Challenges in Securing Voice over IP

IEEE Security & Privacy Tomas T. Walsh D. Richard Kuhn

Outlines
Supporting Protocols Why VoIP security differs from data
network security Need for new technologies

Why security for VoIP differs from data network security

VoIP have much stricter performance constraints

than data networks. Intruders have many potentially vulnerable points to attack
VoIP networks add specialized software, such as call managers, to place and route calls Many network parameters are established dynamically A network component is restart VoIP telephone is restarted or added to the network

QoS issues
Delay and loss
Delay must be less than 150ms %1 loss make call unintelligible 5% loss is catastrophic, no matter how good the codec DoS attack

RTP doesnt guarantee packet delivery Deliver VoIP traffic at high speed with preference
over less urgent traffic
Use routers that forward packets based on ToS bits Priority-based CAC

Infrastructure issues
Eavesdropping VoIP is different with
conventional telephone service
Opportunities for eavesdropped are multiplied Protocols and codecs are standards Tools to monitor and control packet network are widely
available
Sniffer

VoIP is similar to consumer software

Software phone are available on the Internet Use hacked version to attack
TFTP and DHCP

Security tradeoffs
Convenience and Security
VoIP components are integrated with Web server for configuration Features and ease of use Privacy and DoS vulnerabilities

Need for new technologies

Firewall
ALG make firewall VoIP aware Midcom Controls let VoIP packet traverse the firewall by letting the firewall receive instructions from an application-ware agent

NAT
Increase the security due to only protect the router Make call into the network very complex Incompatible with IPsec Serial Tunneling (STUN), TURN

Extend IPsec to VoIP

Encryption process can be detrimental to QoS

Proprietary encryption algorithm
FFT, chaos-bit encryption AES is more secure

VPN
Tunneling VoIP has become popular recently

Guidelines
Put voice and data on logically separate networks Strong authentication and access control on the
voice gateway system Choose a mechanism to allow VoIP traffic through firewalls Use IPsec or SSH for all remote management and auditing access Use IPsec tunneling instead of IPsec transport because tunneling mask the source and destination IP address If the performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling

Guidelines
Look for IP phones that can load digitally
signed images to guarantee the integrity of the software Avoid softphone systems Consider methods to harden VoIP platforms

Source codes for VoIP

SIP
http://www.vovida.org/

H.323
http://www.openh323.org/

RTP
WinRTP(http://www.vovida.org/) simRTP (NCTU or csie@NTU)

G.729
http://www.vovida.org/

Other issues
SRTP SIP with authentication IPv6

Discussion
VoIP security
VoIP Network security VoIP data encryption Dynamic encryption change
RTCP QoS report

Dynamic key change

How to pick up a ideal key function

Manpower

Tracking Anonymous Peer-toPeer VoIP calls on The Internet

ACM CCS05

XinYuan Wang Shiping Chen Sushi Jajodia

Outline
Introduction The Overall Model of Tracking Anonymous
Peer-to-Peer VoIP Call Active Timing Based Tracking of VoIP Flows Transparent Watermarking of VoIP Flow Experiments Related Works Conclusions

Introduction
Anonymous VoIP
No phone number End-to-end encryption Routed through low-latency anonymizing networks Onion Routing Tor Freedom Tarzan

Introduction
Tracking Skype Call
Free and widely Used End-to-end encryption with 256 bits AES Traverse most firewall and NAT Intelligently and dynamically routs the encrypted call through different peers to achieve low latency Use proprietary peer-to-peer signaling protocol to set up the VoIP calls