Voice over IP (VoIP) security - PowerPoint PPT Presentation

About This Presentation
Title:

Voice over IP (VoIP) security

Description:

Introduction. Voice over IP and IP telephony. Network convergence. Telephone and IT. PoE (Power over Ethernet) Mobility and Roaming. Telco. Switched - Packet (IP) – PowerPoint PPT presentation

Number of Views:464
Avg rating:3.0/5.0
Slides: 18
Provided by: 123se133
Category:
Tags: voip | over | security | voice

less

Transcript and Presenter's Notes

Title: Voice over IP (VoIP) security


1
Voice over IP (VoIP) security
2
Introduction
  • Voice over IP and IP telephony
  • Network convergence
  • Telephone and IT
  • PoE (Power over Ethernet)
  • Mobility and Roaming
  • Telco
  • Switched -gt Packet (IP)
  • Closed world -gt Open world
  • Security and privacy
  • IPhreakers
  • VoIP vs 3G

3
Architecture protocols
  • Signaling
  • User location
  • Session
  • Setup
  • Negotiation
  • Modification
  • Closing
  • Transport
  • Encoding, transport, etc.

4
Architecture protocols
  • SIP
  • IETF - 5060/5061 (TLS) - HTTP-like, all in one
  • Proprietary extensions
  • Protocol becoming an architecture
  • End-to-end (between IP PBX)
  • Inter-AS MPLS VPNs
  • Transitive trust
  • IM extensions (SIMPLE)
  • H.323
  • Protocol family
  • H.235 (security), Q.931H.245 (management), RTP,
    CODECs, etc.
  • ASN.1

5
Architecture protocols
  • RTP (Real Time Protocol)
  • 5004/udp
  • RTCP
  • No QoS/bandwidth management
  • Packet reordering
  • CODECs
  • old G.711 (PSTN/POTS - 64Kb/s)
  • current G.729 (8Kb/s)

6
Architecture systems
  • Systems
  • SIP Proxy
  • Call Manager/IP PBX
  • User management and reporting (HTTP, etc)
  • H.323 GK (GateKeeper)
  • Authentication server (Radius)
  • Billing servers (CDR/billing)
  • DNS, TFTP, DHCP servers

7
Architecture systems
  • Voice Gateway (IP-PSTN)
  • Gateway Control Protocols
  • Signaling SS7 interface
  • Media Gateway Controller
  • Controls the MG (Megaco/H.248)
  • SIP interface
  • Signaling Gateway
  • Interface between MGC and SS7
  • SCTP - ISUP, Q.931
  • Transport
  • Media Gateway audio conversion

8
Architecture firewall/VPN
  • Firewall
  • Non-stateful filtering
  • Stateful filtering
  • Application layer filtering (ALGs)
  • NAT / firewall piercing
  • (H.323 2xTCP, 4x dynamic UDP - 1719,1720)
  • (SIP 5060/udp)
  • Encrypted VPN
  • SSL/TLS
  • IPsec
  • Where to encrypt (LAN-LAN, phone-phone, etc)?

9
VOIP Threats
  • Denial of Service
  • ICMP Flood
  • IP Spoofing
  • Port Scans
  • Land Attack
  • IP Source Route
  • Evasdropping or recording
  • In VOIP eavesdropping is a type of an attack, if
    an attacker able to eavesdropp a communication.
    Then he can launch different type of an attack
    like Man in the Middle attack etc.
  • Call Hijacking and Spoofing
  • Call Redirection
  • Voice SPAM (Vishing, Mailbox Stuffing,
    Unsolicited Calling)
  • Voicemail Hacking

10
VOIP Attacks
  • Signaling Layer Attacks
  • SIP Registration Hijacking
  • Impersonating a Server
  • SIP Message Modification
  • SIP Cancel / SIP BYE attack
  • SIP DOS attack
  • Media Layer Attacks
  • Eavesdropping
  • RTP insertion attack
  • SSRC collision attacks

11
Signaling Layer Attacks
  • SIP Registration attack
  • Attacker impersonates a valid UA to a registrar
    himself as a valid user agent. So attacker can
    recieve calls for a legitmate user.
  • Impersonating a Server
  • When an attacker impersonates a remote server and
    user agent request are served by the attacker
    machine.
  • SIP Message Modification
  • If an attacker launches a man in the middle
    attack and modify a message. Then attacker could
    lead the caller to connect to malicious system.
  • SIP CANCEL / SIP BYE
  • SIP Denial of Service
  • In SIP attacker creates a bogus request that
    contained a fake IP address and Via field in the
    SIP header contains the identity of the target
    host.

12
Media Layer Attacks
  • Eavesdropping
  • SSRC collision
  • If an attacker eavesdropp the conversation and
    uses ones peer SSRC to send RTP packet to other
    peer, it causes to terminate a session.

13
Security Solutions
  • Two types of security solutions
  • End-to-End security
  • In SIP end points can ensure end-to-end security
    to those messages which proxy does not read, like
    SDP messages could be protectedusing S/MIME.
  • Media is transferred directly, so end-to-end
    security is achieved by SRTP.
  • Hop-by-hop security
  • TLS, IPSec
  • TLS provide transport layer security over TCP.
    Normally SIP URI is in the form of
    sipabc_at_example.com, but if we are using TLS then
    SIP URI will be sipsabc_at_example.com and
    signaling must be send encrypted.

14
Authentication
  • Authentication means to identify a person.
  • If we take SIP as signaling protocol in VOIP, it
    defines two mechanisms for authentication
  • HTTP digest authentication
  • S/MIME
  • HTTP Digest Authentication
  • HTTP digests mechanisms used between users to
    proxies, users to users but not between proxies
    to proxies.
  • S/MIME
  • S/MIME uses X.509 certificates to
    authenticate end users in the same way that web
    browsers use them.

15
Media Encryption
  • In VOIP media is send directly between users
    using RTP. Encryption of media is achieved by
  • IPSec
  • Secure RTP (SRTP)
  • It provides a framework for encryption and
    message authentication of RTP and RTCP.
  • Cipher Algorithum AES
  • Authenitcation is an optional feature.
  • SRTP uses Security Description for Media Streams
    (SDES) algorithum to negotiate session keys in
    SDP.
  • MIKKEY
  • Mikkey provides its own authentication and
    integrity mechanisim.
  • Mikkey messages carried in a SDP with akey-mgmt
    attritbute.

16
There are Specialized Hacking Tools
  • SIPScan - enumerate SIP interfaces
  • TFTPBrute - TFTP directory attacking
  • UDP and RTP Flooder - DoS tools
  • hping2 TCP session flooding
  • Registration Hijacker - tool to take over H.323
    session
  • SIVUS - SIP authentication and registration
    auditor
  • Vomit - RTP Playback
  • VOIP HOPPER IP Phone mimicing tool
  • Dsniff - various utilitarian tools (macof and
    arpspoof)
  • Wireshark (Ethereal) / tcpdump - packet capture
    and protocol analysis

17
Thanks You
Write a Comment
User Comments (0)
About PowerShow.com