Seminar on Voip Challenges and Countermeasures
- 1. Govt. Engineering College Bikaner
A SEMINAR Presentation
ON
SECURITY CHALLENGE
AND DEFENSE IN VOIP
INFRASTRUCTURE
Presentation By:
Deepak Kumar Mishra
Information Technology
FINAL YEAR
- 2. WHAT IS VOIP
Voice over internet protocol : Allows user to to make calls using
broadband internet Connection instead of analog phone line.
Uses packet-switched network replace circuit switched network.
VOIP DATA PROCESSING
SIGNALING (H.323 , SIP )
ENCODING AND TRANSPORT (analog to digital , RTP , UDP)
GATEWAY CONTROL (format conversion )
- 4. Fig. 1. (a) Typical VoIP network structure. (b) Voice data processing of the VoIP.
- 6. GENERIC SECURITY CONCERNS IN VOIP
DOS- Availability.
Eavesdropping – confidentiality.
Alteration of voice stream – confidentiality and Integrity .
Toll fraud – Integrity .
Redirection of call – Integrity and confidentiality.
Accounting Data Manipulation – Integrity and Confidentiality.
Caller Identification Impersonation – Integrity
- 8. ATTACK VECTORS IN VOIP AND CRITICAL CHALLENGES
The threats to the VOIP system can be further broken down
into specific attack vectors to disrupt the system and
summarized by the system layer where the attacks occur .
SIP Registration Hijacking
SIP Message Modification
SIP cancel / bye attack
Malformed SIP Command
SIP Redirect
RTP Payload
RTP Tampering
- 9. SIP REGISTRATION HIJACKING
Registration hijacking occurs when an attacker
impersonates a valid UA to a registrar and replaces the
legitimate registration with its own address .
TLS can protect this.
SIP MESSAGE MODIFICATION
Have no Built in integrity ,by Man in middle attacks
an attacker can intercept and modify SIP messages .
TLS can protect from reading it.
- 11. SIP CANCEL /BYE ATTACK
The attacker can create an SIP message with the Cancel or
Bye command in its payload and send it to an end node to
terminate ongoing conversation .
Strong Authentication can control this attack.
MALFORMED SIP COMMAND
SIP uses HTML to carry command information , it becomes
difficult to test the SIP parser with possible inputs.
Strong Authentication and Dictionary test of cases for parser
can save network.
- 13. SIP REDIRECT
By attacking REDIRECT SERVER and commanding it to redirect
the victim’s call to specific number can redirect to null type device .
TLS with strong password can eliminate this.
RTP PAYLOAD
RTP carries actual encoded messages b/w two callers , adds
sequencing information .
MITM attack can gain access to the RTP media stream b/w two
nodes and can inspect and modify the data
- 14. RTP TAMPERING
By manipulation of the sequence number and timestamp fields
in the header of the RTP packet , the packets can be re
sequenced or made unusable.
SRTP can determine the modification of packet.
- 16. Other Attacks General to IP Data Networks.
1. Physical Attack
2. Address Resolution Protocol
3. MAC Spoofing
4. IP Spoofing
5. Malformed Packet
6. TCP or UDP Replay
7. Dynamic Host Configuration Protocol
8. Internet Control Message Protocol
9. Buffer Overflow Attack
10.OS Attack
11.Virus and Malware
12.CIDR Database Attack
- 19. DEFENSE VECTORS IN VOIP
Separation of VOIP and Data Traffic
Similar to port Authentication , separating voice and data traffic is a key
enabler to overall security. VLAN technology (802.1q) is applied along with
voice mail servers and SIP aware firewalls.
Configuration Authentication
VOIP phones need basic config. Information to get into VOIP system ,public
key or shared secret keys can help in the authenticated configuration of the
phone .Along with TLS it becomes more secure.
- 20. Signaling Authentication
The IP Security(IP Sec ) protocol provides mechanisms for both authentication
and encryption .
Provides DNS Secure , Authentication Header protocol . Controls Replay Attacks.
Media Encryption
SRTP protocol minimizes the number of keys that must be shared b/w two
nodes , MIKEY(multimedia Keying Protocol) capable of handing keys in adhoc
environment .