Security Related Information On Voip Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

In the earlier days, there was no much concentration on the security related information on VOIP. They considered only functionality, reliability and cost related issues. But security is the most important concept as VOIP becomes very popular and used by so many people. And providing security is the one of the major issue.

Before VOIP, we had one more technology called plain old telephone system (POTS) which fails to provide security over it. If we consider the VOIP, we consider the following:

Service theft is one of the global research areas and which is a type of attack that disturb or steals the service form the provider. Here encryption is the technique hat used in SIP; it controls security by providing authentication service over the VOIP calls. So user must aware of information or data theft.

It is the technique that hacker can steal the user credentials and information. In this process a third party service will maintain all the information like names, password and other sensitive data then it allows to capture control over the back ground information like calling plan, call forwarding, voice mail system and billing information. By stealing the credentials we can able to make calls with any cost and get important data in business sector.

A hacker can able to change calling plans and predefined packages that are in the network and make all illegal activities by using the user account.

It is act like a trust worthy organization and asking for the credential information and sensitive data like bank account information. Here data can be grabbed in middle and act like actual service.

VOIP uses soft phones or micro phones to communicate with the other system. It is just like software application which faces worms, viruses and malwares. Soft phone applications are run in the user systems and caused to inject the malicious code over the voice application.

Denial of service (DOS):

Denial of service is an attack by making service unavailable to the required user. This can be achieved by handling its bandwidth or by making the network overload or the devices internal resources.

In VOIP, attacks are carried by flooding the destination by making unnecessary SIP call, messages. Then it will degrade the service and halt the service process.

SPIT (Spamming over Internet Telephony):

In general spamming is the process of sending he mails with out people will. This is the new trend that is being made on the voice protocol. As per the standardized protocol structure and community every VOIP consist its IP address. So it is easy to send the messages by gaining the IP address of each every user. It may be contain some malicious code which effects on the users system.

Call tampering:

As the name suggests call tampering is the attack that tampers the phone call. By using this attack we can able to destroy the call quality by injecting some malicious sounds or noisy data packets.

Man-in-the-middle attacks:

VoIP is particularly vulnerable to man-in-the-middle attacks, in which the attacker intercepts call-signaling SIP message traffic and masquerades as the calling party to the called party, or vice versa. Once the attacker has gained this position, he can hijack calls via a redirection server.

Figure: voip connectivity [1]

Methodology for providing the advanced security features:

Till now, VOIP is widely used by the people and satisfied with its attractive features and no one ready to focus on its security issues. But it very important to focus on the security to over come the problems in future trends. VOIP is usage is speeded all over the world, so we must aware of security attacks.

VOIP traffic over the internet is not encrypted, so any third party can listen the conversation with out permission by decoding the sound waves. Unauthorized interception on audio streams then decoding by the different methods can make unsecured. It is like capturing the sensitive data like credit card number that are told in telephone call.

VOIP traffic is classified as call signaling, call control and media communication. Based on the VOIP protocol and its policies, communication channels are varying. Channels are network connections (TCP/UDP) among the network terminals. In security view, all the connection must be secure in terms of authentication and encrypted. Some of the mechanisms are as follows:

Authorization

Authentication

Transport Layer Security (TLS)

Media encryption (SRTP)

VOIP call processing and call control management system can be provided with security in terms of authorization, authentication and transport layer security.

Authorization

Authorization is the major security factor implies that one devices might be configured as to allow traffic from limited group of IP addresses which already selected before. This mechanism prevent from the denial-of-service attacks.

Authentication

Authentication process require at least two communicating devices which are VOIP devices to authenticate each other. Then it starts the communication process after checking the authentication. This communication process may follow some mutual understandable process like secret key cryptography or stegnography.

Transport layer security:

Transport Layer Security (TLS) provides a secure communication medium between two communicating parties. The major goals of transport layer security protocol are to provide data integrity and privacy between the systems. This protocol facilitates the client server application interaction to prevent eavesdropping, message forgery and data tampering. If a device is incorporate with the transport layer security protocol then it only allows secure SIP signaling process to other devices. For this client must set up TLS/SSL connection with server and interchange encrypted SIP specified messages on secure communication channel. This entire communication makes the secrecy between the server and clients which makes difficult to hack the data from the different techniques like eavesdropping.

Media encryption:

Media communication is making secure by providing encryption mechanism over it. VOIP devices can encrypt the audio packet data through SRTP (secure real time transport protocol). SRTP is the works on RTP which add the features like message authentication, confidentiality of data and reply protection.

SRTP is ideal for protecting Voice over IP traffic because it can be used in conjunction with header compression and has no effect on IP Quality of Service. It creates a unique key stream for each RTP packet, therefore making it almost impossible for eavesdroppers to retrieve the original RTP stream from the encrypted SRTP stream.

SRTP also provides replay protection, which is undoubtedly important for multimedia data. Without replay protection it would be possible for an adversary to perform simple manipulations on data and subvert security. For example, in a voice application, the phrase "yes" could be substituted for "no" if replay protection is not present.

SRTP achieves high throughput and low packet expansion by using fast-stream ciphers for encryption, an implicit index for synchronization, and universal hash functions for message authentication. SRTP proves itself to be a suitable choice for the most general scenarios as well as the most demanding ones.

The main security goals of SRTP are to ensure the confidentiality of the RTP payload, the integrity protection of the entire RTP packet (including protection against replayed RTP packets), and implicit authentication of the header

By using 'seekable' stream ciphers, SRTP avoids the denial of service attacks that are possible on stream ciphers that lack this property.