SlideShare a Scribd company logo

Security Issues In Voip

Waqas Daar
Waqas Daar

The document discusses security issues in VOIP. It begins with an introduction to VOIP and its increasing popularity. It then outlines the VOIP architecture, covering signaling protocols H.323 and SIP. It describes common VOIP threats like denial of service, eavesdropping, and call fraud. Specific VOIP attacks are explained at the signaling and media layers. The document concludes with an overview of security solutions for VOIP including authentication, confidentiality, and media encryption.

Related slideshows

Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN network
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsPhilippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elements
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS
 
1 of 23
Download to read offline
Security Issues in VOIP Practical VOIP (IK2554) Waqas Daar (daar@kth.se) KTH, Royal Institute of Technology Stockholm, Sweden
Presentation Outline Introduction VOIP Architecture • H.323 • SIP VOIP Threats VOIP Attacks Security Solutions Conclusion 23/05/2008 2
Introduction Voice over IP is a technology that is used to transmitt voice from Packet switched network to Circuit swtiched network and vice versa. VOIP popularity is growing day by day. • Cost Reduction • Mobility • Offering services like audio video conferencing, Instant messaging etc. 23/05/2008 3
VOIP Architecture VOIP technology is used to establish and managing communication sessions for transmission of audio or video over IP network. VOIP signaling protocols are used to setup, tear down calls, carry information required to locate users, and negotiate capabilities. • H.323 • Session Initiation Protocol (SIP) 23/05/2008 4
H.323 H.323 is the ITU-T standard for audio and video transmission over packet base network. H.323 was initially targeted multimedia conferencing over LAN. H.323 is an umbrella protocol, which contains several other protocols. • H.225 • H.245 H.323 uses Real Time Protocol (RTP) for media transmission. 23/05/2008 5
H.323 (cont.) H.323 network elemets • H.323 terminal end points (TE) • H.323 Gatekeeper (GK) • H.323 Gateway (GW) • H.323 Multi Control Unit (MCU) H.323 network consist of a number of zones and each zone must contain a H.323 Gatekeeper(GK). 23/05/2008 6
H.323 Network 23/05/2008 7
H.323 Call Model Figure 2 H.323 Call Model [1] 23/05/2008 8
Session Initiation Protocol (SIP) SIP is an application layer protocol, which is used to establish, maintain and terminate multimedia session. SIP is a text base protocol. SIP uses Session Description Protocol (SDP) for setting up parameters for actual media transmission. RTP is used for actual media transmission. 23/05/2008 9
SIP Components Two general categories of SIP are • User Agent (UA) • SIP User Agent Client • SIP User Agent Server • SIP Servers • Proxy Server • Redirect Server • Registrar Server 23/05/2008 10
SIP Basic Call Setup 23/05/2008 11
VOIP Threats Denial of Service Evasdropping Call Fraud Call Redirection SPAM 23/05/2008 12
VOIP Threats (cont,) Denial of Service • Suffers availability of VOIP system. Eavesdropping • In VOIP eavesdropping is a type of an attack, if an attacker able to eavesdropp a communication. Then he can launch different type of an attack like Man in the Middle attack etc. Call Fraud Call Redirection SPAM 23/05/2008 13
VOIP Attacks Signaling Layer Attacks • SIP Registration Hijacking • Impersonating a Server • SIP Message Modification • SIP Cancel / SIP BYE attack • SIP DOS attack Media Layer Attacks • Eavesdropping • RTP insertion attack • SSRC collision attacks 23/05/2008 14
Signaling Layer Attacks SIP Registration attack • Attacker impersonates a valid UA to a registrar himself as a valid user agent. so attacker can recieve calls for a legitmate user. Impersonating a Server • When an attacker impersonates a remote server and user agent request are served by the attacker machine. SIP Message Modification • If an attacker launches a man in the middle attack and modify a message. Then attacker could lead the caller to connect to malicious system. SIP CANCEL / SIP BYE SIP Denial of Service • In SIP attacker creates a bogus request that contained a fake IP address and Via field in the SIP header contains the identity of the target host. 23/05/2008 15
Media Layer Attaks Eavesdropping SSRC collision • If an attacker eavesdropp the conversation and uses one’s peer SSRC to send RTP packet to other peer, it causes to terminate a session. 23/05/2008 16
Security Solutions Two types of security solutions • End-toEnd security • In SIP end points can ensure end-to-end security to those messages which proxy does not read, like SDP messages could be protected using S/MIME. • Media is transferred directly, so end-to-end security is achieved by SRTP. • Hop-by-hop security • TLS, IPSec. 23/05/2008 17
Authentication Authentication means to identify a person. If we take SIP as signaling protocol in VOIP, it defines two mechanisim for authentication • HTTP digest authentication • S/MIME HTTP Digest Authentication • HTTP digest mechanisim used between users to proxies, users to users but not between proxies to proxies. S/MIME • S/MIME uses X.509 certificates to authenitcate end users in the same way that web browsers uses them. 23/05/2008 18
HTTP Digest Authentication 23/05/2008 19
Confidentiality Confidentiality is a term defined to make communication session private. Confidentiality is achieved by encryption. Two ways of achieving • Tranport Layer Security (TLS) • IPSec IPSec uses to protect SIP messages at network layer. IPSec Encapsulation Protocol (ESP) or Authentication Header (AH) must provide confidentiality on hop-by-hop basis. TLS provide transport layer security over TCP. Normally SIP URI is in the form of sip:abc@example.com, but if we are using TLS then SIP URI will be sips:abc@example.com and signaling must be send encrypted. 23/05/2008 20
Media Encryption In VOIP media is send directly between users using RTP. Encryption of media is achieved by • IPSec • Secure RTP (SRTP) • It provides a framework for encryption and message authentication of RTP and RTCP. • Cipher Algorithum: AES • Authenitcation is an optional feature. • SRTP uses Security Description for Media Streams (SDES) algorithum to negotiate session keys in SDP. • MIKKEY • Mikkey provides its own authentication and integrity mechanisim. • Mikkey messages carried in a SDP with a=key-mgmt attritbute. • ZRTP • ZRTP also describes an extension header for RTP to establish a session key for SRTP. 23/05/2008 21
Conclusion…….. 23/05/2008 22
Thanks. 23/05/2008 23

More Related Content

Security Issues In Voip

  • 1. Security Issues in VOIP Practical VOIP (IK2554) Waqas Daar (daar@kth.se) KTH, Royal Institute of Technology Stockholm, Sweden
  • 2. Presentation Outline Introduction VOIP Architecture • H.323 • SIP VOIP Threats VOIP Attacks Security Solutions Conclusion 23/05/2008 2
  • 3. Introduction Voice over IP is a technology that is used to transmitt voice from Packet switched network to Circuit swtiched network and vice versa. VOIP popularity is growing day by day. • Cost Reduction • Mobility • Offering services like audio video conferencing, Instant messaging etc. 23/05/2008 3
  • 4. VOIP Architecture VOIP technology is used to establish and managing communication sessions for transmission of audio or video over IP network. VOIP signaling protocols are used to setup, tear down calls, carry information required to locate users, and negotiate capabilities. • H.323 • Session Initiation Protocol (SIP) 23/05/2008 4
  • 5. H.323 H.323 is the ITU-T standard for audio and video transmission over packet base network. H.323 was initially targeted multimedia conferencing over LAN. H.323 is an umbrella protocol, which contains several other protocols. • H.225 • H.245 H.323 uses Real Time Protocol (RTP) for media transmission. 23/05/2008 5
  • 6. H.323 (cont.) H.323 network elemets • H.323 terminal end points (TE) • H.323 Gatekeeper (GK) • H.323 Gateway (GW) • H.323 Multi Control Unit (MCU) H.323 network consist of a number of zones and each zone must contain a H.323 Gatekeeper(GK). 23/05/2008 6
  • 8. H.323 Call Model Figure 2 H.323 Call Model [1] 23/05/2008 8
  • 9. Session Initiation Protocol (SIP) SIP is an application layer protocol, which is used to establish, maintain and terminate multimedia session. SIP is a text base protocol. SIP uses Session Description Protocol (SDP) for setting up parameters for actual media transmission. RTP is used for actual media transmission. 23/05/2008 9
  • 10. SIP Components Two general categories of SIP are • User Agent (UA) • SIP User Agent Client • SIP User Agent Server • SIP Servers • Proxy Server • Redirect Server • Registrar Server 23/05/2008 10
  • 11. SIP Basic Call Setup 23/05/2008 11
  • 12. VOIP Threats Denial of Service Evasdropping Call Fraud Call Redirection SPAM 23/05/2008 12
  • 13. VOIP Threats (cont,) Denial of Service • Suffers availability of VOIP system. Eavesdropping • In VOIP eavesdropping is a type of an attack, if an attacker able to eavesdropp a communication. Then he can launch different type of an attack like Man in the Middle attack etc. Call Fraud Call Redirection SPAM 23/05/2008 13
  • 14. VOIP Attacks Signaling Layer Attacks • SIP Registration Hijacking • Impersonating a Server • SIP Message Modification • SIP Cancel / SIP BYE attack • SIP DOS attack Media Layer Attacks • Eavesdropping • RTP insertion attack • SSRC collision attacks 23/05/2008 14
  • 15. Signaling Layer Attacks SIP Registration attack • Attacker impersonates a valid UA to a registrar himself as a valid user agent. so attacker can recieve calls for a legitmate user. Impersonating a Server • When an attacker impersonates a remote server and user agent request are served by the attacker machine. SIP Message Modification • If an attacker launches a man in the middle attack and modify a message. Then attacker could lead the caller to connect to malicious system. SIP CANCEL / SIP BYE SIP Denial of Service • In SIP attacker creates a bogus request that contained a fake IP address and Via field in the SIP header contains the identity of the target host. 23/05/2008 15
  • 16. Media Layer Attaks Eavesdropping SSRC collision • If an attacker eavesdropp the conversation and uses one’s peer SSRC to send RTP packet to other peer, it causes to terminate a session. 23/05/2008 16
  • 17. Security Solutions Two types of security solutions • End-toEnd security • In SIP end points can ensure end-to-end security to those messages which proxy does not read, like SDP messages could be protected using S/MIME. • Media is transferred directly, so end-to-end security is achieved by SRTP. • Hop-by-hop security • TLS, IPSec. 23/05/2008 17
  • 18. Authentication Authentication means to identify a person. If we take SIP as signaling protocol in VOIP, it defines two mechanisim for authentication • HTTP digest authentication • S/MIME HTTP Digest Authentication • HTTP digest mechanisim used between users to proxies, users to users but not between proxies to proxies. S/MIME • S/MIME uses X.509 certificates to authenitcate end users in the same way that web browsers uses them. 23/05/2008 18
  • 19. HTTP Digest Authentication 23/05/2008 19
  • 20. Confidentiality Confidentiality is a term defined to make communication session private. Confidentiality is achieved by encryption. Two ways of achieving • Tranport Layer Security (TLS) • IPSec IPSec uses to protect SIP messages at network layer. IPSec Encapsulation Protocol (ESP) or Authentication Header (AH) must provide confidentiality on hop-by-hop basis. TLS provide transport layer security over TCP. Normally SIP URI is in the form of sip:abc@example.com, but if we are using TLS then SIP URI will be sips:abc@example.com and signaling must be send encrypted. 23/05/2008 20
  • 21. Media Encryption In VOIP media is send directly between users using RTP. Encryption of media is achieved by • IPSec • Secure RTP (SRTP) • It provides a framework for encryption and message authentication of RTP and RTCP. • Cipher Algorithum: AES • Authenitcation is an optional feature. • SRTP uses Security Description for Media Streams (SDES) algorithum to negotiate session keys in SDP. • MIKKEY • Mikkey provides its own authentication and integrity mechanisim. • Mikkey messages carried in a SDP with a=key-mgmt attritbute. • ZRTP • ZRTP also describes an extension header for RTP to establish a session key for SRTP. 23/05/2008 21