VoIP Security(Voice over Internet Protocol)

Brian Martin

Matt Protacio

February 28, 2007

History of VoIP

• First “internet phone” service offered in 1995 by a company called Vocaltec– Most people didn’t yet have broadband, and

most soundcards were half duplex.

• First PC to phone service in 1998, followed by phone to phone service. Cisco, Nortel, and Lucent develop hardware VOIP switches (gateways).

• VOIP traffic exceeded 3% of voice traffic by 2000

History of VoIP (Continued)

• Around 2004 began mass marketing for “digital phone” service bundled with broadband arranged so calls would be received over regular phones.

• “Digital phone” services use an adaptor from the modem to a phone jack so there is almost no difference between that and regular phone service. Other services use software clients requiring a computer with a microphone.

VoIP vs. Old Phones

• Benefits:– More efficient bandwidth usage

– Only one type of network required, data abstraction in the network

• Criticisms:– 911 localization doesn’t always work

– Phones aren’t useable in a power outage, unless UPS are deployed

– Fax machines might not work

Common VoIP Security Threats

• VoIP Security Alliance, founded in 2005– Threat Taxonomy– Forums, Articles

• Caller misrepresentation, caller id spoofing

• Unwanted calls, spam or stalking

Common VoIP Security Threats (Continued)

• Traffic Capture• Eavesdropping• Interception• Alteration (conversion quality, content)• Black holing• Call Hijacking

– SIP (Session Initiation Protocol) register hijacking

• DoS

SIP registration hijacking with SiVuS and a botnet

• SIP– Session Initiation Protocol– Application layer control protocol for

initiating VOIP sessions– Control messages were not encrypted and

had no mechanism to verify integrity• So even if registration requires authentication, it

can be sniffed easily

The basic attack plan

• Both Callers must register with a registrar server before a call may be initiated– DoS the receiver with zombie minions– Deregister him with the registrar– Falsify his registration with SiVuS– Anyone planning to call him will not know and you

can try to claim you are the legitimate call receiver.– Chances are the intended call receiver will not

notice either

Good Ideas

• If using SIP use TLS– Transport Layer Security (encryption, basically)– The text based messages of SIP are considered a feature though

• If only VoIP appliances are connected to the the network, then no PCs are available to launch attacks from.

• Segregate data and voice to their own Virtual Lans (VLANs)

• Encrypt!!!– Prevents voice injections and casual eavesdropping

• Redundant network to deal with DoS.• Secure IP-PBX and gateway boxes

VoIP Popularity

• “VoIP use has more than doubled in the past year, according to Telegeography Research, and experts expect the growth to continue.”– New York Daily News, Februray 26, 2007

Popular VoIP Services

• Enterprise– Cisco CallManager

• Home – Vonage– Skype– Cable Companies (Time Warner, Insight,

Comcast, etc.)

Cisco CallManager

• Enterprise VoIP Product

• Marketed towards companies and organizations looking to replace legacy PBX (Private Business Exchange) systems or install a new IP telephony based system

Cisco CallManager System Design

• Phones– Deskphones, model 7960

• Ethernet, PoE (Power over Ethernet)

– Software Phone• IP Communicator• Popular for using across a

VPN

Software Phone: IP Communicator

Cisco CallManager System Design (continued)

• Servers– CallManager Subscribers and Publishers

• Windows or Linux Servers running Cisco Software

• Process all calls• Interface with existing PBX systems

CallManager Security

• Multiple VLANs– Separate VLANs for Voice and Data– Higher Security by isolating voice on

separate VLAN

• Primary Protocols– SIP– H.323

H.323 Attack

• Attacker can exploit the open standard protocol to establish malicious phone calls

• Microsoft Netmeeting can be used to initiate an H.323 Phone Call

• Malicous phone calls can be established to make international calls

• Threat can be eliminated by not allowing international dialing on lines from telephone company

IP Phone Tap

• Capture IP packets from Phone– Use Ethereal network sniffer

• Extract audio from packets

• Export audio file of phone call

Prevent Phone Tapping

• Encrypt voice traffic

• Prevent attacker from capturing traffic out of a phone– Lock down access to network switch phone

is connected to

Conclusion

• VoIP is established as the future of telephones

• Security is critical when designing and maintaining VoIP systems

Questions?