with the old POTS system, which uses lower transmission bandwidth of 4KHz despite the fact that digital services are transported on higher frequencies [3]. The higher bandwidth brought about as a result of digitization in the early 90’s, find their usefulness in data network access technology. Many Internet access services, like ISDN, DSL and ADSL were practicable using the same access lines that were used for PSTN [4].
Internet Protocol (IP). VoIP differs from the PSTN (a circuit switched) in its ability to transmit information with no requirement for full bandwidth reservation. Unlike the PSTN which, irrespective of the amount of information to be sent, reserved a full transmission bandwidth. VoIP is packet switched, information is first divided into packets before it is being transmitted. Packets may travel in different route (dynamic routing), in the transported network, as there is no single reserved path (circuit). As a consequence packet arrival at the destination may be in a different sequence than they were sent. Likewise, as there is no guaranteed bandwidth, some packets may be lost, as the packets are just simply being transported using the Internet Protocol (IP) which doesn’t guarantee packet delivery. Voice transportation using the IP works just the same way, as in any other application similar to the World Wide Web (WWW) or email. The internet's tariffing system is based on a philosophy different from that of the PSTN. Tariffing is independent of geographical distance between the sender and receiver. Therefore, transmitting data between any two
III. THE ARCHITECTURE The acronym VoIP represents, Voice over Internet protocol, it implies that voice packet is transported using
Figure 1: VoIP/PSTN basic scenarios [5]
Points may cost the client the same amount or in some cases even less, but in the case of traditional PSTN its different (calls are charged based on distance). Table 1 shows the difference in pricing for a three minute call from France and one national long distance call made within France. It could be observed that a call to Australia from France using internet is by far cheaper than a call made using the PSTN to neighboring Belgium which distance is less compared to Australia. Also calling from France to Australia using the Internet is three times cheaper than PSTN to the same location.
Table 1 tariff difference using commercial Internet telephony and PSTN from France [5]. From – to France to US France to Australia France to Belgium Within France (long distance)
105
Internet tel. 0.30 US$ 0.90 US$ 1.11 US$ 1.05 US$
PSTN 1.58 US$ 3.48 US$ 1.31 US$ 0.74 US$
Pan African International Conference on Information Science, Computing and Telecommunications (2013)
Figure 1 shows four scenarios that related to the IP Network PSTN. Figure 1.1 shows scenario 1, the first VoIP applications, the application permits voice communication between two users of the Internet, and it has grown so popular to an extent that it is now used in many Instant Messaging (IM) clients, like Skype, Messenger, etc. Voice transmission over IP works just as any other Internet service and fully converged with other IM applications. The next step of VoIP development came with the calls from Internet users to PSTN fixed subscribers figure 1.2 scenario 2. The main advantage of such a telecommunication solution is that information traveled through the Internet as long as possible and are forwarded to the PSTN at the very end – as close to the subscriber as possible. Thanks to this, even international calls are treated as local calls by PSTN provider. The total cost is considerably diminished [6].
IP terminal (VoIP client) IP terminal (VoIP client)
Gateway VoIP Server Conference bridge
Fig.2: VoIP basic architecture
V. ATTACK VECTORS IN VoIP The following described some possible attacks that could be launched on any VoIP system. A Toll Fraud Toll fraud is an attack that relates to individuals using telephone equipment to place unauthorized calls for their personal gain, for example placing long distance calls for which they are not permitted, security threat created relates to integrity. The best approach proposed to mitigate this attack is by letting VoIP application enforcing authorization mechanism on IP network and dialing rules to groups of users for certain times [7].
IV. PROTOCOLS AND CONCEPTS While introducing VoIP one has to mention some basic elements and concepts of a VoIP system. As can be seen in Figure 2, there are four basic elements of a VoIP System [6].
•
•
•
PSTN Terminal
VoIP provider
The last two scenarios (figure 1.3 and figure 1.4) might be used by providers when the need arises (whenever circumstance requires its implementation). Unquestionably, there are allot more complicated scenario cases in used, but they would merely be a variation of the four presented in Figure1.
•
PSTN Terminal
B. Denial of service (DoS) DoS in VoIP infrastructure, is an attempt by an attacker to prevent the phone service from operating within the normal operating specifications. This could include the inability to place a call or receive a call, this kind of attack affects Network availability [8].
Terminal – In a VoIP environment it refers to the communication devices end point, usually where the calls are being terminated. A terminal could either be software base or hardware based and could also involve some automatic interaction such as voice mails. Server – server is the focal point of a VoIP system. Registration of terminals and data information such as locations and IP are stored in the server. Also the server performs some other operations such as setup call routing mechanism, authorization and accounting operation. Gateway – Is the outmost edge of the VoIP network. It ensures the interoperability of the VoIP network with other networks, such as converting voice calls and fax calls between PSTN and IP network. Conference Bridge – For multi point communication. Allows for the functionality of several communication points. Because of the high resource requirement of the conference bridge it is isolated from the server just as shown in figure 2.
C. Eavesdropping Eavesdropping requires tapping a line or penetrating a switch. VoIP units share physical network connections with the data network, and in many cases VoIP and data are on the same logical portion of the network. Attaching a packet sniffer to the VoIP network segment makes it easy to intercept voice traffic [9] D. Session Initiation Protocol (SIP) Attacks SIP Attacks attempt to exploit the SIP’s use of wellknow protocol to intercept or manipulate SIP messages. Such attacks include launching man-in-middle attack, registration hijacking, message tampering and cancel/bye attack, all these refer to attacks that affect integrity and confidentiality [2] E. Phishing Phishing is an attack against data privacy, this involve the victims themselves giving vital personal information unknowingly to the attacker. It involves a situation whereby
106
Pan African International Conference on Information Science, Computing and Telecommunications (2013)
call setup protocol traffic e.g. H.323 traffic to learn the UDP port to be used for RTP flows. The firewall then temporarily opens those UDP ports for the duration of the RTP connection [13].
an attacker sending an e-mail to user, the email appears to be from a legitimate business and asking the user to provide vital personal information on a web page, such as social security number, bank or credit card and many more. And later uses this information for fraudulent purposes [10].
C. Hardening Voice Endpoints and Application Services IP web access parameter in IP phones should be changed from enabled to disabled, this is to prevent an attacker from gaining access to a collection of configuration information which are freely available by pointing a web browser to the IP address of the IP phone. Also to prevent man-in-themiddle attack, the gratuitous ARP setting should be changed from enable to disable. By disabling the gratuitous ARP feature, can prevent an IP phone from believing unsolicited address resolution protocol (ARP) replies, which potentially could have come from an attacker claiming to be the nexthop gateway to the IP phone. Aside from voice end points, other popular attack target on voice networks includes application servers, such as UCM server and below are some some hardening recommended for mitigation [14], :
VI. METHOD OF SECURING VoIP NETWORK Much of the IP telephone infrastructure relies on a Call Manager (CM) which is a software-based call-processing component of an IP telephony solution. And so, to successfully secure the IP phone, certain service properties need to be configured by the user. Below are some configuration and approaches required to mitigating VoIP network security threats [11]. A. Discovery Protocol Sniffing If an attacker is an insider or already has partial access to one internal network, there are varieties of passive host discovery techniques specific to a VoIP deployment that he can perform. For example, Cisco Discovery Protocol (CDP) [12] is a proprietary layer 2 network management protocol built into most Cisco networking devices, including VoIP phones. CDP is used particularly in a call manager environment to discover and remove IP phones dynamically, for dynamic allocation of VLANs to IP phones’ and other management functions. CDP packets are broadcast on the local Ethernet segment and contain a wealth of useful reconnaissance, information about the device that are transmitted in plain text, information such as IP address, software versions, and VLAN assignments. Most network sniffers can easily decode CDP traffic, Cisco recommends turning off CDP on Cisco devices especially where the environment is mostly static. However, in a VoIP environment CDP can offer so much management functionality that keeping it enabled where absolutely necessary might be an acceptable trade-off. But from a strict security perspective, however CDP can provide attackers with a wealth of data about ones network and should be disabled. Also Cisco switches and routers have security feature called DHCP snooping that will cause the device to act as a DHCP firewall/proxy between trusted and untrusted network interfaces [11].
•
•
•
B. Protecting a VoIP Network with Security Appliances Security appliances such as firewalls and VPN termination devices also can be used to protect voice networks. However, one challenge of protecting voice networks with a firewall is that the administrator is not sure of the UDP ports that could be used to transmit the RTT voice packets. For example, in a Cisco environment a UDP port for an RTP stream typically is an even number port selected from the range of 16,384 to 32, 767. Opening this entire range of potential ports could open unnecessary security hole. But Cisco firewalls such as the PIX and Adaptive security appliance (ASA) firewalls solve this problem, because Cisco firewalls can dynamically inspect
•
•
107
Enabling port security on switches to help mitigate ARP spoofing. Port security is a mechanism that allows one to allocate a legitimate MAC address of known server and devise ahead of time specific to each port on the switch. Thus, access to an Ethernet, fast Ethernet, or Gigabit Ethernet port when the MAC address detected is not on the preassigned list should be blocked. This will help prevent ARP spoofing attack. Dynamically restrict Ethernet port access with 8021x port Authentication. Enabling the 802.1x port authentication protects against physical attacks, such a situation where an attacker walking around inside the organization plugs a laptop into an empty network jack in order to sniff traffic. Enabling DHCP snooping to prevent DHCP spoofing. DHCP snooping is a feature that blocks DHCP responses from ports that don’t have DHCP servers associated with them. This prevents manin-the-middle attack, a situation where a hacker reroute traffic to his machine by masquerading as a valid DHCP server. Also traffic entries should be put in the DHCP-snooping binding table to be used with the dynamic ARP inspection, and IP source guard that does not use DHCP [14]. IP source guard should be Configured on catalyst switches. The IP source guard (IPSG) feature uses DCHP snooping to prevent IP snooping on the network, by closely watching all DHCP IP allocations. The switch only allows valid IP address that has been allocated by the DHCP server to a particular port. This feature prevents an attacker from spoofing an IP address on the local segment. The default native VLAN value should be changed to thwart VLAN hopping. Most switches come
Pan African International Conference on Information Science, Computing and Telecommunications (2013)
eliminated with the use of existing security measures. Correct deployment of available security solutions can make VoIP a service with security level very close to those known from the PSTN, while keeping all its advantages, like advanced services such as user control, flexibility and lower costs. However, the biggest problem of VoIP system is that those security solutions are actually seldom deployed. This problem regards most of all, end users. The truth is that most of the users do not have any idea about VoIP security threats and countermeasures, and to make it even worse, they do not want to know. More serious threats to VoIP system may be realized due to weak end-devices protection or lack of encryption. Both are caused by users' lack of expertise and knowledge. It is, however, difficult to expect the user to be a specialist in VoIP technology just to make a phone call. Any service or application that is being offered in public network should be simple and the security taken care of by the provider. In the future researchers need to research on better VoIP security measure that does not involve the end user participation in the security process.
installed with a default native VLAN ID of VLAN 1. Because attackers can sometimes perform VLAN hopping attacks if they know the VLAN IDs ahead of time, it is usually a good idea to never use VLAN1 for any traffic. It is recommended to change the default native VLAN ID for all traffic going through the switch, from VLAN1 to something hard to guess [15]. D. Protecting a VOIP with Auxiliary LANs Voice and data networks should be segmented with logically separate VLANs. This will help restrict access to the phones and critical servers. A fundamental approach to protecting voice traffic from attackers is to place it in a VLAN separated from data traffic, this voice VLAN is often called an auxiliary VLAN. VLAN separation alone protects voice traffic from a variety of layer 2 attacks. For example, an attacker would be unable to launch a man-in-the-middle attack against the IP phone’s next-hop gateway. Such an attack will be mitigated, because the attacker’s PC would be connected to a data VLAN while the IP phone is connected to the auxiliary VLAN. [13].
ACKNOWLEDGEMENTS The authors would like to thank the High Impact Research of University of Malaya and Ministry of Higher Education of Malaysia (UM.C/HIR/MOHE/FCSIT/09) for their support.
VII. CONCLUSION & FUTURE WORK There are many security requirements, but from among them in this paper only a few most important ones have been chosen to describe VoIP networks: The bottom line of the security solutions analysis is, though there are some attacks that are extremely difficult to handle, most may be
Attack Mitigation Using auxiliary VLANs Using Firewall Employing VPNs
Table 2. Summaries of mitigating methods. Description Auxiliary LANs transport voice traffic in a different VLAN from data traffic. This improves voice transmission quality and assist in securing voice traffic from layer two attacks. Effective use of firewalls could prevent potential harmful traffic from entering a voice network while dynamically opening suitable UDP port number of distinctive RTP flows.
IPSec-protected Employing IPSec-protected VPNs to mitigate against voice signal and media packet interception or modification.
Disabling Web Access
To prevent attackers from using the web access to IP phone, to gain knowledge of other servers such as the DHCP server, DNS and UCM server IP addresses, the web access to IP phones should be disabled. By default this is usually enabled.
Disabling Gratuitous ARP
Disabling gratuitous ARP (GARP), can check against man-in-the-middle attack. This will prevent an attacker from sending unsolicited ARP replies to the IP phone’s next-hop gateway in the attacker’s PC MAC address
Disabling Unneeded Services
Unneeded services such as TFTP service on a UCM server that is not acting as a TFTP server should be disabled to close any potential security holes that might exist in a system.
108
Pan African International Conference on Information Science, Computing and Telecommunications (2013)
Figure 3 Summaries of Threat Taxonomy.
REFERENCES [10]
[1] A. D. Keromytis, "A Comprehensive Survey of Voice over IP Security Research," Communications Surveys & Tutorials, IEEE, vol. 14, pp. 514-537, 2012. [2] D. R. Kuhn, et al., "Security considerations for voice over IP systems," NIST special publication, pp. 800-58, 2005. [3] K. B. Otterstedt, "Risk analysis on VoIP systems," MSc thesis, University of Iceland, 2011. [4] Digital subscriber line. Available: http://en.wikipedia.org/wiki/Digital_subscriber_lin e [5] O. Eng, "Unclassified DSTI/ICCP/TISP(97)3/FINAL," 1998. [6] S. Niccolini, et al., "IP Telephony Cookbook," ed: TERENA, 2004. [7] P. Rowe, "VOIP-extra threats in the converged environment," Network security, 2005. [8] P. Hunter, "VOIP the latest security concern: DoS attack the greatest threat," Network security, vol. 2002, pp. 5-7, 2002. [9] E. Edelson, "Voice over IP: security pitfalls," Network security, vol. 2005, pp. 4-7, 2005.
[11] [12]
[13]
[14]
[15]
109
J.
Hong, "The state of phishing attacks," Communications of the ACM, vol. 55, pp. 74-81, 2012. D. Endler and M. Collier, Hacking Exposed VoIP: Tata McGraw-Hill Education, 2007. H. Abdelnur, et al., "Assessing the security of VoIP Services," in Integrated Network Management, 2007. IM'07. 10th IFIP/IEEE International Symposium on, 2007, pp. 373-382. M. Watkins and K. Wallace, "CCNA Security Official Exam Certification Guide (Exam 640553)," 2008. T. J. Walsh and D. R. Kuhn, "Challenges in securing voice over IP," Security & Privacy, IEEE, vol. 3, pp. 44-49, 2005. I. Dacosta, et al., "Security Analysis of an IP Phone: Cisco 7960G," in Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks. vol. 5310, H. Schulzrinne, et al., Eds., ed: Springer Berlin Heidelberg, 2008, pp. 236-255.
