Security Implementation And Performance Of Voip Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The voice enterprises continuously providing voice conversation services on over broad band by discovering the current market issues and network issues from past 20 years, the voice transition industry undergone various security and network issues to produce better quality voice service to transit on over broad band. The current voice market has been step up into the new level of voice protocols for providing VoIP services during low bandwidth, high level of data and voice transmission provisions.

The VOIP technologies allows to share the resource of WAN for supporting data and voice for saving the cost for transmission process. The VoIP provides many advantages to the enterprises, the migration of voice and telephone application form TDM switch network to IP packet switched network provides many advantages to enterprises during the migration of voice into IP application the enterprises need to provide security to the data applications.

However the enterprises need to identify the security issues and employee new techniques to protect against attacks. Security and QoS is a main aspect of VOIP system, the data on voice networks have been attacked by viruses, worms, DOS attacks and other unknown authentication users. The VOIP architecture is a complete network hierarchical structure which is compound with many of the networking devices, the design structure have to ensure that whether the components will cope the unwanted attacks. The protocol structure in a VOIP system is a more sensible factor due to the poor ambitious. Here we introduce the attacks on over VoIP system.

VOIP Overview

VoIP stands for Voice over Internet Protocol which is the mainly used in the transmission of voice communications through IP networks like internet, public switched networks. The concept of VoIP mainly targets of the transmission of voice based messages and applications by using different protocols and is transmitted via the internet.

The basic steps involved in the transmission of voice signals through the internet are:

Conversion of analog signal into digital format.

Compression and translation of the signal into Internet Protocol Packets for transmission over Internet.

VoIP systems adopt different session control protocols for commanding over the set-up, tear-down of calls and also different audio codec's which allow for encoding the voice signal and allow the transmission. These audio codec's may vary form system to system where some of them are based on the narrow band and some on the compressed speech where some other system may use high fidelity audio codec's.

Technologies used to implement VoIP:

H.323

IP Multimedia Subsystem (IMS)

Session initiation Protocol (SIP)

Real-time Transport Protocol (RTP)

1.1 Problem Definition

In the past days the VoIP security is a not a big concern the people were mainly concerned with the functionalities, cost and the usage, but the VOIP communication trend has been encouraged; the VOIP communication system widely accepted by the people; due to the high acceptance of VOIP system the security issues are main concern.

However the VoIP services are rapidly growing in the current voice communication system, many unauthenticated users and hackers are stealing the VoIP services and hacking the services from the service providers and re routing to their personal usage. Some of the security standards are not credential they only supports to authentication over calls, but the problem with the service theft.

The security concerns will affect on quality of the system, due to the security tools and security solutions will conflict on quality of service. The system will accept the security tools those tools shouldn't decrease the quality. The basic issue of the quality is firewall. The firewall will blocks the calls for security constrains it will not process the signaling which are allocated to the UDP ports. Due to the security issues on VoIP devices will consumes extra time for packet delivery and which consumes extra time during the call; so it may delay the packet delivery, due to the encryption and decryption mechanism will conflict the call time.

1.2 Objectives of the study

The basic objective of this is to detect source of attacked packet on over network

To formally define the network security problems and unauthorized access incidents

To define the most accredited security techniques and security methods

To evaluate the prototype system and packet feature mechanism

Email and other internet message are easily integrated with the voice applications

To support the multimedia applications, which provides less cost effective services for video conference, gaming

To supports a low cost, flat rate pricing on the voice communication over the

public Internet and Intranet services.

Sends the call signaling messages over the IP-based data Network with a suitable quality of service and much superior cost benefit.

Present offline message passing between the users by selecting a user from predefined offline user list

Present textual communication

1.3 Research Method

Apply cryptography techniques on VoIP System

Design asymmetric key distribution across network hosts

Provide authentication to the end users for accessing the VoIP services

Design secure VoIP Configuration system

Encrypt the VoIP Traffic on VPN technologies

attempt to separate VoIP traffic from normal data traffic using either VLANs or a completely separate physical network.

Enable authentication on SIP accounts.

Integration with external systems should be achieved using encrypted protocols and passwords

Internal Firewalls/ACLs should be configured to block telnet and http traffic from reaching voice VLANs or subnets.

1.4 SCOPE

This research analyzes the security and performance issues, it has to research on different security levels and represent various security challenges to modern VoIP system.

This research enhance security methods by analyzing the modern security challenges

To present various security methods; this security methods are explained in chapter -3 to analyze and investigate the security threats and define the solution for obtaining better performance

Balance VoIP security and performance by measuring the services and network traffic

To present VoIP protocols for secure data transmission

To illustrate the key distribution techniques and cryptography techniques for secure data transmission

1,5 Thesis Organization

Chatper-1: Introduction: General Introduction of VoIP, problem definition and Research methods

Chapter -2: Literature Review: Review of VoIP deployment and review of security issues and performance and VoIP security background and security challenges

Chapter -3: Security process: VoIP security process, managing of VoIP security and security process and define the security solutions

Chapter -4: VOIP security and performance: Demonstrate VoIP performance , balancing of security and performance of VoIP

Chapter -5: Analysis Report: security and performance analysis and investigation reports of VoIP security and performance and complete project report scenario

Chapter -6: Conclusion, Future Enhancement, References and Appendices

Chapter -2

LITERATURE REVIEW

Background

VoIP is a IP telephony which is used to deliver a voice on over internet; which stands for Voice over Internet Protocol which converts a voice signals to digital voice packets and transmit these packets on over network; for transmitting which uses Internet protocol for coordinating voice packets. VoIP can be deployed in different type of IP enabled networks such as Internet, wireless networks, Ethernet

VoIP is a telephony system which takes voice as a analog signals and which converts it into digital format and transmit on over network by using Intern protocol.

VoIP service Types

VoIP provides different types of voice service according to the communication media infrastructure; the most common services are as follows

Computer to computer based services

PC to phone and phone to PC based services

Phone to phone based VoIP services [1]

Computer to computer:

A voice exchange in between computer to computer, this type of communication provides free VoIP services which it requires related software applications such as gtalk[3], skype[2], messengers. In this services the users need to install same software's in their respective PC's and exchange their voices same as Peer to Peer services

PC to phone and phone to PC:

It is a combination of Internet and circuit switched telephone system. The VoIP application software receives the voice and hand over to the Internet protocol to communicate on over telephone network. VoIP services provide a services to communicate with phones by establishing VoIP network; an applications such as Skype, messengers are communicate to the phones by converting respective receiving and transmitting formats

In the Phone to PC services the user can communicate from phones to PC's; user can dial to PC's by calling like normal phones; in this services the PC IP address contains a phone number. The user can dial from phone to assigned PC IP address phone number; Skype is a best example for this kind of services, which allows users to purchase a VoIP services to communicate from phone to PC [2]

The most common devices in this services are

VoIP service providers

Modem

Internet services

ATA: Analog Terminal Adaptor which converts analog signals to voice signals and voice signals to analog singles

Phone to phone based VoIP services [1]: Now a day's this type of services are using in long distance calls; many communication service provide companies offering long distance calls in very abnormal price by utilizing the PSTN services

VoIP System

A Fig- 1 shows a typical VoIP network topology which is a combination of given equipments; the following equipments are

Gatekeeper

VoIP Gateway

VoIP Clients

Gatekeeper: A VoIP gatekeeper is a routing manager and central manager in a H 323 IP telephony environment. This is an option in a VoIP system which manages end points in a zone. VoIP gatekeeper is useful for managing calls, terminals and gateways. VoIP gatekeeper presents access control, bandwidth control and address translation.

Fig -1 : VoIP network Topology

VoIP gateway:

The VoIP gateway converts a voice calls into real time in between Public Switched Telephone Network (PSTN) and IP network. The basic functionalities of VoIP gateway are compression, decompression; signal controlling, packetization and call routing

VoIP clients: This equipment represents phones, multimedia PC's

Security Issues:

VoIP Phishing - How To prevent VoIP Phishing and avoided getting Trapped

You can do prevent VoIP Phishing at home and in your corporation and to avoid yourself and your associates from being keen as a Phishing victim.

What is VoIP Phishing and hoe it work

VoIP Phishing is a type of assault that lures the user into given personal information like phone number, credit card number, and passwords over a web site. Phishing over VoIP is become uncontrolled as VoIP makes Phishing easers for attacker.

Security thread in VoIP

While VoIP has become a one of the conventional communication technologies, VoIP user face a serious of security threads let's see this security issues.

Firewall

A firewall is software which is designed to protect the personal network from illegal access. A firewall usually blocks useless traffic from the outside to the inside of the network and so on.

Over look security

You must not look at only at the light side of VoIP. While it is revolutionizing voice and data communication, it does not symbolize some problematic security issues that need that need to be deal with accurately.

Quality of Service Issues

Quality of Service [4] is a fundamental operation of VoIP; if it delivers a good quality of services to the users which are more advantage to the users for saving money; rather than spending much money on other communication services. The Quality is an importance factor for VoIP services providers industries. In Certain level the security issues implementation can degrade the QoS. The security procedures such as firewalls and encryption techniques block the calls and delay the packet delivery.

The main QoS issues are

Latency

Jitter

Packet loss

Bandwidth problem

Latency:

Latency represents a delivery time for voice transmission from source to destination. The ITU-T Recommendation G.114 [5] establishes a number of time constraints on one-way latency .To achieve Quality of Service the VoIP calls must be achieve in a limited bound time.

The basic issues in latency are

Time spent on routers and long network distance

Security measures

Voice data encoding

Queuing

Packetrization

Composition and decomposition

Decoding

Jitter:

The non-uniform packets makes a packet delivery delay; which it is caused by insufficient bandwidth. The packets are in out of sequence order, for transmitting voice media it uses RTP protocol; this protocol are based on UDP so that it makes the packet in out of order sequence which degrades the QoS by not resembling the protocols at protocol level.

Packet Loss:

The packet loss increase the latency and jitter; where group of packets are arrived late will be discarded and allow new packets. The packet loss is associated with data network; due to the low bandwidth and high traffic which delays the packet delivery.

Bandwidth:

The low bandwidth delays a packet delivery which degrades the QoS by increasing the latency and jitter. The data on over network have to distribute into various nodes; the data have to transmit from one node to another node during this transmission if it encounter any problem which it can delays the packet.

The entire network design includes routers, firewall and other security measures. Certain time in the network path some of the nodes are unavailable at that time it doesn't deliver the packets to an end users.

VoIP protocols

There are number of networks that may be working in order to offer for VoIP communication service .In this part we will focus no which the common to the majority of device deploy.

Almost every device in the world use a standard called real time protocol (RTP) for transmitting of audio and video packets between the networks. RTP is defining by the IETF. The payload format of number CODECS are defined in RFC 3551 (The section "RTP profiles and pay load format specification" of RCF. These sections address items.). Though pay load format section are define in document also published by the ITU (International telecommunication union) and in others IETF RFCs. The RTP also deal with issues like packets order and give mechanism to help the address wait.

One of the areas of concern for people communicating over the net work or internet is the potential to the person to eavesdrop on communication. To address these security concern RTP was improve upon with the result called secure RTP (This document specifying an internet standards track protocol for internet community and request discussion and suggestion for the improvements).secure RTP provides for encryption ,authentication, and integrity of audio video transmitting communication over the network.

The protocol that is central to this process is referring to as call-signaling protocols the most popular of H.323 [7] and SIP.

H.323 and SIP Have their origins in 1995 as researchers looked to solve the problem of how to computers can indicate communication in order to exchange audio video files.H.323[7] enjoy the first commercial success due to this fact those who are working on the protocol in ITU[7] worked quickly to publish the first standard in the year 1996.

Basically, H.323 and SIP allow user to found multimedia communication like audio video and other communication. However H.323 and SIP ere different appreciably in design, with H.323 is very heavily form legacy communication system and begin in a binary protocol, and with SIP not adopting many of the information elements found in legal system and begin an ASCII-based protocol.

In the simplest operation, the SIP execution is surely easier to build up and troubleshoot .however there are very little genuine deployment that are easy. As result SIP proponents have define a number of non standard variations of SIP, as well as a number of non standard extensions in order to carry the essential information or provide the necessary functionality.

Now days H.323 still instructions the block of VoIP operation in the service of supplier market is for voice transportation. Particularly for transport voice calls globally.H.323 is also broader used in room-based video conference system?

SIP is more well-liked for use in instance messaging system, so there has been no commercial operation of SIP Based instance Messaging system through there have no victorious profitable operation of the SIP-based instance messaging.

Both H.323 and SIP can be referred to as "intelligent endpoint protocol". This means it is the all of the indulgency necessary to place the remote endpoint and to set up media stream between the local and remote device is an essential part of the protocols. There is another class of protocols which is balancing to H.323 and SIP referred to as device control protocol. These protocols are H.248 & MGCP.

TO know the reason of H.248 and MGCP it is an important to know the function of gateway . A gateway is a device that provides an IP interface and some sort of legacy telephone interface on the other side. The legacy telephone interface may be difficult, such as an interface to legacy PSTN switch, or may be easy interface that allow you to connect one of few more telephone connection. Depending upon the size and proposition of the gateway. It mat allows IP-originated call to finish the PSTN or may be simply provided that means for person to join to the telephone to internet.

Initially gateways were vied as monotonic plans that had call control (H.323/SIP) the hardware requirement to manage the PSTN interface. In 1998 the idea of splitting the gate way into two logical parts was proposed one part which contain the control logic, is called media gateway controller (MGC). Or Call Agent (CA) and the other part, which interfaces with the PSTN is called the media gateway (MG) with this functionality split; a new interface existed dividing the necessity to define MGCP and H.248.

Outside of H.323IP/SIP and H.248/MGCP, there is also non typical protocol introduce by a variety of companies that have been very victorious in the market. Skype is one of such company that has tremendously victorious using a proprietary protocol. Which protocol is best for you? It really dependent your necessities, but most public want to make a phone call.

It is also essential to keep in mind that, just as with every other new ability introduced in the world of ultra-modern, there always amazing new and better impending down to the rode. Currently the ITU (International Telecommunication Union) [7] is working on a new procedure that will have much more ability then either SIP/H.323. The new procedure is referred to as H.323 and is probable to enable voice, videos and data communication ability across a number of disconnect devices that work jointly, such as a mobile phone, a pc and even on TV.

Reasons for VoIP Deployment

There are two major reasons to use VoIP: lower cost than traditional landline telephone and diverse value-added services.

Cost Saving: This can be achieved by reusing the devices and wiring for the existing data network as most of the organizations already have their own networks. However, the most attractive reason to adopt VoIP maybe is dramatically reduced phone call cost. Soft phones such as Skype [8] enable PC-to-PC users can bypass traditional long-distance toll calls charge as voice traffic over the Internet, they only need to pay flat monthly Internet-access fee. Soft phones also allow a PC as a VoIP phone to call a mobile phone or a home line phone at a lower rate.

Advanced multimedia applications: Cost effective is only one of the good reasons to use VoIP. VoIP also enables multimedia and multi-service applications that increase productivity and create a more flexible work environment, e.g. real time voice-enabled conferencing systems that may include white boarding, file transferring, etc. which combine both voice and data features.

Challenges of VoIP

Though VoIP is becoming more and more popular, there are still some challenging problems with VoIP.

Bandwidth: Network availability is an important concern in network. A network can be broken down into many nodes, links, and generate a large amount of traffic flows, therefore, the availability of each node and link where we only concentrate the bandwidth of the VOIP system. An in a data network, bandwidth congestion can cause QoS problems, when network congestion occurs, packets need be queued which cause latency and jitter. Thus, bandwidth must be properly reserved and allocated to ensure VOIP quality. Because data and voice share the same network bandwidth in a VOIP system, the necessary bandwidth reservation and allocation become more difficult. In a LAN environment, switches usually running at 100 Mbps (or 1000 Mbps), upgrading routers and switches can be the effective ways to address the bandwidth bottlenecks within the LAN.

Power Failure and Backup Systems: Traditional telephones operate on 48 volts and supplied by the telephone line itself without external power supply. Thus, traditional telephones can still continue to work even when a power failure occurs. However, backup power systems required with VOIP so that they can continue to operate during a power failure. An organization usually has a uninterruptible power system (UPS) for its network to overcome power failure, [9]

Security: As VoIP becomes more and more popular, the security issues relate to VoIP network systems are also increasingly arising [10]. W. Chou [11] analysis the different aspects of VoIP security and gives some suggested strategies to these issues. In reference [12], the authors also outline the challenges of securing VoIP, and provide guidelines for adopting VoIP technology.

Soft phone: Soft phones are installed on computers thus should not be used where security is a concern. In today's world, worms, viruses, Trojan houses, spy wares and etc are everywhere on the internet and very difficult to defend. A computer could be attacked even if a user does not open the email attachment, or a user does nothing but only visit a compromised web site. Thus use of soft phones could bring high risks for vulnerabilities.

Emergency calls: Each traditional telephone connection is tied to a physical location, thus emergency service providers can easily track caller's location to the emergency dispatch office. But unlike traditional telephone lines, VoIP technology allows a particular number could be from anywhere; this made emergency services more complicated, because emergency call centers cannot know caller's location or may not possible to dispatch emergency services to that location. Although the VoIP providers provide some solutions for emergency calls, there is still lack of industry standards in a VOIP environment.

Physical security: Physical security for VoIP networks is also an important issue. An attacker could do traffic analysis once physically access to VoIP. Servers and gateways, for example, determine which parties are communicating. Therefore, physical security policies and controls are needed to restrict access to VOIP network components. Otherwise, risks such as insertion of sniffer software by attackers could cause data and all voice communications being intercepted.

Wireless Security: Wireless nodes integrated in VoIP network is getting more and more common and popular [13]. Wired Equivalent Privacy (WEP) security algorithm for 802.11 wireless networks is very weak because WEP can be cracked with publicly available software. Due to the weakness of the WEP, more recent WiFi Protected Access (WPA and WPA 2) which administered by the Wi-Fi Alliance provides significant security improvements, the WPA protocol can be integrated with wireless technology in VoIP.

References

[1] D. Rizzetto, & C. Catania (1999). A Voice over IP Service Architecture for Integrated Communications. IEEE Internet Computing, Volume 3, Issue 3, Pages: 53 - 62.

[2] Skype official website: http://about.skype.com/

[3] Google Talk URL: http://www.google.com/talk/

[4] W.C. Hardy, VOIP Service Quality: Measuring and Evaluating Packet-Switched Voice, McGraw-Hill, 2003.

[5] International Telecommunications Union. ITU-T Recommendation G.114 (1998): "Delay".

[6] B. Goode, "Voice Over Internet Protocol (VOIP)". Proceedings of thee IEEE, VOL. 90, NO. 9, Sept. 2002

[7] ITU-R Rec. H.323 (1999). Packet-Based Multimedia Communications Systems.

[8] V. Theoharakis, & D. N. Serpanos (2002). Editors, Enterprise Networking: Multilayer Switching and Applications. Idea Group Publishing, Hershey, PA, USA

[9] S. Zeadally, F. Siddiqui, & P. Kubher (2004).Voice over IP in Intranet and Internet environments. Communications, IEE Proceedings, Volume 151, Issue 3, Page(s): 263 - 269

[10] P.C.K. Hung, & M.V. Martin, (2006) Security Issues in VOIP Applications. 65 Electrical and Computer Engineering, CCECE '06, Page(s):2361 - 2364

[11] W. Chou, (2007). Strategies to Keep Your VoIP Network Secure. IT Professional Published by IEEE Computer Society, Volume 9, Issue 5, Pages 42-46.

[12]. T.J. Walsh, & D.R. Kuhn, (2005). Challenges in securing voice over IP. IEEE Security & Privacy, vol. 3, no. 3, pp. 44- 49.

[13] D. Butcher, L. Xiangyang, & G. Jinhua, (2007) Security Challenge and Defense in VoIP Infrastructures. Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions, Volume 37, Issue 6, Nov. 2007 Page(s):1152 - 1162

CHAPTER -3

Related Work

3.0 Security Studies

Voice over IP (VoIP) is a one of the most challenging technology in today's market. The importance of VoIP is rapidly growing, many vendors introducing VoIP services with advanced technologies for improving quality of services and security. In this chapter I am discussing about security models and security process.

3.1 VoIP Security Process:

Security for VoIP devices and VoIP network is a complex process, securing of VoIP protocols and data streaming invokes at many stages. The most common VoIP vulnerabilities are as follows.

Software Related:

Device related

Protocol related

System Configuration related

Application level attacks

3.1.2 Software Related Vulnerabilities:

The basic flaws in software vulnerable are operating services and functions problems and quality, operating system interface and administrations. Software application interfaces, software application logic.

Software applications

Application interfaces

3.1.3 Device Related Vulnerabilities:

One of the most common security threats effects on VoIP hardware devices. In early days the most of the VoIP systems are designed with limited energy power, computing power. Due to the heavy competition in the market many vendors are keeping low cost, they are designing with low cast VoIP hardware devices but due to the changes of software applications, other system infrastructure the system need to regularly updates the device.

The most common hardware devices in VoIP are

PC's

Telephone adaptors

Modems

VoIP phones

3.1.4 Protocol Vulnerability:

The main protocols in VoIP are H.323 and SIP (Session initiation protocol), these two protocols are commonly used in VoIP hardware system. These protocols overwhelmed with security issues. SIP protocol is a complex protocol which maintains the security in SIP RFC. In SIP the network address translation crack security and which doesn't examine firewalls.

SIP Vulnerabilities Overview

The below figure shows a SIP call flow using SIP and UDP protocols, user can send a voice call through proxy server, the proxy server sends SIP and UDP/TCP protocols to user received proxy server, here the Session Initiation Protocol (SIP) is a complex and which is a format protocol which is combination of.

Fig 3.1 SIP Call flow

Common vulnerabilities in SIP are as follows

Eavesdropping

Flood-based Denial of Service (DoS)

Registration manipulation

Application man-in-the-middle attacks

Replay attacks

RTP attacks

3.1.4.1 Eavesdropping

This will interrupt the voice conversation due to an attack of unauthorized agents and this will occur with the staling of information, they will theft the information of user id, password and phone number and they will use this voice services. The basic constraints for eavesdropping are intercepting packets or by connecting unauthorized IP phones to VoIP systems.

3.1.4.2 Distributed DoS or DoS Attacks

DoS attacks degrade the network services by attacking on VoIP devices and network system. The DoS attack denial the services by interrupting the internal devices and network operations and which consumes network bandwidth to degrade the services

The services of VOIP system are vulnerable to the DoS attacks in two aspects:

The VoIP system is hierarchical internal device system, which designed with many devices if one device fail which could bring to halt entire system.

The VoIP system uses multiple protocols for transmission purpose, every protocol have unique functions if one protocol services halts which could affect on the entire system.

3.1.4.3 Unauthorized Access

VoIP handsets can be locally configured, and have default administration credentials which are easily found on the internet. With these credentials users can change their extension number, codec settings, and much more.

3.1.4.4 Man in the middle

The VoIP system particularly degrades the services due to an attack of middle attackers, the attacker interrupts call-signaling SIP message traffic, they will hijack the call service providers and re direct the calls via redirection servers. They tamper the calls by injecting the noise protocols on signal stream which reduce the quality.

3.1.5 System Configuration Vulnerabilities

The VoIP servers are the most important component of VoIP system; it basically handles the voice calls. There are many attacks on VoIP server the attacker will take control on over VoIP server by switching toll fraud mechanism. The server system mainly maintains all the call details records. [1]. The VoIP server deals with CDR database, the attacker can attack it's off shelf records and can changes the record details.

VoIP network configuration is a major concern, during any VoIP deployment several network security aspects are considered during call transmission, the attacker spoofs an IP address of caller and can take control on their communication network and makes to interrupt the services.

3.1.6 Application-Level Attacks

In VoIP architectures the attacks comes on specific devices and functional components and protocols. Attacks targeted specifically toward VoIP applications include registration hijacking, illegal teardowns, register floods, call floods, malformed packets, harassing calls and spam over Internet telephony (SPIT). By this definition, toll fraud also constitutes an application-level attack.

Of particular concern for VoIP network managers are (Session Initiation Protocol) SIP attacks. SIP is a session and call control protocol, components of which are used by standards-based IP PBX and IP telephone systems. In addition to the standard IP vulnerabilities, SIP brings other risks. While the Internet Engineering Task Force (IETF) has made great strides over the past few years in developing the protocol, a great deal more definition remains before SIP can be considered mature. SIP also ranks high among IP protocols in complexity and extensibility. Finally, like HTTP and SMTP, SIP is text-based. While these characteristics may bestow various advantages to SIP in terms of elegance, durability and utility, they also render the protocol vulnerable to application-level attacks. SIP sessions use at least three port numbers, only one of which is static which makes it a little more challenging from a security perspective.

The common application level vulnerabilities

Call hijacking

Eavesdropping

Toll fraud

Message integrity

Call hijacking: Attacker hijacks a call by spoofing SIP response and specifies rouge SIP address

Eavesdropping: The victim will sniff the VoIP network traffic and decode a voice conversation on over VoIP LAN.

Toll Fraud: Victim imitate or take control on VoIP calls and access valid users calls for making free long distance call by attacking on valid VoIP user network and control that network for its personal usage.

Message Integrity: Attacker attack on communication network in between two end users and make interruption on communication network by attacking on communication network.

3.2 Security Attacks and Threats

This section presents the security attacks and threats on VoIP systems and Non -VoIP systems such as PSTN.

3.2.1 The most common threats and security attack on non VoIP system are as follows

Wire tapping

Toll fraud

Modems

3.2.1.1 Wire Tapping:

Wire tapping is a process of tapping of telephone conversation; it's a process of monitoring voice conversation by using physical telephone cable. This process can be carried out with internal circuit switch, if we identify the internal switching circuit the earpieces will retrieve conversation, the VoIP basically transmit voice packets so it's little tough to deal this process

3.2.1.2 Toll Fraud

The attackers gain control on communication system for making free calls without paying any call cost by manipulate PBX's, Intensive response system and by using Dual Tone Multi-Frequency (DTMF) tones. The attackers detect communication lines and codes for making free calls using war dialing. The war dialing scans a telephone numbers to gain access on computer network by using telephone line.

3.2.1.3 Modems

In VoIP system the dialup modems are used in VoIP networks, the users gain control on access network by dialing on modems, the modems will plug in to VoIP network to system devices, the dial up modems are venerable to attacks; it's a mandatory to take a precaution on dial up modems.

3.2.2 Security attacks and threats in VoIP Systems

The most commons security attacks and threats are like this

Man in the middle attack

Eavesdropping

Denial of Services

Spam

3.2.2.1 Man in the middle attack: In this attack the attackers gain control on accessing system, the attacker can access system, they can read messages and interrupt the message at both ends by entering attacked links and interrupt the processing link. The unauthorized person can obtain source information by manipulating communication path and hijacking the call sources. In this attack the attacker intercept the calling signaling SIP message. The attacker observer intercept message at both end sides to obtain communication link and gain command on communication link. The message has been compromised with an effect of this attack.

3.2.2.2 Eavesdropping

In this attack the attacker's listens telephone conversation, which intercepts the network communication link. In these attacks the attacker steals the sources information and which allows an attacker to gain control on network and over voice mail. In this attacks the attacker monitors call signaling process and gains control on networks and obtain source information.

3.2.2.3 Denial of Services

Dos is the most serious type of attack in VoIP network system, This kind of attacks disrupt the VoIP system services, this attack take command on VoIP system they destroy the services of network link connection, turning of IP phones and disable the switching router. The most common DoS attacks are flood based attack and Flaw Dos attack.

Flood Based Attack: This type of attacks occurred when target VoIP component system processing a large number of packers which have been sent from attacker, the attacker will send large number of attacking packets to target component for destroying the services. The target process keeps on processing only on attack packets rather than correct packets. The attack packets are incorrect and which contains incorrect commands, this attacks packets destroys the target component.

In below diagram the attacker generates packets and sends these packets to target components. Here the target components are IP telephone, IP PBX and media gateway. These target components process the attacks packets; these attack packets destroy the target components.

Fig 3.2 Flood DoS

Flaw DoS attack: This attack occurs during processing of attack packets in VoIP component, attacker sends sequence of packets to VoIP component to implement flaws. This target packets are destroys target components, this takes much time to process this attack target packets.

3.2.2.4 Spam over VoIP

This are vulnerable to VoIP system we can also represent this as spam over internet telephony. The spam attacks disable the VoIP system services, here the user receives unwanted calls this unwanted calls destroy the VoIP component system. This attack destroys VoIP gateway and which degrade the VoIP quality of services.

3.3 VoIP security Requirements

The basic idea of VoIP security requirements is to provide a security to VoIP system resources, network resources, protocol security and application resources. The security is based on application request and signaling protocols. This process will configure security requirements to VoIP system for representing secure call services.

The most common security requirement approaches are

To provide high level security and high level performance during managing voice calls

To provide security to signaling protocols

To manage encrypted call signaling and traffic

Firewall control for Dynamic per call

Bandwidth Control for managing Dynamic call

NAT Traversal

To handle encrypted VoIP traffic

Signaling protocol compatibility

End users media traffic

3.3.1 Firewall Control:

This security solution employs firewall to control victims and to control network for protecting network resources, which allows only authenticated users and enables pin holes for dynamic opening and closing per calls and separate network structure into multiple security zone for handling data and voice calls.

3.3.2 Dynamic call Bandwidth control

The VoIP network need to mange huge network traffic during call transmission which efficiently manage bandwidth. The basic concern of these requirements is performance and quality of services.

The basic concerns of this security requirement are

To allocate proper bandwidth per call

To divide a network bandwidth during managing multiple calls

To allocate bandwidth call on over wide area network links

To increase system throughput by minimizing additional network traffic

3.3.3 Network Address Translation (NAT) Traversal:

NAT traversal are required for VoIP deployment, the deployment of NAT in between public and private address space can cause network deployment this problem resolve by communicating with IP PBX on a per call basis.

3.3.4 Signaling protocol handling

Here it needs to employee protocol security, the VoIP system employees various signaling protocols. The purpose of this protocol is for voice signals, call record and provide key events to manage a call. The most common signaling protocol are SIP and H.323 protocols.

3.3.5 To manage encrypted VoIP traffic

To provide high end security to voice calls, it employees encryption technique to encrypt the VoIP network traffic, the call encryption will protect the call information and it will encrypt the network traffic against attackers.

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.