Voice over IP Security What are the Risks and Solutions?

Abstract
Voice over IP is one of the quickest developing Internet services and slowly replaces traditional telephony !owever" while #oving telephony to the public IP platfor# broadens its service capabilities" so#e security proble#s #ay occur It is because the a#ount of threats e$isting in IP networks is #uch bigger than in case of traditional telephone networks %he #ost serious proble#s of VoIP public networks are this way identified and security solutions are proposed %he Session Initiation Protocol &SIP' is beco#ing one of the do#inant VoIP signalling protocol( however it is vulnerable to #any kinds of attacks A#ong these attacks" )all !i*acking attacks have been identified as the #a*or threat to SIP +ven though a great deal of research has been carried out to #itigate hi*acking attacks" only a s#all proportion has been specific to SIP %his research e$a#ines the way these attacks affect the perfor#ance of a SIP,based syste# %his paper focuses on these VoIP specific security threats and the counter#easures to #itigate the proble# voice" video and data co##unication over packet,switched networks A ! 434 network consists of ter#inals" gateways" and optionally gatekeepers" a 7)6" and a 8ack +nd Service &8+S' 9atekeepers are a wide deployed co#ponent in VoIP syste#s and are responsible for access control" address resolution" bandwidth control and call forwarding SIP is the Internet +ngineering %ask 0orce &I+%0' specified signalling protocol used for Internet calls" #ulti#edia conferences and #ulti#edia distribution In contrast to ! 434" SIP is specifically designed for voice services

Introduction
VoIP is one of the #ost co##on and cheap technology to co##unicate short and long distance It trans#its the digiti-ed voice data over IP network which provides a user to have a telephonic conversation over the e$isting Internet( this voice signal is appropriately encoded at one end of the co##unication channel trans#itted using IP packets" and then decoded at the receiving end which transfor#ed back into a voice signal VoIP uses IP protocols" originally designed for the Internet" to break voice calls up into digital .packets/ In order for a call to take place the separate packets travel over an IP network and are reasse#bled at the far end Packeti-ed voice also enables #uch #ore efficient use of the network because bandwidth is only used when so#ething is actually being trans#itted 0ig 1 1 shows the VoIP process %he basic process involved in a VoIP call is as follows2 1 )onversion of the caller/s analogue voice signal into a digital for#at 3 )o#pression and translation of the digital signal into discrete Internet Protocol packets 4 %rans#ission of the packets over the Internet or other IP, based network 5 Reverse translation of packets into an analogue voice signal for the call recipient %he caller/s voice has to traverse a nu#ber of processes before it can reach the calle %here are several protocols used for this purpose ! 434 is a set of reco##endations approved by the &I%6,%' for trans#ission of real,ti#e 0ig 1 1 SIP is an application layer protocol of the :SI co##unication #odel that uses te$t,based #essages si#ilar to !%%P In contrast to ! 434" SIP does not require any reliable transport" and can be i#ple#ented by using 6;P !owever" it is reco##ended that the SIP server supports both 6;P and %)P" and that the %)P connection should only be opened if a 6;P connection cannot be established %he SIP architecture consists of two parts" the SIP 6ser Agent &6A' and the SIP <etwork Server %he SIP 6A is a user/s ter#inal and consists of two #ain co#ponents2 = User Agent Client (UAC) , Responsible for sending requests and receiving responses = User Agent Server (UAS) , Responsible for receiving requests and sending responses %he function of the SIP Network Server is to provide na#e resolution and user location It consists of three #ain groups2 = Proxy server , +ach >A< has its own pro$y server which is used by the 6A) to pass the request to the ne$t server %he request can be passed to several pro$y servers before reaching its destination 8esides routing decisions" the pro$y server also provides functions such as authentication" network access control and security" si#ilar to a firewall = Redirect server , !elps ter#inals to find the desired address by redirecting the user to another server

= Registrar server , A server that accepts user registration and #aps a user/s telephone address with its IP address %he figure illustrates the setup procedure in a SIP network where a pro$y and a registrar server are i#ple#ented in a single co#ponent %he caller sends an invite request using the Session ;escription Protocol &S;P' for#at to the calle through the pro$y server %he request is either replied with an Accept or a Re*ect #essage If a Re*ect #essage is received the call ter#inates :therwise the caller will finish the three,way handshake by sending an Acknowledge#ent #essage to the calle and the #edia transfer channel will hereafter be created directly between the caller and the calle 0ig 1 3

Registration hi*acking allows inbound calls to be hi*acked and answered by an attacker Registration hi*acking also allows an attacker to Aget in the #iddleB and record signalling and audio Causes of Registration Hijacking With SIP" registration is nor#ally perfor#ed using the connection,less 6;P" as opposed to the connection, oriented %)P 6;P si#plifies generation of spoofed packets" #aking attacks like registration hi*acking easier SIP registrars are not required to authenticate the 6A requesting a registration When authentication is used" it is not strong" only involving use of a 7;C digest of the userna#e" password" and ti#esta#p,based nonce sent in the authentication challenge 0urther#ore" passwords are often weak +ven strong passwords can be defeated with dictionary,style attacks ;ictionary attacks are those where a list of potential passwords are used to AguessB a password needed for registration Duite often" knowing a single password enables breaking #any other passwords %he AbasicB authentication based upon plain,te$t passwords" #ust not be available An e$ternal attacker can build a directory by scanning for your register able 6A addresses %he scanner can send various requests to your SIP pro$y?registrar" and deter#ine fro# the responses" which addresses are valid and register able 7ost registrars?pro$y servers will not detect directory scanning or registration hi*acking atte#pts

SIP Vulnerabilities
%here are a nu#ber of proble#s related to SIP regarding security 0inally SIP #essages are te$t,based which #ake the# easier to analy-e and therefore easier targets for attackers %his section focuses on the inherent SIP vulnerabilities that e$ist in #ost i#ple#entations( one of the #a*or attack is )all hi*acking Call Hijacking / Registration Hijacking With the deploy#ent of VoIP and especially the SIP" there are a nu#ber of vulnerabilities you need to address :ne such vulnerability is Registration !i*acking In SIP" a 6ser Agent &6A'?IP phone #ust register itself with a SIP pro$y?registrar &or IP P8@'" which allows the pro$y to direct inbound calls to the 6A Registration hi*acking occurs when an attacker i#personates a valid 6A to a registrar and replaces the legiti#ate registration with its own address %his attack causes inbound calls intended for the 6A to be sent to the rogue 6A %he following figure illustrates registration hi*acking2 0ig 1 4

Defences against Registration Hijacking

%he pri#ary defences against registration hi*acking are to use strong authentication and VoIP,opti#i-ed )isco ;evices?0irewalls to detect and block attacks At a #ini#u#" all registrars should use an Asy##etric Eey +ncryption Ideally" registrars use strong authentication" such as that provided by the %>S Registrations fro# the e$ternal network should be disabled if possibleFor at least li#ited to a s#all set of e$ternal 6As VoIP,opti#i-ed firewalls can be used to perfor# selective registration of e$ternal 6As by providing the following functions2 o ;etect and alert upon directory scanning atte#pts o >og all R+9IS%+R requests Alert upon any unusual pattern of R+9IS%+R requests

o If the 6As being used do not ever use a R+9IS%+R request to re#ove valid contacts" detect and block any use of this request o >i#it R+9IS%+R requests to an established user list

o 0ilter any responses to initial R+9IS%+R requests that i##ediately succeed %his ensures that only correctly configured 6As and registration servers interact o Act as a pro$y and provide strong authentication for registrars that lack the ability to do so the#selves

Fig 1.4

Devices/Techniques to be Use
%he 0ig 1 5 shows the use of )isco security ASA devices with the firewall that help to secure not only VoIP server as well as end users also %he devices and technique used are2, CISC! "S" # %his device is used between the servers so that +ffective" always,on" highly secure connectivity established between the# !ighly secure co##unications services Stop attacks before they penetrate the network peri#eter" also Protect resources and data" as well as voice" video" and #ulti#edia traffic )ontrol network and application activity$ State full %ire&all , A #echanis# to allow VoIP traffic through firewalls Stateful packet filters can track the state of connections" denying packets that are not part of a properly originated call VoIP,ready firewalls are essential co#ponents in the VoIP network and should be used HTTP Digest , bases on a challenge,response #echanis# )lientGs password together with a response are encrypted and sent in the SIP header %he ;igest authentication sche#e is based on a si#ple challenge,response paradig# !ere" a valid response contains a checksu# of the user na#e" the password" the given nonce value" the !%%P #ethod" and the requested 6RI In this way" the password is never sent in the clear T'S , hop,by,hop encryption protocol that works between 6As and Pro$ies It provides confidentiality" integrity and protection fro# replay attacks IPSec ( IPSec is a network layer encryption protocol It works in both hop,by,hop and end,to,end scenarios It is usually used in a SIP VP< &Virtual Private <etwork' scenario or between ad#inistrative SIP do#ains It does

not provide key e$change #echanis#s" so Internet Eey +$change &IE+' protocol needs to be used additionally "ntivirus/S)*&are Re+over ( searches and scans for known viruses in order to disable the# +ach antivirus has a set of known virus definitions" which obviously needs to be regularly updated Truste Phone s*ste+ ( In practical" Asoft phoneB syste#" which i#ple#ent VoIP using an ordinary P) with a headset and special software" should not be used where security or privacy are a concern Wor#s" viruses and other #alicious software are e$traordinarily co##on on P)s connected to the internet and very difficult to defend against

Conclusion
%here are a nu#ber of security issues" which are unique to VoIP Registration hi*acking is one of the #ore serious issues An attacker who successfully hi*acks registrations in your organi-ation can block" record" and otherwise #anipulate calls to and fro# your organi-ation %his is a very real threatFwhich you #ust counter Hou can defeat registration hi*acking atte#pts by selecting a registrar that uses authentication" setting strong passwords" and using VoIP,opti#i-ed firewalls to detect and block attacks and )isco Adaptive Security Appliances &ASA' to counter the# <ow the attackers do no directly attack the SIP registrar and +nd users If so the firewall I )isco device can i##ediately identify the threat and do not allow the co##unication between the#

,ibliogra)h*
)isco co# http2??www cisco co#?en?6S?products?psJ13K?inde$ ht#l

AVoice :ver IP and 0irewallsB" http2??download securelogi$ co#?library?voice over ip firewallsKCK1KC pdf ASIP2 Session Initiation ProtocolB"

http2??www ietf org?rfc?rfc3C54 t$t AAn Analysis of Security Incidents on the InternetB" Ph; thesis" http2??www cert org?research?L!%hesis?Start ht#l