Voice over IP Security What are the Risks and Solutions? Abstract
voice" video and data co##unication over packet,switched networks
Voice over IP is one of the quickest developing Internet serv servic ices es and and slow slowly ly repl replac aces es trad tradit itio iona nall tele telepho phony ny !owever" while #oving telephony to the public IP platfor# broadens its service capabilities" capabilities" so#e security proble#s #ay occur It is because the a#ount of threats e$isting in IP netw networ orks ks is #uch #uch bigg bigger er than than in case case of trad tradit itio iona nall telephone telephone networks networks %he #ost serious serious proble#s proble#s of VoIP public networks are this way identified and security solutions solutions are proposed proposed %he Session Initiati Initiation on Protocol Protocol &SIP' is beco#ing one of the do#inant VoIP signalling protocol( however it is vulnerable to #any kinds of attacks A#ong these attacks" attacks" )all !i*acking !i*acking attacks attacks have been identified as the #a*or threat to SIP +ven though a great deal of research has been carried out to #itigate hi*acking attacks" only a s#all proportion has been specific to SIP %his research research e$a#ines e$a#ines the way these attacks affect the perfor#ance of a SIP,based syste# %his p aper focuses on these VoIP specific security threats and the counter#easures to #itigate the proble#
A !434 !434 netwo network rk consis consists ts of ter#i ter#inal nals" s" gatew gateways ays"" and optionally gatekeepers" a 7)6" and a 8ack +nd Service &8+S' &8+S' 9atekeepe 9atekeepers rs are a wide deployed deployed co#ponent co#ponent in VoIP VoIP syste syste#s #s and are respon responsib sible le for acces accesss contro control" l" address resolution" bandwidth control and call forwarding SIP is the Internet +ngineering %ask 0orce &I+%0' specified signalling protocol used for Internet calls" #ulti#edia conferences and #ulti#edia distribution In contrast to !434" SIP is specifically designed for voice services
Introduction VoIP is one of the #ost co##on and cheap technology to co##un co##unica icate te short short and long long distan distance ce It trans# trans#its its the digiti-ed voice data over IP network which provides a user to have a telephonic conversation over the e$isting Internet( this voice signal is appropriately encoded at one end of the co##unication channel trans#itted using IP packets" and then decoded at the receiving end which transfor#ed back into into a voice voice signal signal VoIP VoIP uses uses IP protoc protocols ols"" origin originall ally y designed for the Internet" to break voice calls up into digital .packe .packets/ ts/ In order order for a call call to take take place place the separat separatee packets travel over an IP network and are reasse#bled at the far end end Packet Packeti-e i-ed d voice voice also also enable enabless #uch #uch #ore #ore efficient use of the network because bandwidth is only used when when so#et so#ething hing is actual actually ly being being trans# trans#itt itted ed 0ig 11 shows the VoIP process %he basic process involved in a VoIP call is as follows2 1 )onversion of the caller/s analogue voice signal into a digital for#at 3 )o#pression and translation of the digital signal into discrete Internet Protocol packets 4 %rans#ission of the packets over the Internet or other IP, based network 5 Reverse translation of packets into an analogue voice signal for the call recipient %he caller/s voice has to traverse a nu#ber of processes before it can reach the calle %here are several protocols used for this purpose !434 is a set of reco##endations approv approved ed by the &I%6,% &I%6,%'' for trans# trans#iss ission ion of real,t real,ti# i#ee
0ig 11 SIP SIP is an appli ppliccatio ation n layer ayer prot protoc ocol ol of the :SI :SI co##un co##unica icatio tion n #odel #odel that that uses uses te$t,b te$t,base ased d #essa #essages ges si#ilar to !%%P In contrast to !434" SIP does not require any reliable transport" and can be i#ple#ented by using 6;P 6;P !oweve !owever" r" it is reco## reco##end ended ed that that the SIP server server supports both 6;P and %)P" and that the %)P connection should only be opened if a 6;P connection cannot be established %he SIP architecture consists of two parts" the SIP 6ser Agent &6A' and the SIP A< has its own pro$y server which is used by the 6A) to pass the request to the ne$t server %he request can be passed passed to several pro$y servers servers before reaching reaching its destination destination 8esides 8esides routing routing decisions decisions"" the pro$y server also provides functions such as authentication" authentication" network access control and security" si#ilar to a firewall = Redirect server , !elps !elps ter#i ter#inal nalss to find find the desire desired d address by redirecting the user to another server
= Registrar server , A server that accepts user registration and #aps a user/s telephone address with its IP address %he figure illustrates the setup procedure in a SIP network where a pro$y and a registrar server are i#ple#ented in a single co#ponent %he caller sends an invite request using the Session ;escription Protocol &S;P' for#at to the calle through the pro$y server %he request is either replied with an Accept or a Re*ect #essage If a Re*ect #essage is received the call ter#inates :therwise the caller will finish the three,way handshake by sending an Acknowledge#ent #essage to the calle and the #edia transfer channel will hereafter be created directly between the caller and the calle 0ig 13
Registration hi*acking allows inbound calls to be hi*acked and answered by an attacker Registration hi*acking also allows an attacker to get in the #iddleB and record signalling and audio Causes of Registration Hijacking
With SIP" registration is nor#ally perfor#ed using the connection,less 6;P" as opposed to the connection, oriented %)P 6;P si#plifies generation of spoofed packets" #aking attacks like registration hi*acking easier
SIP Vulnerabilities %here are a nu#ber of proble#s related to SIP regarding security 0inally SIP #essages are te$t,based which #ake the# easier to analy-e and therefore easier targets for attackers %his section focuses on the inherent SIP vulnerabilities that e$ist in #ost i#ple#entations( one of the #a*or attack is )all hi*acking Call Hijacking / Registration Hijacking
With the deploy#ent of VoIP and especially the SIP" there are a nu#ber of vulnerabilities you need to address :ne such vulnerability is Registration !i*acking In SIP" a 6ser Agent &6A'IP phone #ust register itself with a SIP pro$yregistrar &or IP P8@'" which allows the pro$y to direct inbound calls to the 6A Registration hi*acking occurs when an attacker i#personates a valid 6A to a registrar and replaces the legiti#ate registration with its own address %his attack causes inbound calls intended for the 6A to be sent to the rogue 6A %he following figure illustrates registration hi*acking2 0ig 14
SIP registrars are not required to authenticate the 6A requesting a registration When authentication is used" it is not strong" only involving use of a 7;C digest of the userna#e" password" and ti#esta#p,based nonce sent in the authentication challenge 0urther#ore" passwords are often weak +ven strong passwords can be defeated with dictionary,style attacks ;ictionary attacks are those where a list of potential passwords are used to guessB a password needed for registration Duite often" knowing a single password enables breaking #any other passwords %he basicB authentication based upon plain,te$t passwords" #ust not be available An e$ternal attacker can build a directory by scanning for your register able 6A addresses %he scanner can send various requests to your SIP pro$yregistrar" and deter#ine fro# the responses" which addresses are valid and register able 7ost registrarspro$y servers will not detect directory scanning or registration hi*acking atte#pts
Defences against Registration Hijacking %he pri#ary defences against registration hi*acking are to use strong authentication and VoIP,opti#i-ed )isco ;evices0irewalls to detect and block attacks At a #ini#u#" all registrars should use an Asy##etric Eey +ncryption Ideally" registrars use strong authentication" such as that provided by the %>S Registrations fro# the e$ternal network should be disabled if possibleFor at least li#ited to a s#all set of e$ternal 6As VoIP,opti#i-ed firewalls can be used to perfor# selective registration of e$ternal 6As by providing the following functions2 o ;etect and alert upon directory scanning atte#pts o >og all R+9IS%+R requests Alert upon any unusual pattern of R+9IS%+R requests
o If the 6As being used do not ever use a R+9IS%+R request to re#ove valid contacts" detect and block any use of this request
o 0ilter any responses to initial R+9IS%+R requests that i##ediately succeed %his ensures that only correctly configured 6As and registration servers interact
o >i#it R+9IS%+R requests to an established user list
o Act as a pro$y and provide strong authentication for registrars that lack the ability to do so the#selves
Fig 1.4
Devices/Techniques to be Use %he 0ig 15 shows the use of )isco security ASA devices with the firewall that help to secure not only VoIP server as well as end users also %he devices and technique used are2, CISC! "S" # %his device is used between the servers so that +ffective" always,on" highly secure connectivity established between the# !ighly secure co##unications services Stop attacks before they penetrate the network peri#eter" also Protect resources and data" as well as voice" video" and #ulti#edia traffic )ontrol network and application activity $ State full %ire&all , A #echanis# to allow VoIP traffic through firewalls Stateful packet filters can track the state of connections" denying packets that are not part of a properly originated call VoIP,ready firewalls are essential co#ponents in the VoIP network and should be used HTTP Digest , bases on a challenge,response #echanis# )lientGs password together with a response are encrypted and sent in the SIP header %he ;igest authentication sche#e is based on a si#ple challenge,response paradig# !ere" a valid response contains a checksu# of the user na#e" the password" the given nonce value" the !%%P #ethod" and the requested 6RI In this way" the password is never sent in the clear
T'S , hop,by,hop encryption protocol that works between 6As and Pro$ies It provides confidentiality" integrity and protection fro# replay attacks IPSec ( IPSec is a network layer encryption protocol It works in both hop,by,hop and end,to,end scenarios It is usually used in a SIP VP< &Virtual Private
not provide key e$change #echanis#s" so Internet Eey +$change &IE+' protocol needs to be used additionally "ntivirus/S)*&are Re+over ( searches and scans for known viruses in order to disable the# +ach antivirus has a set of known virus definitions" which obviously needs to be regularly updated Truste Phone s*ste+ ( In practical" soft phoneB syste#" which i#ple#ent VoIP using an ordinary P) with a headset and special software" should not be used where security or privacy are a concern Wor#s" viruses and other #alicious software are e$traordinarily co##on on P)s connected to the internet and very difficult to defend against
Conclusion %here are a nu#ber of security issues" which are unique to VoIP Registration hi*acking is one of the #ore serious issues An attacker who successfully hi*acks registrations in your organi-ation can block" record" and otherwise #anipulate calls to and fro# your organi-ation %his is a very real threatFwhich you #ust counter Hou can defeat registration hi*acking atte#pts by selecting a registrar that uses authentication" setting strong passwords" and using VoIP,opti#i-ed firewalls to detect and block attacks and )isco Adaptive Security Appliances &ASA' to counter the#
,ibliogra)h* )iscoco# http2wwwciscoco#en6SproductspsJ13Kinde$ht#l
Voice :ver IP and 0irewallsB" http2downloadsecurelogi$co#libraryvoice over ip firewallsKCK1KCpdf SIP2 Session Initiation ProtocolB"
http2wwwietforgrfcrfc3C54t$t An Analysis of Security Incidents on the InternetB" Ph; thesis" http2wwwcertorgresearchL!%hesisStartht#l