voip information security issues in voice over internet protocol
DESCRIPTION
VoIP Information Security Issues in Voice Over Internet Protocol. Satya Bhan, Jonathan Clark, Joshua Cuneo, Jorge Mejia. Road Map of Presentation. Introduction and basics Security threats in VoIP Encryption algorithms for VoIP Research and development of VoIP Conclusions. What is VOIP?. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/1.jpg)
1
VoIPVoIPInformation Security Issues in Voice Over
Internet Protocol
Satya Bhan, Jonathan Clark, Joshua Cuneo, Jorge Mejia
![Page 2: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/2.jpg)
2
Road Map of Road Map of PresentationPresentation
Introduction and basicsIntroduction and basics Security threats in VoIPSecurity threats in VoIP Encryption algorithms for VoIPEncryption algorithms for VoIP Research and development of VoIPResearch and development of VoIP ConclusionsConclusions
![Page 3: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/3.jpg)
3
What is VOIP?What is VOIP?
Voice Over Internet ProtocolVoice Over Internet ProtocolARPANET - 1973ARPANET - 1973Dramatic rise in popularityDramatic rise in popularity
MobileMobileCheapCheapAccessibleAccessibleFull of security holesFull of security holes
![Page 4: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/4.jpg)
4
How VOIP WorksHow VOIP Works
1.1. Resolution of IP Address Resolution of IP Address
2.2. Analog-digital conversionAnalog-digital conversion
3.3. Parsed into RTP packetsParsed into RTP packets
4.4. Sent via UDP protocolSent via UDP protocol
5.5. Extraction of dataExtraction of data
6.6. Analog-digital conversionAnalog-digital conversion
(8)
![Page 5: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/5.jpg)
5
How VOIP WorksHow VOIP Works
H.323 ProtocolH.323 Protocol
Umbrella standardUmbrella standard
Terminals, gateways, gatekeepers, and multipoint Terminals, gateways, gatekeepers, and multipoint control units (MCUs) control units (MCUs)
(8)
![Page 6: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/6.jpg)
6
How VOIP WorksHow VOIP Works
SIP ProtocolSIP Protocol
Location stored in a location serverLocation stored in a location server
Proxy server resolves locationProxy server resolves location
Session Description Protocol (SDP) for logisticsSession Description Protocol (SDP) for logistics
(8)
![Page 7: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/7.jpg)
7
Road Map of Road Map of PresentationPresentation
Introduction and basicsIntroduction and basics Security threats in VoIPSecurity threats in VoIP Encryption algorithms for VoIPEncryption algorithms for VoIP Research and development of VoIPResearch and development of VoIP ConclusionsConclusions
![Page 8: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/8.jpg)
8
VoIP Security MythVoIP Security Myth““Security administrators assume that Security administrators assume that
because digitized voice travels in because digitized voice travels in packets, they can simply plug VoIP packets, they can simply plug VoIP components into their already components into their already secured networks and get a stable secured networks and get a stable and secure voice network”and secure voice network”
- - Walsh, T.J.; Kuhn, D.R Walsh, T.J.; Kuhn, D.R
![Page 9: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/9.jpg)
9
Why are existing Why are existing protections unusable?protections unusable?
Most firewalls, Intrusion Detection Most firewalls, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IDS), Intrusion Prevention Systems (IPS) rely on deep packet Systems (IPS) rely on deep packet inspectioninspection
Encryption adds overheadsEncryption adds overheads Max tolerable packet delay is set to Max tolerable packet delay is set to
150 ms 150 ms
![Page 10: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/10.jpg)
10
Denial of Service (DOS)Denial of Service (DOS)
Most harmful attack – effects Most harmful attack – effects customers, Quality of Service customers, Quality of Service (QoS), profits etc.(QoS), profits etc.
““Latency turns traditional security Latency turns traditional security measures into double-edged measures into double-edged swords for VoIP”swords for VoIP”
Walsh, T.J.; Kuhn, D.RWalsh, T.J.; Kuhn, D.R
![Page 11: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/11.jpg)
11
Denial of Service – Denial of Service – Packet LossPacket Loss
User Datagram Protocol (UDP)User Datagram Protocol (UDP) Fast, LightweightFast, Lightweight Transmission/Order not guaranteedTransmission/Order not guaranteed
Small payloads – 10 to 50 bytesSmall payloads – 10 to 50 bytes 1% loss – 1% loss – unintelligibleunintelligible 5% loss - 5% loss - catastrophic, no matter how catastrophic, no matter how
good the codecgood the codec
![Page 12: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/12.jpg)
12
EavesdroppingEavesdropping Public Switch Telephone Networks Public Switch Telephone Networks
(PSTN)(PSTN) Physical access harder & more Physical access harder & more
detectabledetectable Proprietary protocolsProprietary protocols
VoIPVoIP Standardized protocolsStandardized protocols Readily available tools to monitor Readily available tools to monitor
networknetwork Ethereal analyzerEthereal analyzer Voice over misconfigured Internet Voice over misconfigured Internet
telephones (VOMIT)telephones (VOMIT)
![Page 13: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/13.jpg)
13
EavesdroppingEavesdropping User software available freely for User software available freely for
downloaddownload Using Cache-poisoning distribute Using Cache-poisoning distribute
hacked upgradeshacked upgrades Man-in-the-middle attacksMan-in-the-middle attacks
Rogue server with modified Rogue server with modified configuration files containing the IP configuration files containing the IP addresses of call managersaddresses of call managers
Victims’ calls are then routed Victims’ calls are then routed through the attacker’s call manager through the attacker’s call manager
![Page 14: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/14.jpg)
14
SpoofingSpoofing Identity management complicatedIdentity management complicated
No physical deviceNo physical device Universal Reference Identification Universal Reference Identification
(URI)(URI) Spoofing available on multiple layers Spoofing available on multiple layers
(ip, mac)(ip, mac) Spoof caller’s identificationSpoof caller’s identification
Attacker calls regular phone lineAttacker calls regular phone line Flash over using 3 way calling, dial Flash over using 3 way calling, dial
next partynext party First callee’s id or unknown First callee’s id or unknown
displayeddisplayed
![Page 15: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/15.jpg)
15
Theft of ServiceTheft of Service
Edwin Pena and Robert Moore Edwin Pena and Robert Moore VoIP fraudVoIP fraud Routed more than ten million calls Routed more than ten million calls
through unsuspecting companiesthrough unsuspecting companies Orchestrated a "brute force" attack Orchestrated a "brute force" attack
to identify the prefixes needed to to identify the prefixes needed to gain access to VoIP networksgain access to VoIP networks
Sold VoIP services cheapSold VoIP services cheap
![Page 16: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/16.jpg)
16
Theft of ServiceTheft of Service Attackers gain access to VoIP Attackers gain access to VoIP
networksnetworks Security vulnerabilities in user’s Security vulnerabilities in user’s
softwaresoftware Sniffing user accounts and passwordsSniffing user accounts and passwords
Profitable attacksProfitable attacks Toll frauds, identity thefts etc.Toll frauds, identity thefts etc.
![Page 17: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/17.jpg)
17
Spam over Internet Spam over Internet Telephony (SPIT)Telephony (SPIT)
““where there's a channel, there's a where there's a channel, there's a pitchman”pitchman”
Pierce Reid, Qovia VP marketing Pierce Reid, Qovia VP marketing
Mass advertisements over PSTN Mass advertisements over PSTN complex & costlycomplex & costly
![Page 18: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/18.jpg)
18
Spam over Internet Spam over Internet Telephony (SPIT)Telephony (SPIT)
VoIP merges IT & PSTNVoIP merges IT & PSTN Easily accessible & cheapEasily accessible & cheap unwanted voice messages will clog unwanted voice messages will clog
voice mailvoice mail Spam tools such as blacklists etc Spam tools such as blacklists etc
useless against SPITuseless against SPIT Session hijackingSession hijacking
Video conferences can be hijacked Video conferences can be hijacked and advertisements shown insteadand advertisements shown instead
Similarly voice conversations Similarly voice conversations disrupted by advertisementsdisrupted by advertisements
![Page 19: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/19.jpg)
19
Road Map of Road Map of PresentationPresentation
Introduction and basicsIntroduction and basics Security threats in VoIPSecurity threats in VoIP Encryption algorithms for VoIPEncryption algorithms for VoIP Research and development of VoIPResearch and development of VoIP ConclusionsConclusions
![Page 20: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/20.jpg)
20
PGPfone HistoryPGPfone History Released in 1995Released in 1995 Never gained popularity due to lack Never gained popularity due to lack
of interestof interest Broadband was not widespreadBroadband was not widespread Voice over IP was not popularVoice over IP was not popular
Intended more for point-to-point Intended more for point-to-point modem connectionsmodem connections
![Page 21: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/21.jpg)
21
PGPfone MotivationsPGPfone Motivations Zimmermann believes in a right Zimmermann believes in a right
to privacy provided by the to privacy provided by the ConstitutionConstitution
Released in response to 1994 Released in response to 1994 Digital Telephony lawDigital Telephony law ““mandated that phone companies mandated that phone companies
install remote wiretapping ports in install remote wiretapping ports in their central office digital switches”their central office digital switches”
Says that while warrants were still Says that while warrants were still necessary, a shift in policy could necessary, a shift in policy could lead to privacy violationslead to privacy violations
NSA program to monitor without NSA program to monitor without warrantswarrants
![Page 22: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/22.jpg)
22
PGPfone DetailsPGPfone Details Uses Diffie-Hellman for key Uses Diffie-Hellman for key
generationgeneration Keys generated from random prime Keys generated from random prime
numbersnumbers Uses TripleDES, Blowfish, or Uses TripleDES, Blowfish, or
CAST as ciphersCAST as ciphers Symmetric for speedSymmetric for speed Run in counter modeRun in counter mode
Diffie-Hellman has vulnerability to Diffie-Hellman has vulnerability to man-in-the-middle attacksman-in-the-middle attacks Solved by using Short Authentication Solved by using Short Authentication
StringsStrings
![Page 23: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/23.jpg)
23
Secure Real-Time Secure Real-Time Transfer ProtocolTransfer Protocol
Published in RFC 3711 in March Published in RFC 3711 in March 20042004
Goal to create secure version of Goal to create secure version of Real-Time Transfer ProtocolReal-Time Transfer Protocol Ensure confidentiality and integrity Ensure confidentiality and integrity
of RTP packetsof RTP packets Provides “a framework that Provides “a framework that
permits upgrading”permits upgrading” Allows protocol to upgrade to more Allows protocol to upgrade to more
secure ciphers in the futuresecure ciphers in the future
![Page 24: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/24.jpg)
24
Secure Real-Time Secure Real-Time Transfer ProtocolTransfer Protocol
Key exchange is entirely defined in the Key exchange is entirely defined in the RFCRFC Uses master key to generate keysUses master key to generate keys Number of keys generated by one master Number of keys generated by one master
key is up to the userkey is up to the user Number of packets encrypted by one key Number of packets encrypted by one key
can be setcan be set Default cipher is Advanced Encryption Default cipher is Advanced Encryption
Standard (AES)Standard (AES) Runs in counter mode by defaultRuns in counter mode by default
Keyed-Hashing for Message Keyed-Hashing for Message Authentication-Secure Hash Algorithm Authentication-Secure Hash Algorithm (HMAC-SHA1) used to ensure (HMAC-SHA1) used to ensure message authenticitymessage authenticity
![Page 25: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/25.jpg)
25
ZRTPZRTP Created by Phil ZimmermannCreated by Phil Zimmermann Title of RFC is “Extensions to RTP for Title of RFC is “Extensions to RTP for
Diffie-Hellman Key Agreement for Diffie-Hellman Key Agreement for SRTP”SRTP”
Features:Features: Similar to PGPfone, but updated to run Similar to PGPfone, but updated to run
on top of new standards (RTP, SIP)on top of new standards (RTP, SIP) Backwards compatible with standard Backwards compatible with standard
RTPRTP Does not rely on public key Does not rely on public key
infrastructure (PKI)infrastructure (PKI) Foils man-in-the-middle attacks in Foils man-in-the-middle attacks in
similar fashion to PGPfonesimilar fashion to PGPfone Adds “shared secret” for added Adds “shared secret” for added
protectionprotection
![Page 26: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/26.jpg)
26
ZfoneZfone Also written by Phil ZimmermannAlso written by Phil Zimmermann Implementation of ZRTPImplementation of ZRTP ““Lets you turn your existing VoIP Lets you turn your existing VoIP
client into a secure phone”client into a secure phone” Simply intercepts and filters RTP Simply intercepts and filters RTP
packetspackets If Zfone is not running on both sides it If Zfone is not running on both sides it
will simply revert to standard RTPwill simply revert to standard RTP GUI to let you know if current call is GUI to let you know if current call is
securesecure SDK to license for developers to SDK to license for developers to
integrate ZRTP into their applicationsintegrate ZRTP into their applications
![Page 27: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/27.jpg)
27
SkypeSkype Closed source and closed Closed source and closed
specificationspecification Tom Berson's security analysisTom Berson's security analysis
Was allowed uninhibited access to the Was allowed uninhibited access to the code and the engineerscode and the engineers
Findings:Findings: Skype uses only standard encryption Skype uses only standard encryption
techniquestechniques All techniques are properly implementedAll techniques are properly implemented Uses a central server as public key Uses a central server as public key
infrastructure to authenticate messagesinfrastructure to authenticate messages No backdoors or malwareNo backdoors or malware
![Page 28: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/28.jpg)
28
Skype ConcernsSkype Concerns Closed does not always mean safeClosed does not always mean safe
Have to trust Skype when they say their Have to trust Skype when they say their software is securesoftware is secure
Single person, company sponsored Single person, company sponsored analysisanalysis Closed protocol makes it difficult to Closed protocol makes it difficult to
verifyverify Small Chinese company claims to Small Chinese company claims to
have broken protocolhave broken protocol Will release software that connects to Will release software that connects to
Skype network soonSkype network soon
![Page 29: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/29.jpg)
29
Road Map of Road Map of PresentationPresentation
Introduction and basicsIntroduction and basics Security threats in VoIPSecurity threats in VoIP Encryption algorithms for VoIPEncryption algorithms for VoIP Research and development of Research and development of
VoIPVoIP ConclusionsConclusions
![Page 30: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/30.jpg)
30
Research and Research and Development in VoIP Development in VoIP
SecuritySecurity VoIP security is still a big question in VoIP security is still a big question in
the servicethe service Many improvements are still Many improvements are still
possiblepossible Collective effort needed by Collective effort needed by
government, academia, and private government, academia, and private companiescompanies
![Page 31: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/31.jpg)
31
The 1The 1stst IEEE Workshop IEEE Workshop on VoIP Management on VoIP Management and Security (2006)and Security (2006)
Open workshop for researchers from Open workshop for researchers from any sector to improve state of any sector to improve state of security of VoIPsecurity of VoIP
Projects to cover:Projects to cover: Locating SIP usersLocating SIP users Monitoring VoIP networksMonitoring VoIP networks Intrusion Detection for VoIPIntrusion Detection for VoIP
![Page 32: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/32.jpg)
32
Lightweight Scheme for Lightweight Scheme for Locating Users: Locating Users: Goal/MotivationGoal/Motivation
Group of Georgia Tech Researchers (CoC)Group of Georgia Tech Researchers (CoC) Most important challenge in VoIP:Most important challenge in VoIP:
Locate communicating parties via internet Locate communicating parties via internet in secure and reliable wayin secure and reliable way
Session Initialization Protocol (SIP) users Session Initialization Protocol (SIP) users are at risk because this technology is are at risk because this technology is weak to attacksweak to attacks
Mainly, the Integrity of the mapping from Mainly, the Integrity of the mapping from SIP to contact address is criticalSIP to contact address is critical
![Page 33: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/33.jpg)
33
Is Session Initialization Is Session Initialization Protocol (SIP) Safe?Protocol (SIP) Safe?
1) Terminal registers its contact address
2) Address stored in location services
3) During call initialization, caller finds server in DNS table
4) Callee’s server query location services for Address (1)
![Page 34: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/34.jpg)
34
Lightweight Scheme for Lightweight Scheme for Locating Users: Proposed Locating Users: Proposed
SolutionSolution Don’t use registrar servicesDon’t use registrar services Let SIP phone sign their own contact Let SIP phone sign their own contact
address bindings on behalf of their address bindings on behalf of their usersusers
Verify identity through public keysVerify identity through public keys Have modified SIP infrastructure to Have modified SIP infrastructure to
distribute public keysdistribute public keys
![Page 35: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/35.jpg)
35
Solution Scheme to Solution Scheme to Interchange Public Interchange Public
KeysKeys•Initial Key exchange between 2 users
•After the key exchange, communication follows through secure channel
•This is only needed once
(1)
![Page 36: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/36.jpg)
36
Monitoring VoIP Monitoring VoIP Networks: Networks:
Goal/MotivationGoal/Motivation Researchers from NEC JapanResearchers from NEC Japan Goal: VoIP carriers should identify Goal: VoIP carriers should identify
and separate legal from illegal trafficand separate legal from illegal traffic Motivation: Stop SPAM over Internet Motivation: Stop SPAM over Internet
Telephony (SPIT) from using Telephony (SPIT) from using network resourcesnetwork resources
Result: Prototype implemented to Result: Prototype implemented to monitor traffic from Skype, SIP monitor traffic from Skype, SIP phones, Netmeetingphones, Netmeeting
![Page 37: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/37.jpg)
37
Monitoring VoIP Monitoring VoIP Networks: Proposed Networks: Proposed Scheme/PrototypeScheme/Prototype
1.1. Add time stamp to Add time stamp to packets and measure sizepackets and measure size
2.2. Extract statistical data Extract statistical data from the flow (I.e. from the flow (I.e. payload)payload)
3.3. Verification to check Verification to check eavesdroppingeavesdropping
4.4. Compare packet against Compare packet against known threatsknown threats
5.5. Repeat the process and Repeat the process and control the flowcontrol the flow(2)
![Page 38: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/38.jpg)
38
Intrusion Detection and Intrusion Detection and Prevention on SIP: Prevention on SIP:
Goal/motivationGoal/motivation Researchers from University of Pisa Researchers from University of Pisa and and Switzerland.Switzerland.
Goal: Use the same principles of Goal: Use the same principles of network intrusion detection to network intrusion detection to provide security to VoIP networksprovide security to VoIP networks
Motivation: Threats will move to VoIPMotivation: Threats will move to VoIP Results: Working prototype using Results: Working prototype using
SnortSnort
![Page 39: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/39.jpg)
39
Intrusion Detection and Intrusion Detection and Prevention on SIP: Prevention on SIP:
PrototypePrototype
Tested Tested successfully successfully against a against a brute force brute force generatorgenerator
(3)
![Page 40: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/40.jpg)
40
Road Map of Road Map of PresentationPresentation
Introduction and basicsIntroduction and basics Security threats in VoIPSecurity threats in VoIP Encryption algorithms for VoIPEncryption algorithms for VoIP Research and development of VoIPResearch and development of VoIP ConclusionsConclusions
![Page 41: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/41.jpg)
41
ConclusionConclusion Great effort to secure VOIP networksGreat effort to secure VOIP networks
Leadership efforts by companies and Leadership efforts by companies and universitiesuniversities
Ideas both old and revolutionaryIdeas both old and revolutionary One solution: encryptionOne solution: encryption
SpeedSpeed New, effective algorithms like ZRTPNew, effective algorithms like ZRTP
Technology caught everybody by surpriseTechnology caught everybody by surprise Encouraging future for VOIPEncouraging future for VOIP
![Page 42: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/42.jpg)
42
ReferencesReferences(1) (1) Kong, L., Balasubramaniyan, V.B., and Ahamad, M. "A lightweight scheme for Kong, L., Balasubramaniyan, V.B., and Ahamad, M. "A lightweight scheme for
securely and reliably locating SIP users." IEEE Xplore. Georgia Tech Lib., Atlanta, securely and reliably locating SIP users." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.
(2) (2) Okabe, T., Kitamura, T., and Shizuno, T. "Statistical traffic identification method Okabe, T., Kitamura, T., and Shizuno, T. "Statistical traffic identification method based on flow-level behavior for fair VoIP service." IEEE Xplore. Georgia Tech Lib., based on flow-level behavior for fair VoIP service." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.Atlanta, GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.
(3) (3) Niccolini, S. et al. "SIP intrusion detection and prevention: recommendations and Niccolini, S. et al. "SIP intrusion detection and prevention: recommendations and prototype implementation." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July prototype implementation." IEEE Xplore. Georgia Tech Lib., Atlanta, GA. 12 July 2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.2006 <http://ieeexplore.ieee.org/Xplore/guesthome.jsp>.
(4) Zimmermann, Philip R. (4) Zimmermann, Philip R. PGPfone Owner’s ManualPGPfone Owner’s Manual. 8 July 1996. Phil’s Pretty Good . 8 July 1996. Phil’s Pretty Good Software. 13 July 2006. Software. 13 July 2006. <ftp://ftp.pgpi.org/pub/pgp/pgpfone/manual/pgpfone10b7.pdf>.<ftp://ftp.pgpi.org/pub/pgp/pgpfone/manual/pgpfone10b7.pdf>.
(5) Baugher, M., et al. (5) Baugher, M., et al. The Secure Real-time Protocol (SRTP)The Secure Real-time Protocol (SRTP). March 2004. The Internet . March 2004. The Internet Society. 13 July 2006. <http://tools.ietf.org/html/3711>.Society. 13 July 2006. <http://tools.ietf.org/html/3711>.
(6) ---, et al. (6) ---, et al. ZRTP: Extensions to RTP for Diffie-Hellman Key Agreement for SRTPZRTP: Extensions to RTP for Diffie-Hellman Key Agreement for SRTP. 5 . 5 March 2006. The Internet Society. 13 July 2006. <http://www.ietf.org/internet-March 2006. The Internet Society. 13 July 2006. <http://www.ietf.org/internet-drafts/draft-zimmermann-avt-zrtp-01.txt>.drafts/draft-zimmermann-avt-zrtp-01.txt>.
(7) (7) Zfone Home PageZfone Home Page. Phil Zimmermann & Associates. LLC 13 July 2006. . Phil Zimmermann & Associates. LLC 13 July 2006. <http://www.philzimmermann.com/EN/zfone/index.html>.<http://www.philzimmermann.com/EN/zfone/index.html>.
(8) Kuhn, D. Richard, Thomas J. Walsh, Steffen Fries. United States. National Institute of (8) Kuhn, D. Richard, Thomas J. Walsh, Steffen Fries. United States. National Institute of Standards and Technology, Technology Administration, Department of Commerce. Standards and Technology, Technology Administration, Department of Commerce. Security Considerations for Voice Over IP SystemsSecurity Considerations for Voice Over IP Systems. Gaithersburg, MD: NIST, 2005. . Gaithersburg, MD: NIST, 2005.
![Page 43: VoIP Information Security Issues in Voice Over Internet Protocol](https://reader035.vdocuments.mx/reader035/viewer/2022081520/56816072550346895dcf9c2f/html5/thumbnails/43.jpg)
43
Questions?Questions?