security in voip

of 28/28
VoIP Security (Voice over Internet Protocol) Brian Martin Matt Protacio February 28, 2007

Post on 20-May-2015




0 download

Embed Size (px)


  • 1. VoIP Security (Voice over Internet Protocol) Brian Martin Matt Protacio February 28, 2007

2. History of VoIP

  • First internet phone service offered in 1995 by a company called Vocaltec
    • Most people didnt yet have broadband, and most soundcards were half duplex.
  • First PC to phone service in 1998, followed by phone to phone service.Cisco, Nortel, and Lucent develop hardware VOIP switches (gateways).
  • VOIP traffic exceeded 3% of voice traffic by 2000

3. History of VoIP (Continued)

  • Around 2004 began mass marketing for digital phone service bundled with broadband arranged so calls would be received over regular phones.
  • Digital phone services use an adaptor from the modem to a phone jack so there is almost no difference between that and regular phone service.Other services use software clients requiring a computer with a microphone.

4. VoIP vs. Old Phones

  • Benefits:
    • More efficient bandwidth usage
    • Only one type of network required, data abstraction in the network
  • Criticisms:
    • 911 localization doesnt always work
    • Phones arent useable in a power outage, unless UPS are deployed
    • Fax machines might not work

5. Common VoIP Security Threats

  • VoIP Security Alliance, founded in 2005
    • Threat Taxonomy
    • Forums, Articles
  • Caller misrepresentation, caller id spoofing
  • Unwanted calls, spam or stalking

6. Common VoIP Security Threats (Continued)

  • Traffic Capture
  • Eavesdropping
  • Interception
  • Alteration (conversion quality, content)
  • Black holing
  • Call Hijacking
    • SIP (Session Initiation Protocol) register hijacking
  • DoS

7. SIP registration hijacking with SiVuS and a botnet

  • SIP
    • Session Initiation Protocol
    • Application layer control protocol for initiating VOIP sessions
    • Control messages were not encrypted and had no mechanism to verify integrity
      • So even if registration requires authentication, it can be sniffed easily

8. The basic attack plan

  • Both Callers must register with a registrar server before a call may be initiated
    • DoS the receiver with zombie minions
    • Deregister him with the registrar
    • Falsify his registration with SiVuS
    • Anyone planning to call him will not know and you can try to claim you are the legitimate call receiver.
    • Chances are the intended call receiver will not notice either

9. 10. 11. 12. Good Ideas

  • If using SIP use TLS
    • Transport Layer Security (encryption, basically)
    • The text based messages of SIP are considered a feature though
  • If only VoIP appliances are connected to the the network, then no PCs are available to launch attacks from.
  • Segregate data and voice to their own Virtual Lans (VLANs)
  • Encrypt!!!
    • Prevents voice injections and casual eavesdropping
  • Redundant network to deal with DoS.
  • Secure IP-PBX and gateway boxes

13. VoIP Popularity

  • VoIP use has more than doubled in the past year, according to Telegeography Research, and experts expect the growth to continue.
    • New York Daily News, Februray 26, 2007

14. Popular VoIP Services

  • Enterprise
    • Cisco CallManager
  • Home
    • Vonage
    • Skype
    • Cable Companies (Time Warner, Insight, Comcast, etc.)

15. Cisco CallManager

  • Enterprise VoIP Product
  • Marketed towards companies and organizations looking to replace legacy PBX (Private Business Exchange) systems or install a new IP telephony based system

16. Cisco CallManager System Design

  • Phones
    • Deskphones, model 7960
      • Ethernet, PoE(Power over Ethernet)
    • Software Phone
      • IP Communicator
      • Popular for using across a VPN

17. Software Phone: IP Communicator 18. Cisco CallManager System Design (continued)

  • Servers
    • CallManager Subscribers and Publishers
      • Windows or Linux Servers running Cisco Software
      • Process all calls
      • Interface with existing PBX systems

19. CallManager Security

  • Multiple VLANs
    • Separate VLANs for Voice and Data
    • Higher Security by isolating voice on separate VLAN
  • Primary Protocols
    • SIP
    • H.323

20. H.323 Attack

  • Attacker can exploit the open standard protocol to establish malicious phone calls
  • Microsoft Netmeeting can be used to initiate an H.323 Phone Call
  • Malicous phone calls can be established to make international calls
  • Threat can be eliminated by not allowing international dialing on lines from telephone company

21. IP Phone Tap

  • Capture IP packets from Phone
    • Use Ethereal network sniffer
  • Extract audio from packets
  • Export audio file of phone call

22. 23. 24. 25. 26. 27. Prevent Phone Tapping

  • Encrypt voice traffic
  • Prevent attacker from capturing traffic out of a phone
    • Lock down access to network switch phone is connected to

28. Conclusion

  • VoIP is established as the future of telephones
  • Security is critical when designing and maintaining VoIP systems
  • Questions?