View
16
Download
3
Embed Size (px)
DESCRIPTION
The fact that VoIP relies on IP infrastructure make it vulnerable to any attack that targets the network. Consequently, whatever may be the nature of the attack, there is a good chance that the attacker is capitalizing on a weakness in the VoIP protocol being used. VoIP is different from other IP services in the sense that its security is normally treated as one of the service properties configurable by the user. This article provides an overview of VoIP security requirement, aimed at empowering public VoIP user With the strategies to mitigate threats.
SECURING VoIP NETWORK: AN OVERVIEW OF APPLIED
APPROACHES AND ANALYSIS
Michael Oche, Rafidah Md Noor Member IEEE, Abubakar Bello Tambawal and Mostofa
Kamal Nasir
ABSTRACT - VoIP is becoming more and more popular and as such a potential target
for hackers. Providing security for VoIP services is therefore pertinent for
telecommunications. Without correct mechanisms to ensure callers authentication,
transmission confidentiality and availability of the service, security of the VoIP users is
at risk. The fact that VoIP relies on IP infrastructure make it vulnerable to any attack
that targets the network. Consequently, whatever may be the nature of the attack, there
is a good chance that the attacker is capitalizing on a weakness in the VoIP protocol
being used. VoIP is different from other IP services in the sense that its security is
normally treated as one of the service properties configurable by the user. This article
provides an overview of CISCO VoIP security requirement, aimed at empowering
public VoIP user With the strategies to mitigate threats.
Keywords: AAA, CIA, PSTN, Telephony, VoIP,
2.0 INTRODUCTION
Voice over Internet Protocol (VoIP) is a rapidly growing Internet service. It gained popularity
as a way to cut costs of international telephone connections by transporting voice over public
IP networks [1]. Today it is being implemented in many IP applications, where it enables
direct, and most time free communication over the Internet to users globally. As a
consequence, VoIP technology slowly replaces traditional telephony. There are numerous
attack vectors when dealing with VoIP, and since VoIP depends on the IP infrastructure any
attack that targets the network can be a potential hazard for VoIP. Consequently, whatever
may be the nature of the attack, there is a good possibility that the attacker is capitalizing on a
weakness in the VoIP protocol being used. Providing security for this service is therefore
pertinent for telecommunications. User private information, business negotiation details or
even state secrets could be revealed if not well protected. Without a correct mechanism to
ensure callers Authentication, transmission confidentiality and service availability, the
security of VoIP users are at risk. In view of this it is pertinent and imperative to investigate
VOIP security problem and evaluate the service to assure that moving telephony to a new IP-
based platform does not compromise its security [2]. In most cases advances and trends in
information technology typically surpass the corresponding realistic security requirements .
This is no different in case of VoIP. Most efforts were till today invested in providing more
advanced services and applications, with less attention paid to security. Another prevailing
problem lies in users' perception of VoIP telephony, the fact that VoIP telephony idea is not
completely new, it follows the exemplification of traditional telephony and its seen by the
users as a replacement to traditional telephony. A replacement users presumed should provide
similar security level. But unfortunately, VoIP is different, in the sense that its security is
usually treated as one of the service properties configurable by the user. As such in this paper
we reviewed and analyzed basic CISCO VOIP network security requirements, with the aim
of empowering public VoIP users and equipping them with relevant basic tools or
information on how to better secure their VOIP telephony system.
3.0 LITERATURE ANALYSIS
Voice over Internet Protocol is a somehow a different technology, even though an average
telecommunication user knows it concerns the Internet and is relatively cheaper, he/she
probably may not know any details beyond that. The traditional telephony system since its
introduction in 1878 involved three main stages, first it existed in a form of a first generic
telephone network which required a constant human presence to switch and setup call. Later
in 1891 [3] POTS were introduced. Plain Old Telephone System (POTS) provides for
automated switching thereby completely eliminating the need for human presence. In 1970
POTS were replaced with a more advanced system known as the Public Switched Telephone
Network (PSTN). Unlike POTS the PSTN uses digital signals, voice is no longer transmitted
as an analogue signal as in the case of POTS but as a digital signal. This development made it
possible to offer other services such as fax and other database services. The introduction of
the PSTN system marks the beginning of the digital communication system and to make
communication even more seamless the new PSTN was also compatible with the POTS
system, which uses the lowest transmission bandwidth of 4KHz despite the fact that digital
services are transported on higher frequencies [3]. Beginning from 1990 the higher
bandwidth brought about as a result of digitization find their usefulness in data network
access technology. Many Internet access services, like ISDN and then DSL, ADSL are now
offered via the same access lines that were used for PSTN [4].
3.1 THE ARCHTECTURE
The acronym VoIP represents, Voice over Internet protocol which implies that voice packet
is transported using Internet Protocol (IP), its a packet switching system. VoIP is different
from the PSTN which is a circuit switched. Unlike the PSTN which irrespective of the
amount of information to be sent, reserved a full transmission bandwidth. VoIP, on the other
hand, is packet switched. Information that is to be sent is divided into packets and
transmitted. Only meaningful information is put into packets. Additionally each packet may
travel with a different route (dynamic routing) in a transport network, as there is no single
reserved path (circuit). As a consequence packet arriving at the destination may come in a
different sequence, than they were sent. Also, as there is no guaranteed bandwidth, some
packets may be lost. These packets are simply transported using the Internet Protocol (IP).
Voice transportation using the IP works just the same way, as in any other application like
WWW or email. The internet's tariffing system is based on a philosophy different from that
of the PSTN. Tariffing is independent of geographical distance between the sender and
receiver. Therefore, transmitting data between any two points costs the client the same
amount, but in the case of traditional PSTN its different (calls are charged based on distance).
Figure 1 shows four scenarios that related to the IP Network PSTN. Figure 1.1 shows
scenario 1, the first VoIP applications, the application permits voice communication between
two users of the Internet, and it has grown so popular to an extent that it is now used in many
Instant Messaging (IM) clients, like Skype, Messenger, etc. Voice transmission over IP works
just as any other Internet service and fully converged with other IM applications. The next
step of VoIP development came with the calls from Internet users to PSTN fixed subscribers
figure 1.2 scenario 2. The main advantage of such a telecommunication solution is that
information traveled through the Internet as long as possible and are forwarded to the PSTN
at the very end as close to the subscriber as possible. Thanks to this, even international calls
are treated as local calls by PSTN provider. The total cost is considerably diminished [5].
Figure 1: VoIP/PSTN basic scenarios [5].
The last two scenarios (figure 1.3 and figure 1.4) might be used by providers when the need
arises (whenever circumstance requires its implementation). Unquestionably, there are allot
more complicated scenario cases in used, but they would merely be a variation of the four
presented in Figure1.
3.2 PROTOCOLS AND CONCEPTS
While introducing VoIP one has to mention some basic elements and concepts of a VoIP
system. As can be seen in Figure 2 there are four basic elements of a VoIP System [5].
Terminal In a VoIP environment it refers to the end point of communication
devices , usually where the calls are being terminated. A terminal could either be
software base or hardware based and could also involve some automatic interaction
such as voice mails.
Server server is the focal point of a VoIP system. Registration of terminals and data
information such as location and IP is stored here. Also the server performs some
other operations such as setup call routing mechanism, authorization and accounting
operation.
Gateway Is the outmost edge of the VoIP network. It ensures the interoperability of
the VoIP network with other networks such as converting voice calls and fax calls
amidst PSTN and IP network..
Conference Bridge For multi point communication. Allows for the functionality of
several communication points. Because of the high resource requirement of the
conference bridge it is isolated from the server just as shown in figure 2.
Figure 2: VoIP basic architecture
4.0 SECURITY REQUIREMENTS ANALYSIS
Risk assessment of Voice over IP in public networks should start with analysis of security
expectations. One should state what requirements are imposed on the system. Of course
before such
