This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Voice over internet protocol is communication technology that brings new possibilities over the traditional telephone systems. The VoIP transfers the voice in terms of audio
Packets. VOIP uses internet protocol to transmit the voice as packets. So the VoIP can exist on any kind of network such as internet, intranet, and Local area network.
In terms of different data transfer protocols such as HTTP, SMTP, POP3 VoIP uses different types of protocols such as H.323, Real-time transport protocol, Session initiation protocol, Media gateway control protocol
Implementation of the VOIP:
In the given network the company has been used the digital private automatic branch exchange in order to perform all the VOIP functionalities .Here the PABX converts the analog signals in to digital signals and transfer the voice signal across the phones over the entire network.
In the work station there is a voice switch of standard twisted-pair Ethernet. Here the voice switch even provides power to the devices over the network.
The following are the VOIP services provided over the network:
Here the services provided by VOIP are handled by the voice switch and Digital PABX. Now the data travels from the external border router to the firewall F1and it reaches the switch and it separates the Voice and Data. The Digital PABX converts the analogsignal in to digital signal
The streaming rate of the VoIP is 4.5 kb/s.
The VOIP apart from voice services it also provides the digital fax machine in the given network. The data is transferred in the form of voice signal.
The following are the two t fax transmissions codec's
1) Uncompressed faxing over G.711
2) Compressed faxing with T.8
The following are the advantages by implementing VOIP in between the Myertor and the client network.
Here by implementing the VOIP service in between her Myertor and the client network we can reduce the communication costs.
The phone calls as well as data can be transferred in between Myertor and the client Steeltec in the existing network
The call costs where low compare to the traditional phone lines& we can also call pc-pc calls for free any where in the world.
In VOIP various features where provided such as call forwarding, call waiting, Voice mail, caller id, conference etc.
It also provides facilities like Fax; here the data is converted in to voice signal and transmitted over the network.
The major advantage of VOIP is that we can make a call simply by signing in to the account.
Continuous service during power failures and emergency calls are the main disadvantages for the VOIP phone.
Voip suffers from sound quality and reliability. Data send across the internet reaches the destination in scrambled order as the VOIP works in real time it causes problem and it leads to audio drop out.
VoIP protocols with session and media traffic
In order to set up a call, the VoIP takes help of few SIP proxy/Register and H.323 gate keeper/gateways severs
The Session initiation protocol and H.323 are primary protocols for VoIP in the
Real time protocol is used for carrying the media streams at the media layer.
IAX is used to set up a session and voice transfer.
In order to set up a session either h.323 or sip can be used, where as both of them uses RTP for media stream.
Here both h.323 and sip can set up a session but does in different ways where h.323 uses different sub protocols like h.245, h.450, h.225, h.460 and sip is having methods like forward , Register, lookup, Bye, Invite such as HTTP. Here when the phone call has been setup both h.323 and sip uses rtp for media stream.
Methods and protocols
Methods like forward, Register, lookup, Bye, Invite
Sip proxies, Sip Registrar
H.323gatekeeper and gate way.
Inter asterisk exchange protocol is used between two Asterisk servers where it performs session set between two end points ,here it does not use RTP as it performs the media stream itself .
The sip works same as http; In order to perform specific action the sip invokes different methods.
The following are few sip methods
It was send from one end user to the other user in order to confirm the receipt of a message
This method invites a user agent to a call and this request is send from one user agent to another agent to initiate a call. This passes through source user agent to the destination user agent from various supporting servers like Redirect servers, proxy servers and registrars
This method registers the source user agent and is used in order to find the sip server location
This request can be send by the source user agent to cancel the previous valid request
This request is used to end up a session or an existing call.
This is used to know the supporting methods or the capabilities of proxy server. When this request is send from user agent to proxy server it responds with list of methods that proxy server supports
Apart from the various functionalities provided by voip it is also having many security flaws in session setup by using the Sip and h.323
User name enumeration
Man in the middle attack
Spoofing registers and proxy servers
Denial of service attack
User name enumeration:
Here the attacker gains the information of a voip account holder either by sending illegal commands to sip proxy server or by sniffing the network.
The user agent sends some uri to the server in order to perform required authentication. Hence the url passes in plain text through the authentication server and the source end user the data can be sniffed.
Man in the middle attack:
This attack can be done by using DNS spoofing or by ARP cache poisoning. Here the attacked identifies the authentication request send by the source user agent to the server by monitoring the network
1) Here the attacker identifies the authentication request and block the original request send by the source user agent.
2) Later he sends his own request to the authentication server.
3) In return the server sends a response to the given request. Now the attacker sends the given request to the source user agent.
4) Now the source user agent sends hash value which is the password to the attacker thinking that he was the sip server.
Now the attacker can use the hash value to authenticate by sending it to the sip server.
Here in this registration hijacking the attacker modifies the contact field available in Sip header.
The registration hijacking applies the same technique of spoofing where the attacker modifies the contact filed in Sip header and claims that it was a different user agent.
In order to have a perfect connection or to identify the original user the user agents registers with the Sip registrar. Hence it contains all sort of information like IP address etc. Now this information can be used by the sip proxy servers to invite request to the correct hard phone or the soft phones.
For example if a user tom wants to hijack the registration of a user Paul he simply modifies the IP address 192.168.10.11of Paul with his own IP address 192.168.11.12.Now the tom can perform the spoofing technique on the register request with his ip address .Here in the contact list Paul name is mentioned and in contact field tom's name is present.
Denial of service:
Like many other applications VoIP is also vulnerable to the dos attack. Here in sip the dos attack can be done by spoofing a Bye message. Generally a Bye message is an indicate to end up a call.
Here the attacker spoofs the bye message and can terminate any calls in between the conversation.
Denial of service-Register:
Here Dos attack takes place through Register method .When the user agent sends a request it invites to the non existing IP address, hence it is a non existing ip address there won't be a reply and hence the call will be fail.
Denial of service - Un-Register:
Here the Dos attack takes place through un-Registering sip user agents. Usually the user agent where registered to the sip servers.
Now the attacker places an expired value in the sip header for example if the attacker places a zero value instead of 3600 to 7200.Now if the use agent sends a request to the sip server immediately the sip server un-register the user agent.
Here the VoIP with session initiation protocol is vulnerable to the password cracking .The attacker can gain the password of the registered users by using brute force attack or dictionary based attack depending up on the strength of the password. The dictionary based attack can be done on user's laptop when the password is of dictionary words.
In H.323 VoIP network the gate keepers, gateways, media proxies, authentication H.323 end points, H.323 gate keeper registers are the important key parts and devices. They store all sort of information in the data base of all registered H.323 clients on the network.
The H.323 gateways are the devices that route calls from one gate keeper to the other.
The following are the main security aspects in H.323
A particular device on the given network can effectively enumerate by using a port scan.
In the given table list the ports that the H.323 devices or end point can listen on.
Dynamic or static
Gate keeper discovery
Gate keeper RAS
H.323 call setup
Here in the H.323 end point devices uses three different methods of authentication services. They are Password hashing, Symmetric encryption and Public key.
It shares a shared secret in between H.323 end points and gate keepers. The end point is having a Generic id along with receivers General ID& time stamp .Now a random number is encoded by the shared key and the crypto token is send to the device.
Now the device performs the required function and checks the match whether it has been register successfully or not.
Here the end points use a user name (generic id) and a password (H.225) for H.323 devices like media proxy and gate way.
The password is not send in a plain text over the network, it is hashed by using md5 algorithm.
The username, password and timestamp are ASN.1-encoded individually and they are combined to create an ASN.1 buffer.
Now it is hashed using MD5 and forwarded to the gatekeeper.
In this authentication process the model uses certificates instead of shared secret keys. This method is more secure and authenticated but it is more complex due to issuing of certificates at each end points.
H.323 end points use RAS (H.225) for security items such as registration functions and authentication. In order to ensure that the devices are registered the gate keepers and gate ways discuss with each other by using the services provided by Registration Admission status.
Hence H.225 registration process protects the password against the common sniffing attacks because the data transfers in authentication form.
Apart from this H.323 protocol was vulnerable to many security attacks such as
User name Enumeration
Password retrieval (dictionary attack)
End point Spoofing
E.164 alias enumeration
Dos-Host unreachable packets
Dos-H.225 non standard message
User name Enumeration:
When authentication is required in between H.323 end point and gatekeeper the H.323 send its username and password to the required device. Here the attacker can simply sniff the network and gain the username and password as the data is transferred in simple plain text. Even the person can perform man in the middle attack and capture the usernames and passwords from the local subnet.
In H.323 protocol the username and password is encrypted along with time stamp with A.SN.1 buffer code. Hence the data was not transferred in plain text format the attacker can use offline brute force attack to gain the passwords.
In H.323 it was very simple to perform a reply attack. Here the md5 hash from end user to gate keeper is capture by the attacker and reply it back to the gate keeper. Now this allows the attacker to authenticate the H.323 client.
End point spoofing:
E.164 alias is a phone number plan which is used to identify the H.323 end points on the network.
Hence in a company if any trusted identification system is spoof able it leads to high security risk .In the same manner every gate keeper in H.323 trusts the E.164 alias.
The spoofing of E.164 alias is similar to any other attack .Here the attack takes place same as MAC spoofing. In the wireless network if we use Mac address filtering the Mac address can be changed by using the ether change software and can by pass the access controls.
Here in the H.323 the malicious end point can change the E.164 alias and register to the gate keeper with spoofed identity.
E.164 hopping attacks:
Hopping attacks allow unauthorized users to cross any set off security bars.
For example the unauthorized users can access only the authorized areas. But by using hopping attacks the unprivileged users can access areas where privileged users can use.
These Dos will occur when the H.323 end points where authenticated.
Now to create an MD5 hash the authentication requires a time stamp with NTP server.
Hence the H.323 end points cannot register to the network by updating devices with wrong time stamping the attacker can easily estimate the situation.
For example if an end user could use an rouge NTP server and sends wrong time stamps to the gate keeper ,the gate keeper simply accepts the time stamps .some times the gate keeper does not need any authentication to update the time stamps .
Some times the gate keepers and end points accept time stamps from few ip address .now if the attacker identifies the ip address by spoofing he can simply inject malicious timestamp in to the end points.
These dos attack involves with registration reject packets. For example if an end user is authenticated to a gate keeper the attacker can simply send an UDP Registration reject packet where the end point would get unregistered.
Now if the end point again attempts to authenticate with the gate keeper the attacker can again send an UDP Registration reject packet where the end point would get un register immediately.
DOS-non standard message attack:
In this dos attack a non standard message is sent continuously which results in packet over load and crash the VOIP device. Now this crash may open a gate way to many attacks like reply attack etc.
RTP Security attacks:
Due to lack of proper encryption or privacy in VOIP there are many security attacks focus on capturing media such as audio, unauthorized users, unauthenticated users etc.
The RTP is vulnerable to many attacks like hijacking, passive eavesdropping, active eavesdropping, denial of service, SSRC injection, RTCP BYE.
As the data is transferred in clear plain text the packets can be sniffed using Ftp, telnet, http etc. here the telnet simply captures small piece of data which really doesn't help in gaining the require information .Hence this RTP eavesdropping was little bit tough than monitoring the traffic.
In his attack the user can sniff the network by using tools like wire shark.
Now the attacker can place an active attack like voice injection in between two end points.
For example the attacker can inject a piece of voice in between two end users.
Denial of service:
As the RTP controls the media stream the impact of DOS attack on RTP is much higher compare to the SIP and H.323.
The following are the list of Dos attacks on RTP.
The following are few security systems which protects the voice based systems from security threats.
Preventing toll fraud: here companies can use different access control policies to their Voice LAN to prevent the company from toll fraud.
Preventing Dos attacks:
The Dos attacks can be prevented by connecting the call processing servers to separate Voice LANS.
Preventing eavesdrops and Interception:
The attackers usually monitor the conversations using a pc with special software where he can connect to the same VLAN where one or two persons where in conversation. This can be prevented when the users are logically cordoned off.
This paper presents the functionalities and the security issues over the voice over internet protocol. Here the VOIP performance is determined by using end to end delay, jitter and packet loss. In the given network the Meritor provides VoIP services to the client steel tec .The band width of the network should be used effectively and reduces the jitter value in order to produce better quality of voice.