Security Related Information On Voip Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

In the earlier days, there was no much concentration on the security related information on VOIP. They considered only functionality, reliability and cost related issues. But security is the most important concept as VOIP becomes very popular and used by so many people. And providing security is the one of the major issue.

Before VOIP, we had one more technology called plain old telephone system (POTS) which fails to provide security over it. If we consider the VOIP, we consider the following:

Service theft is one of the global research areas and which is a type of attack that disturb or steals the service form the provider. Here encryption is the technique hat used in SIP; it controls security by providing authentication service over the VOIP calls. So user must aware of information or data theft.

It is the technique that hacker can steal the user credentials and information. In this process a third party service will maintain all the information like names, password and other sensitive data then it allows to capture control over the back ground information like calling plan, call forwarding, voice mail system and billing information. By stealing the credentials we can able to make calls with any cost and get important data in business sector.

A hacker can able to change calling plans and predefined packages that are in the network and make all illegal activities by using the user account.

It is act like a trust worthy organization and asking for the credential information and sensitive data like bank account information. Here data can be grabbed in middle and act like actual service.

VOIP uses soft phones or micro phones to communicate with the other system. It is just like software application which faces worms, viruses and malwares. Soft phone applications are run in the user systems and caused to inject the malicious code over the voice application.

Denial of service (DOS):

Denial of service is an attack by making service unavailable to the required user. This can be achieved by handling its bandwidth or by making the network overload or the devices internal resources.

In VOIP, attacks are carried by flooding the destination by making unnecessary SIP call, messages. Then it will degrade the service and halt the service process.

SPIT (Spamming over Internet Telephony):

In general spamming is the process of sending he mails with out people will. This is the new trend that is being made on the voice protocol. As per the standardized protocol structure and community every VOIP consist its IP address. So it is easy to send the messages by gaining the IP address of each every user. It may be contain some malicious code which effects on the users system.

Call tampering:

As the name suggests call tampering is the attack that tampers the phone call. By using this attack we can able to destroy the call quality by injecting some malicious sounds or noisy data packets.

Man-in-the-middle attacks:

VoIP is particularly vulnerable to man-in-the-middle attacks, in which the attacker intercepts call-signaling SIP message traffic and masquerades as the calling party to the called party, or vice versa. Once the attacker has gained this position, he can hijack calls via a redirection server.

Figure: voip connectivity [1]

Methodology for providing the advanced security features:

Till now, VOIP is widely used by the people and satisfied with its attractive features and no one ready to focus on its security issues. But it very important to focus on the security to over come the problems in future trends. VOIP is usage is speeded all over the world, so we must aware of security attacks.

VOIP traffic over the internet is not encrypted, so any third party can listen the conversation with out permission by decoding the sound waves. Unauthorized interception on audio streams then decoding by the different methods can make unsecured. It is like capturing the sensitive data like credit card number that are told in telephone call.

VOIP traffic is classified as call signaling, call control and media communication. Based on the VOIP protocol and its policies, communication channels are varying. Channels are network connections (TCP/UDP) among the network terminals. In security view, all the connection must be secure in terms of authentication and encrypted. Some of the mechanisms are as follows:

Authorization

Authentication

Transport Layer Security (TLS)

Media encryption (SRTP)

VOIP call processing and call control management system can be provided with security in terms of authorization, authentication and transport layer security.

Authorization

Authorization is the major security factor implies that one devices might be configured as to allow traffic from limited group of IP addresses which already selected before. This mechanism prevent from the denial-of-service attacks.

Authentication

Authentication process require at least two communicating devices which are VOIP devices to authenticate each other. Then it starts the communication process after checking the authentication. This communication process may follow some mutual understandable process like secret key cryptography or stegnography.

Transport layer security:

Transport Layer Security (TLS) provides a secure communication medium between two communicating parties. The major goals of transport layer security protocol are to provide data integrity and privacy between the systems. This protocol facilitates the client server application interaction to prevent eavesdropping, message forgery and data tampering. If a device is incorporate with the transport layer security protocol then it only allows secure SIP signaling process to other devices. For this client must set up TLS/SSL connection with server and interchange encrypted SIP specified messages on secure communication channel. This entire communication makes the secrecy between the server and clients which makes difficult to hack the data from the different techniques like eavesdropping.

Media encryption:

Media communication is making secure by providing encryption mechanism over it. VOIP devices can encrypt the audio packet data through SRTP (secure real time transport protocol). SRTP is the works on RTP which add the features like message authentication, confidentiality of data and reply protection.

SRTP is ideal for protecting Voice over IP traffic because it can be used in conjunction with header compression and has no effect on IP Quality of Service. It creates a unique key stream for each RTP packet, therefore making it almost impossible for eavesdroppers to retrieve the original RTP stream from the encrypted SRTP stream.

SRTP also provides replay protection, which is undoubtedly important for multimedia data. Without replay protection it would be possible for an adversary to perform simple manipulations on data and subvert security. For example, in a voice application, the phrase "yes" could be substituted for "no" if replay protection is not present.

SRTP achieves high throughput and low packet expansion by using fast-stream ciphers for encryption, an implicit index for synchronization, and universal hash functions for message authentication. SRTP proves itself to be a suitable choice for the most general scenarios as well as the most demanding ones.

The main security goals of SRTP are to ensure the confidentiality of the RTP payload, the integrity protection of the entire RTP packet (including protection against replayed RTP packets), and implicit authentication of the header

By using 'seekable' stream ciphers, SRTP avoids the denial of service attacks that are possible on stream ciphers that lack this property.

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.