SlideShare a Scribd company logo

Seminar on Voip Challenges and Countermeasures

Download as PPTX, PDF
Deepak Mishra
Deepak Mishra

This document summarizes a presentation on security challenges and defenses in VOIP infrastructure. It begins by defining VOIP and how it works, processing voice data over IP networks using protocols like SIP, RTP, and UDP. It then outlines common security concerns like denial of service attacks, eavesdropping, message tampering, toll fraud, and account manipulation. Specific attack vectors are described at the signaling and media layers, such as SIP hijacking, message modification, and RTP tampering. Defenses including separating voice and data traffic, configuration authentication, signaling authentication using IPsec, and media encryption using SRTP are proposed to secure the VOIP system from these attacks.

Related slideshows

I P S P O O F I N G
I P S P O O F I N GI P S P O O F I N G
I P S P O O F I N G
 
Ip spoofing & types of attachs using it
Ip spoofing & types of attachs using itIp spoofing & types of attachs using it
Ip spoofing & types of attachs using it
 
Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention Proposed Methods of IP Spoofing Detection & Prevention
Proposed Methods of IP Spoofing Detection & Prevention
 
1 of 24
Govt. Engineering College Bikaner A SEMINAR Presentation ON SECURITY CHALLENGE AND DEFENSE IN VOIP INFRASTRUCTURE Presentation By: Deepak Kumar Mishra Information Technology FINAL YEAR
WHAT IS VOIP  Voice over internet protocol : Allows user to to make calls using broadband internet Connection instead of analog phone line.  Uses packet-switched network replace circuit switched network. VOIP DATA PROCESSING  SIGNALING (H.323 , SIP )  ENCODING AND TRANSPORT (analog to digital , RTP , UDP)  GATEWAY CONTROL (format conversion )
Seminar on Voip Challenges and Countermeasures
Fig. 1. (a) Typical VoIP network structure. (b) Voice data processing of the VoIP.
OVERVIEW OF SECURITY CONCERNS AND IMPACTS IN A VOIP SYSTEM
GENERIC SECURITY CONCERNS IN VOIP  DOS- Availability.  Eavesdropping – confidentiality.  Alteration of voice stream – confidentiality and Integrity .  Toll fraud – Integrity .  Redirection of call – Integrity and confidentiality.  Accounting Data Manipulation – Integrity and Confidentiality.  Caller Identification Impersonation – Integrity
OCCURRENCE POSITION AND IMPACT OF POTENTIAL ATTACKS TO A VOIP SYSTEM
ATTACK VECTORS IN VOIP AND CRITICAL CHALLENGES The threats to the VOIP system can be further broken down into specific attack vectors to disrupt the system and summarized by the system layer where the attacks occur .  SIP Registration Hijacking  SIP Message Modification  SIP cancel / bye attack  Malformed SIP Command  SIP Redirect  RTP Payload  RTP Tampering
SIP REGISTRATION HIJACKING Registration hijacking occurs when an attacker impersonates a valid UA to a registrar and replaces the legitimate registration with its own address . TLS can protect this. SIP MESSAGE MODIFICATION Have no Built in integrity ,by Man in middle attacks an attacker can intercept and modify SIP messages . TLS can protect from reading it.
Seminar on Voip Challenges and Countermeasures
SIP CANCEL /BYE ATTACK The attacker can create an SIP message with the Cancel or Bye command in its payload and send it to an end node to terminate ongoing conversation . Strong Authentication can control this attack. MALFORMED SIP COMMAND SIP uses HTML to carry command information , it becomes difficult to test the SIP parser with possible inputs. Strong Authentication and Dictionary test of cases for parser can save network.
Seminar on Voip Challenges and Countermeasures
SIP REDIRECT By attacking REDIRECT SERVER and commanding it to redirect the victim’s call to specific number can redirect to null type device . TLS with strong password can eliminate this. RTP PAYLOAD RTP carries actual encoded messages b/w two callers , adds sequencing information . MITM attack can gain access to the RTP media stream b/w two nodes and can inspect and modify the data
RTP TAMPERING By manipulation of the sequence number and timestamp fields in the header of the RTP packet , the packets can be re sequenced or made unusable. SRTP can determine the modification of packet.
POSITION AND IMPACT OF POTENTIALATTACKS IN VOIP
 Other Attacks General to IP Data Networks. 1. Physical Attack 2. Address Resolution Protocol 3. MAC Spoofing 4. IP Spoofing 5. Malformed Packet 6. TCP or UDP Replay 7. Dynamic Host Configuration Protocol 8. Internet Control Message Protocol 9. Buffer Overflow Attack 10.OS Attack 11.Virus and Malware 12.CIDR Database Attack
Seminar on Voip Challenges and Countermeasures
Seminar on Voip Challenges and Countermeasures
DEFENSE VECTORS IN VOIP  Separation of VOIP and Data Traffic Similar to port Authentication , separating voice and data traffic is a key enabler to overall security. VLAN technology (802.1q) is applied along with voice mail servers and SIP aware firewalls.  Configuration Authentication VOIP phones need basic config. Information to get into VOIP system ,public key or shared secret keys can help in the authenticated configuration of the phone .Along with TLS it becomes more secure.
Signaling Authentication The IP Security(IP Sec ) protocol provides mechanisms for both authentication and encryption . Provides DNS Secure , Authentication Header protocol . Controls Replay Attacks. Media Encryption SRTP protocol minimizes the number of keys that must be shared b/w two nodes , MIKEY(multimedia Keying Protocol) capable of handing keys in adhoc environment .
SECURITY MECHANISMS AGAINST ATTACKS
SEGMENTATION OF VOIP VOICE AND DATA
Queries ??
THANK you 

More Related Content

Seminar on Voip Challenges and Countermeasures

  • 1. Govt. Engineering College Bikaner A SEMINAR Presentation ON SECURITY CHALLENGE AND DEFENSE IN VOIP INFRASTRUCTURE Presentation By: Deepak Kumar Mishra Information Technology FINAL YEAR
  • 2. WHAT IS VOIP  Voice over internet protocol : Allows user to to make calls using broadband internet Connection instead of analog phone line.  Uses packet-switched network replace circuit switched network. VOIP DATA PROCESSING  SIGNALING (H.323 , SIP )  ENCODING AND TRANSPORT (analog to digital , RTP , UDP)  GATEWAY CONTROL (format conversion )
  • 4. Fig. 1. (a) Typical VoIP network structure. (b) Voice data processing of the VoIP.
  • 5. OVERVIEW OF SECURITY CONCERNS AND IMPACTS IN A VOIP SYSTEM
  • 6. GENERIC SECURITY CONCERNS IN VOIP  DOS- Availability.  Eavesdropping – confidentiality.  Alteration of voice stream – confidentiality and Integrity .  Toll fraud – Integrity .  Redirection of call – Integrity and confidentiality.  Accounting Data Manipulation – Integrity and Confidentiality.  Caller Identification Impersonation – Integrity
  • 7. OCCURRENCE POSITION AND IMPACT OF POTENTIAL ATTACKS TO A VOIP SYSTEM
  • 8. ATTACK VECTORS IN VOIP AND CRITICAL CHALLENGES The threats to the VOIP system can be further broken down into specific attack vectors to disrupt the system and summarized by the system layer where the attacks occur .  SIP Registration Hijacking  SIP Message Modification  SIP cancel / bye attack  Malformed SIP Command  SIP Redirect  RTP Payload  RTP Tampering
  • 9. SIP REGISTRATION HIJACKING Registration hijacking occurs when an attacker impersonates a valid UA to a registrar and replaces the legitimate registration with its own address . TLS can protect this. SIP MESSAGE MODIFICATION Have no Built in integrity ,by Man in middle attacks an attacker can intercept and modify SIP messages . TLS can protect from reading it.
  • 11. SIP CANCEL /BYE ATTACK The attacker can create an SIP message with the Cancel or Bye command in its payload and send it to an end node to terminate ongoing conversation . Strong Authentication can control this attack. MALFORMED SIP COMMAND SIP uses HTML to carry command information , it becomes difficult to test the SIP parser with possible inputs. Strong Authentication and Dictionary test of cases for parser can save network.
  • 13. SIP REDIRECT By attacking REDIRECT SERVER and commanding it to redirect the victim’s call to specific number can redirect to null type device . TLS with strong password can eliminate this. RTP PAYLOAD RTP carries actual encoded messages b/w two callers , adds sequencing information . MITM attack can gain access to the RTP media stream b/w two nodes and can inspect and modify the data
  • 14. RTP TAMPERING By manipulation of the sequence number and timestamp fields in the header of the RTP packet , the packets can be re sequenced or made unusable. SRTP can determine the modification of packet.
  • 15. POSITION AND IMPACT OF POTENTIALATTACKS IN VOIP
  • 16.  Other Attacks General to IP Data Networks. 1. Physical Attack 2. Address Resolution Protocol 3. MAC Spoofing 4. IP Spoofing 5. Malformed Packet 6. TCP or UDP Replay 7. Dynamic Host Configuration Protocol 8. Internet Control Message Protocol 9. Buffer Overflow Attack 10.OS Attack 11.Virus and Malware 12.CIDR Database Attack
  • 19. DEFENSE VECTORS IN VOIP  Separation of VOIP and Data Traffic Similar to port Authentication , separating voice and data traffic is a key enabler to overall security. VLAN technology (802.1q) is applied along with voice mail servers and SIP aware firewalls.  Configuration Authentication VOIP phones need basic config. Information to get into VOIP system ,public key or shared secret keys can help in the authenticated configuration of the phone .Along with TLS it becomes more secure.
  • 20. Signaling Authentication The IP Security(IP Sec ) protocol provides mechanisms for both authentication and encryption . Provides DNS Secure , Authentication Header protocol . Controls Replay Attacks. Media Encryption SRTP protocol minimizes the number of keys that must be shared b/w two nodes , MIKEY(multimedia Keying Protocol) capable of handing keys in adhoc environment .
  • 22. SEGMENTATION OF VOIP VOICE AND DATA