Introduction
The VoIP problem was identified after carrying out a thorough assessment of the company’s communication systems. The analysis of the problem showed that the company’s VoIP network and infrastructure was prone to denial-of-service attacks (DoS) that affected the quality of the calls. The company’s Internet Protocol infrastructure is made up of private branch exchanges (PBXs), media gateways, firewalls, cabling and wireless routers. VoIP users in WLAN network of the company have been unable to complete their calls and some parts of their conversation have been cut off because of the DoS attacks. The company at some point during its operations faced a complete degradation of its VoIP network because of the increasing DoS attacks. During this time the company lost a lot of business as a result of the DoS attacks and disruptions to the VoIP network service.
DoS attacks in VoIP networks can be caused by a variety of service disruptions that can range from turning the server power off to disabling the router or turning off the Internet Protocol phone. A detailed analysis of the company’s VoIP problem showed that the protocols used in the signaling messages were prone to regular DoS attacks. This is because the protocols which included the session initiation protocol (SIP) and the real-time transport protocols (RTP) were made up of complex software structures that made VoIP implementation flaws to be vulnerable to DoS attacks. The company mostly relied on firewalls to detect whether there were any threats to its Internet Protocol networks and because firewalls are unable to detect VoIP signaling attacks, the DoS threats continued to affect the company’s VoIP service (Collier, 2005).
The most common DoS attacks that affect VoIP networks include implementation flaw DoS attacks, flood DoS and application level DoS attacks. Implementation flaw DoS occurs when an attacker sends a carefully crafted packet to exploit the implementation flaw of VoIP. The packet is usually incorrect or designed in a way that will make the recipient of the VoIP call unable to decipher the message. Flood DoS attacks occur when a big amount of packages are sent to a exacting VoIP constituent. The targeted VoIP component will be unable to process the legitimate packets because it is processing the attacked packets. This will mean that the legitimate packets will be ignored or processed slowly making the VoIP service to be slow or unusable. The application DoS attack occurs when a component of VoIP is manipulated. This manipulation can be in the form of call hijacking or call altering to change the content of the VoIP message (Collier, 2005).
VoIP Architecture and Protocols
The communication that takes place between a VoIP caller and callee is usually performed in two phases which include the establishment of the call session and the exchange of information or the general conversation between the two people. Once the caller initiates a call session with the callee, the two parties exchange media traffic which demonstrates that VoIP functions in two phases. According to Kim (2009), “the protocol that is used in the first function is the session initiation protocol (SIP) which allows the VoIP caller to initiate the call session”. SIP facilitates the creation and modification of multimedia sessions over the Internet as they are being established. The second protocol used in the second phase is the real time transport protocol (RTP) which is used to facilitate the exchange of media traffic between the two people. There cannot be any exchange of media traffic if a session initiation protocol has not been established (Kim, 2009).
The main purpose of the SIP function is to facilitate the creation and modification of media stream communication during the initiation of the VoIP call session between unicast and multicast parties. The session initiation protocol (SIP) incorporates the use of asynchronous features during the session initiation stage. Each transaction that takes place in the initiation stage consists of a client request that is meant to evoke a particular response from the callee. This function of VoIP usually works in conjunction with other protocols that include the real-time transport protocol (RTP) and the session description protocol (SDP) (Ganguly & Bhatnagar, 2008).
The real-time transport protocol (RTP) is an important protocol in VoIP that incorporates the use of standardized packets during the transmission of media streams over IP networks. The real-time protocol is usually used in multimedia communication systems that involve the live streaming of media such as the VoIP function, video teleconferencing and push-talk features. A protocol that is used together with the RTP is known as the real-time transport control protocol (RTCP). The RTCP monitors the transmission of media streams carried by the RTP and it also monitors the quality of service that exists within the media stream to determine whether it’s of a high or low quality. The RTP component is usually designed to support the transfer of end-to-end, real-time data to a multiple set of destinations through the Internet Protocol network (Peterson & Bruce, 2007).
The SDP (session description protocol) is a format that is used in indicating the different sessions of multimedia messaging during the period initiation stage as well as in conducting functions such as summons to the session, parameter concession, and broadcast of the session to the recipient. This element of VoIP basically conducts the function of negotiating between the end points of the media stream and its properties as well as its format. SDP is designed to work in conjunction with other protocols such as the session announcement protocol (SAP), the session initiation protocol (SIP) and the real-time transport protocol (Ganguly & Bhatnagar, 2008).
Threats and Attacks
According to the Voice over IP Security Association (VOIPSA), VoIP spam was classified as major threat according to a report published by the organization in 2005. VoIP spam was classified as an unwanted lawful content that mostly occurred when a seller or telemarketer solicited for customers to purchase legal products over the VoIP function. Such solicitation was classified as a major threat to the functions of VoIP as it made it difficult to screen between the genuine callers and those who were soliciting for customer. Most users of VoIP wanted such callers to be screened to prevent cases of solicitation and also to prevent the nuisance of being called by many sellers/ telemarketers in one day (VOIPSA, 2010).
The various forms of VoIP spam as identified by VOIPSA include call spam, presence spam and instant message (IM) spam. Call spam usually occurs when a VoIP spam caller attempts to send unsolicited session initiation protocol (SIP) messages to another person unknown to them so as to establish a multimedia session with them. IM spam involves spammers sending unsolicited instant messages to another person unknown to them to establish some form of communication with them. This form of VoIP spam is usually sent through an extended SIP message where the spammer uses the subject field of the SIP request message to invite the intended recipient of the message to choose or subscribe to the message. The presence spam involves spammers using the “subscribe” message incorporated into the session initiation protocol to send unsolicited requests to users requesting them to become members of the spammers ‘buddy list’ or ‘white list’ (Kim, 2009).
VoIP spamming has been identified as major issue since it lacks the proper mechanisms and architecture to deal with the amount of VoIP spam that a person receives in one day. Despite there being anti-spamming laws around the world to prevent the sending of unsolicited messages or calls, the problem still continues to persist as more people complain about the level of spam messages and calls they receive in one day. One reason why this problem has continued to be persistent is that the sender of the unsolicited information is usually untraceable or unreachable. With regards to VoIP, call spam has become the most common problem as callers hide their identities when soliciting for calls over the telephony function (Ganguly & Bhatnagar, 2008).
Apart from spamming, the VoIP function faces the threat of call hijacking where an attacker hijacks a portion of the VoIP call session. The VoIP call hijack usually occurs when the attacker inserts a spoofed response to the call initiation request that was sent by the caller. The spoofed response sent by the attacker is designed to redirect the caller’s communication session to a rogue server where the attacker intercepts the call. Call altering is another threat to VoIP as an attacker can actively introduce media traffic into the ongoing conversation. Call altering differs from call hijacking in that the attacker alters the kind of conversation that is taking place between the caller and callee. The attacker does not allow certain parts of the information to pass between the caller and callee, resulting in the termination of the VoIP call (Ganguly & Bhatnagar, 2008).
VoIP Vulnerabilities
As with any Internet technology, VoIP is subject to vulnerabilities that might affect its functions in a wireless network. One of these vulnerabilities is the Internet Protocol (IP) infrastructure where related VoIP systems can compromise the VoIP infrastructure in the IP network. Another VoIP vulnerability is the configuration of the VoIP devices where many of these devises operate with the default factory configurations. These default settings which usually run in open ports are vulnerable to spam attacks, authentication bypasses and buffer overflows. Execution flaws is a VoIP vulnerability where the standard databases that are used in VoIP services make it difficult to filter active content during the session initiation protocol (Thermos & Takanen, 2008).
Another VoIP vulnerability is the low bandwidth that accompanies most VoIP functions. The VoIP service’s bandwidth cannot withstand many callers using the service at the same time. If the number of VoIP users is low, the bandwidth does not experience any problems but when the number of callers is high, the service’s bandwidth experiences traffic congestion making it difficult to complete conversations and also lowering the quality of the VoIP calls. A high VoIP traffic also puts a lot of pressure on the company’s internet connections which might affect any other functions being performed over the Internet such as email, chatting and downloading. Password management is another VoIP vulnerability as the only form of identification that is used by VoIP users is the session initiation protocol URL link or the telephone number of the VoIP user. This information is usually stored in the company server making it easy for anyone with access to this server to user the user’s information (Thermos & Takanen, 2008).
Signaling Protection Mechanisms
Signaling protection mechanisms are used in protecting the signal messages that are exchanged between the users of the VoIP service. Signaling messages are usually used in setting up the multimedia communication streams that allow for the exchange of these messages in secure media streams. The proper protection of signaling messages ensures that the session initiation protocol (SIP) which usually initializes the media session is not prone to any threats and attacks that might affect the transmission of the message. The appropriate mechanism that can be used to prevent an attack to the SIP is the secure/multipurpose internet mail extension (S/MIME). The S/MIME provides message integrity and end-to-end confidentiality as well as the authentication of the SIP function (Thermos & Takanen, 2008).
The S/MIME provides the appropriate mechanisms that can be used to encode and present multimedia messages such as videos, audio clips and graphics within the SIP without compromising the quality of the information. Transport layer security (TLS) can also be used to provide security against threats and attacks like message altering, eavesdropping and call hijacking. TLS guarantees that there is the mutual verification of user certificates as well as message integrity and confidentiality. TLS also protects the negotiation of cryptographic keys within the SIP (Thermos & Takanen, 2008).
Media Protection Mechanisms
Media protection mechanisms involve the applications that are used in securing multimedia streams during the VoIP transmission. The standard protocol that is used in exchanging multimedia communication streams is the real-time transport protocol (RTP). RTP streams are prone to threats and attacks during the VoIP transmission as these streams can be intercepted and manipulated to perform various attacks on the call. The most common media protection mechanism that is used in preventing threats and attacks to VoIP services is the secure real time protocol (SRTP). This protocol provides several properties that are used to protect media stream manipulation by attackers (Thermos & Takanen, 2008).
These properties include the ability to incorporate new cryptographic to the VoIP message, the ability to maintain a low bandwidth, the ability to conserve the implementation code and the underlying transport independence of the RTP as well as the bandwidth network in use. The secure real time protocol mechanism is useful as it supports the authentication and confidentiality of the multimedia messages. It also ensures for the integrity of the VoIP call by protecting the users of VoIP against attacks from call hijackers, call manipulators and DoS attacks. It also ensures that all RTP functions have been authenticated in the multimedia message (Thermos & Takanen, 2008).
Key Management Mechanisms
The key management mechanisms that are used in the key management of VoIP services include MIKEY, ZRTP and SRTP. The MIKEY (Multimedia Internet KEYing) mechanism ensures that the unicast and multicast nature of the multimedia messages is scalable and flexible. MIKEY’s primary purpose is to minimize the level of latency that is usually experienced when cryptographic keys are exchanges between small interactive groups within a heterogeneous network. MIKEY also ensures for the integration and independence of the session description protocol (SDP). The management mechanism was also designed to minimize message exchanges and maintain protocol integration.
ZRTP is another mechanism that is used in key management protocols. The ZRTP mechanism negotiates the cryptographic keys through the real time transport protocol (RTP) over a UDP port instead of the signaling path that is usually used by the MIKEY mechanism. This means that the key negotiation is performed in a more direct way between peers without using any SIP intermediaries. The secure real time protocol (SRTP) mechanism is not a key management mechanism but it is used in negotiating the cryptographic keys amongst users in unicast or multicast media sessions (Thermos & Takanen, 2008).
VoIP and Network Security Controls
These are the network controls that are used in protecting a VoIP message during its deployment. A fundamental element that is important in the secure deployment of a VoIP message is a well defined architecture. The VoIP architecture should be designed in a way that is reliable, integral, confidential and authentic. The VoIP network security controls that are used to ensure that the message is confidential, reliable and authentic include the user-authorization request commands which allow the user on a SIP proxy to request for an authorization from the proxy server on behalf of the SIP user, VoIP firewalls which help to protect against threats and attacks by enforcing policies on inbound and outbound traffic, NAT security control which suppresses and hides external threats and attacks from affecting internal hosts, signature based intrusion detection systems which identify malicious activity by inspecting VoIP packets during the transmission and anomaly based intrusion detection systems which identify threats and attacks to VoIP by analyzing media streams in the VoIP network traffic (Thermos & Takanen, 2008).
Security Framework for Enterprise VoIP Networks
The security framework for VoIP includes security policies, physical security perimeter, access control, operations management and asset management. The VoIP security policy involves recognizing the strengths and limitations that are usually introduced by technology in VoIP operations. The policy provides standards and technical controls that are used in supporting regulatory requirements. Asset management involves maintaining the security of enterprise and VoIP carrier networks. Asset management helps in measuring the compliance of controls during VoIP security evaluations. Physical security perimeter involves protecting the core network elements of VoIP which include network routers, DNS, NTP and proxy servers (Thermos & Takanen, 2008).
The physical security perimeter provides these network elements with physical isolation from external access by unauthorized personnel while at the same time providing access controls to authorized personnel. Operations management involves managing and maintaining an adequate level of security posture in the VoIP network while at the same time maintaining the procedures that are used in managing the VoIP network. Access control in VoIP networks takes place in three dimensions which are the user, access, device access and administration, management access. Access control in these three dimensions is important to ensure that the appropriate authorization has been used to access any of these dimensions within the VoIP network (Thermos & Takanen, 2008).
Provider Architectures and Security
The provider architectures that are used by VoIP service providers during message deployment include carrier grade VoIP architectures which are used to provide secure and robust VoIP networks for both the enterprise and residential customers. The IMS is a provider architecture that defines the number of functions that will be implemented by various VoIP network elements. The public system telephony network (PSTN) is an architecture that is used to support the multimedia communication and transmission systems of VoIP. The IMS and PacketCable architectures are security architectures that are used to protect against various threats and attacks that are related to VoIP (Thermos and Takanen, 2008).
The most common VoIP service provider architectures that are in use by most companies include converged Telco, Internet-based voice service provider (I-VSP), and ISP-based voice service provider (ISP-VSP). The converged telco infrastructure is a telecommunications provider that provides communication services over VoIP and PSTN infrastructures. The ISP-VSP is an internet service provider that supplies existing VoIP customers with VoIP services while the I-VSP is a provider infrastructure that supplies telecommunication services through the use of VoIP (Thermos & Takanen, 2008)
Enterprise Architectures and Security
The enterprise architectures that are used in VoIP security functions include call manager/agent which controls the communications that exist between users within the VoIP infrastructure, IP-PBX which facilitates the interconnection between the PSTN and the enterprise Internet Protocol network by combining the functions of a media gateway and the signaling gateway. The signaling gateway is used in deploying large VoIP enterprises by translating the signaling messages between the IP network and the PSTN. The media gateway in the enterprise VoIP converts multimedia streams from TDM circuits to IP packet streams.
The voice mail server is usually used in enterprise VoIP to store multimedia messages that can be retrieved at a later time. The voice mail server works in conjunction with the media and signaling gateway. The unified messaging server archives messages by interacting with the email servers to retrieve and archive messages. The unified messaging server also converts text messages into voice messages and voice messages into text messages through the use of prompts (Thermos & Takanen, 2008).
Recommendations and Implementation of the Solution
To treat the problem effectively, the VoIP service provider together with the network manager of the affected company have to first locate the origin of the DoS packet that is attacking the VoIP system. However, this process might prove to be difficult and futile if the attacker uses an illegitimate address. This will make it difficult to determine where the packet has come from. This method will also be difficult in a wide area network that has many users accessing the IP network of the company at once.
The most suitable method of detecting the origin of the DoS attack would be to analyze the core network of the company’s IP systems. The detection of attacks within the core network is possible because of the filtering processes that take place within this network. There are various approaches that can be used to detect the DoS threats within the core network some of these approaches include the route based packet filtering approach (RPF) and the distributed attack detection technique (DAD). These two techniques have proved to be important in limiting the impact of denial of service attacks on the IP networks of most companies (Lawecki, 2010).
Once the network manager, with support from the IT department, has identified the origin of the DoS packet they can then identify the appropriate solution to deal with the DoS attack. One solution will be to conduct system hardening where the unnecessary network services are removed from the IP network. The system will then be locked down after which an internal host-based intrusion detection software will be used to detect the various levels of DoS attacks on the company’s VoIP systems. System hardening will ensure that future VoIP attacks are prevented by ensuring the VoIP infrastructure is not vulnerable. Another solution will be to conduct authentication of the signaling messages where all VoIP are checked to determine whether they are communicating with legitimate components. This method of DoS prevention works well with internal VoIP deployments but it is not useful when dealing with external VoIP deployments (Juniper Networks, 2006).
Another method will be to install a good antivirus system that will be updated on a regular basis. The antivirus software will protect the VoIP components from data system and computer infections as these components are vulnerable to attacks. The pitfall of antivirus systems is that they can fail to detect the various forms of DoS attacks which means that the VoIP network might still be prone to DoS attacks despite having an antivirus system. The most suitable alternative for the company would be to install application layer gateways between the trusted and the untrusted zones within the VoIP network. These layer gateways act as firewalls because they open and close the network’s pinholes to maintain security (Juniper Networks, 2006).
The application layer gateways (ALGs) are designed to specifically handle demanding Internet applications such as the VoIP service and they are in the best position to prevent against in any DoS attacks to the VoIP service. The ALGs function by monitoring the call setup messages used in VoIP to determine whether they are legitimate or illegitimate. They also monitor the complex protocols that are used in VoIP as well as the VoIP systems infrastructure. The network manager of the company will therefore need to develop deployment strategies that will be based on the various VoIP protocols such as the SIP, RTP and the H.323 (Juniper Networks, 2006).
Once these strategies are developed the ALGs will be implemented based on the various VoIP protocols. The installation of the SIP ALGs will screen all signaling messages that are sent by the SIP component while the H.323 ALG will secure all communications that take place between the VoIP servers and the multimedia devices used in the VoIP process. The H.323 ALGs will be used in both the trusted and the untrusted zones of the IP network (Juniper Networks, 2006). Once the application layered gateways have been implemented, the task of the network manager will be to evaluate the VoIP system to detect whether any DoS attacks have infiltrated the system. This monitoring and evaluation stage will be important for the company in determining whether the ALGs are effective in dealing with DoS attacks. The network manager should assess the expenses for extra backup for power to prevent any power outages within the company that might allow for DoS attacks to take place. This will be important if they company plans to allow the wireless access to its VoIP network.
Conclusion
The research paper focused on the security of VoIP networks in companies that have incorporated the internet telephony facility within the communication networks. The paper also looked at the various approaches and mechanisms that are used in dealing with the threats and attacks that occur in VoIP networks. This involved looking at the components and architecture that makes up VoIP networks as well as the architectures used in developing security mechanisms. The paper also involved looking at VoIP problems that were being experienced by a company as well as the solutions to these problems.
References
Collier, M., (2005). Voice over IP (VoIP) denial of service (DoS). Web.
Ganguly, S., & Bhatnagar, S. (2008). VoIP: wireless, P2P and new enterprise VoIP. East Sussex, England: John Wiley and Sins
Juniper Networks (2006). Enterprise VoIP security: best practices. California, US: Juniper Networks, Inc.
Kim, H.K., (2009). Advances in security technology. Berlin, Germany: Springer Verlag
Lawecki, P., (2007). VoIP security in public networks. Stuttgart, Germany: University of Stuttgart.
Peterson, L.L., & Bruce, D.S. (2007). Computer networks: a systems approach. 3rd Edition. San Francisco, US: Elsevier Science
Thermos, P., & Takanen, A. (2008). Securing VoIP networks: threats, vulnerabilities and countermeasures. Boston, Massachusetts: Pearson Education
VOIPSA (2010). VoIP security and privacy threat taxonomy. Web.