Post on 16-Jul-2015
transcript
Group 3
Shobhan Garg – 205113003Rajesh Sethi – 205113013Richa Choudhary – 205113023Akash Hirke – 205113033Ayaz Qureshi – 205113043Kaushal Varshney – 205113053Rohit Gurjar – 205113063Jitendra Nagar – 205113073Arun Kumar Meena - 205113077Arpit Gupta - 205113083
VoIP Security
What is VoIP
Voice Over Internet Protocol (VoIP)
• A methodology for the delivery of Voice Communications over Internet Protocol Networks, such as the Internet
• Also called as IP Telephony, Internet Telephony, Broadband Telephony or Broadband Phone Service
Voice over Internet Protocol (VoIP)
contd…
• Similar to Traditional Digital Telephony
• Involve Signaling, Digitization of the Analog Voice Signals, and Encoding
• Traditional Digital Telephony sends the Digital Signals over a Circuit Switched Network
• In VoIP, the digital information is packetized, and transmission occurs as IP Packets over a Packet Switched Network
VoIP Architectures
• PC to PC
• Phone to Phone Via Internet
• PC to Phone
Session Initiation Protocol (SIP)
• Can be used for Two Party (Unicast) or Multiple Party (Multicast) Sessions
• Each resource of a SIP Network is identified by a Uniform Resource Identifier (URI)
• The URI is of the form
• sip:username:password@host:port
SIP Network Elements
• User Agent
• Proxy Server
• Registrar
• Redirect Server
• Session Border Controller
• Gateway
Quality of Service (QoS)
• Less Reliable as there is no mechanism to ensure that the Data Packets are not lost and are arriving in order
• A Best Effort Network
• Latency can be introduced that may exceed the permissible values
• Latency can be minimized by marking Voice Packets as being delay-sensitive
PSTN vs. INTERNET
• PSTN
• Voice network use circuitswitching.
• Dedicated path betweencalling and called party.
• Bandwidth reserved in advance.
• Cost is based on distanceand time.
INTERNET
• Data network use packet switching.
• No dedicated path between sender and receiver.
• It acquires and releases bandwidth, as it needed.
• Cost is not based on distance and time.
Overcoming the Challenges
Latency
Packet loss
Scalability
Jitter
Bandwidth
Reliability
Security
Interoperability
Latency
Latency is the time taken for a packet to arrive at its destination
Packet switching overhead
Congestion
Latency may result in voice synchronization problems
Packet Loss
Packet loss in unavoidable
It can be minimally tolerated in voice transmission
It should not, in the first place, distort the audio
ScalabilityAbility to add more telephony equipment as the company grows
Network bandwidth and other issues may have an effect on scalability
JitterJitter is the delay experienced in receiving a packet when a packet is expected to arrive at the end point at a certain time
BandwidthWhen bandwidth is shared between voice and computer data, certain bandwidth may have to be allocated for voice communication on a network
Reliability
Because the computer network is used, the reliability of the network will have an impact on the telephony service
In the analog telephone industry, reliability of 99
.999 percent uptime is required
The above is known as five nines
VoIP networks can achieve over 98 percent reliability ?
Security
As VoIP uses the Internet, for example, it is vulnerable to the same type as security risks
Hacking
Denial of service
Interoperability
• IP telephony equipment manufactu
red by different vendors must be ab
le to talk to each other
– Standardized protocols are needed
How VoIP Works:
With VoIP, analog voice calls are converted into packets of data. The packets travel like any other type of data, such as e-mail, over the public Internet and any private Internet Protocol (IP) network.
Using a VoIP service, you can call landline or cell phones. You can also call computer-to-computer, with both parties speaking into a computer microphone and listening through computer speakers or headsets.
• Converting the voice signal– ADC (analog to digital)
– DAC (digital to analog)
Voice (source) - - ADC - - - Internet - - - DAC - - Voice (dest)
• Transmission of voice traffic in packets
• The 1-2-3s of VoIP
• 1. Compression – voice is compressed typic
ally with one of the following codecs, G7.11 64
k, G7.29AB 8k, G723.1 6.3k
• 2. Encapsulation – the digitized voice is wra
pped in an IP packet
• 3. Routing – the voice packet is routed thru t
he network to its final destination
Components
• VoIP Protocols
• VoIP Gateway
• VoIP Codecs
1. VOIP Gateway
Voice over Internet Protocol (VoIP) gateway is a
device that converts analog telephony signals to
digital.
A network device that converts voice and Fax
calls, in real time, between the public switched telephone network (PSTN) and an IP network.
Type of Gateway
• Analog
- FXS gateway
- FXO gateway
• Digital
Features
• Call routing, packetization and control signaling management.
• Voice and fax compression/decompression.
• External controller interfaces.
VOIP Codecs
• A codec, which stands for coder-decoder, converts an audio signal into compressed digital form for transmission and then back into an uncompressed audio signal for replay. It's the essence of VoIP. It converts each tiny sample into digitized data and compresses it for transmission.
• Common VoIP Codec:
• G.711 - Delivers precise speech transmission. G.711 uses a logarithmic compression. It squeezes each 16-bit sample to 8 bits, thus it achieves a compression ratio of 1:2. The resulting bitrate is 64 kbit/s for one direction, so a call consumes 128 kbit/s.
• This codec can be used freely in VoIP applications as there are no licensing fees. It works best in local area networks where we have a lot of bandwidth available.
• G.722 - Adapts to varying compressions and bandwidth is conserved with network congestion.
• G.729 - G.729 is a codec that has low bandwidth requirements but provides good audio quality (MOS = 4.0). The codec encodes audio in frames, each frame is 10 milliseconds long. Given the sampling frequency of 8 kHz, the 10 ms frame contains 80 audio samples. G.729 is a licensed codec.
•
• G.723.1 - High compression with high quality audio. Lot of processor power. It is a licensed codec.
•
• G.726 – An improved version of G.721 and G.723 (different from G.723.1)
PBX
Yesterday’s Networks
Circuit Switched Networks (Voice)
CO
PBX
COCO
Packet Switched Networks (Data)Router
Router
Router
Router
Router
• Separated networks
• Separated applications/services
PBX
IP Phone
Converged Network
PSTN
CO
Gateway
Router
Router
Router
Router
• Converged network• Separated or integrated applications
PBX
IP Phone
IP Network
Multimedia PC
Multimedia PC
Initially, PC to PC v
oice calls over the I
nternet
VoIP Architecture?
PSTN
(DC)
Gateway
PSTN
(NY)
Gateway
Public Switched Tele
phone Network
Gateways allow PCs
to also reach phone
s
…or phones to reac
h phones
VoIP Network Model
SIP
RTP, RTCP, RTSP
Transport Layer (UDP, TCP)
Network Layer (IP, IP Multicast)
Data Link Layer
Physical Layer
• The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling multimedia communication sessions. The most common applications of SIP are in Internet telephony for voice and video calls, as well as instant messaging all over Internet Protocol (IP) networks.
• The Real-time Transport Protocol (RTP) is a network protocol for delivering audio and video over IP networks. RTP is used extensively in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications, television services and web-based push-to-talk features.
• The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers. The protocol is used for establishing and controlling media sessions between end points.
• Higher overhead of TCP does not make sense for telephone call. Because audio must stream! No wait for missing packets. Play missing part as silence.
• UDP Offerrs best-effort delivery. to handle duplication, delay, out-of-order delivery, each RTP message contains
IP Protocol Layering
Physical Transport (e.g, Cable Modem)
IP (Internet Protocol)
TCP UDP
Applications (e.g., email, web pages)
Email Data (1000 bytes)TCP Header
(20 bytes)IP Header (20 bytes)
A Typical IP Datagram
VoIP SIP
Advantages of VoIP
• Cheaper than the Traditional Telephone System
• Calls can be made from anywhere to anywhere using the single account
• Images, Videos and Text can also be sent along with the Voice
• The Network need not be of a particular Topology
Disadvantages of VoIP
• Packet Loss and Jitter can be there
• Calls cannot be made if the Internet Connection is down
• Calling Emergency Numbers using VoIP will not provide your location to the Emergency Response Services
VoIP Security
SECURITY BASICS
• AUTHENTICATION
• AUTHORIZATION
• AVAILABILITY (Use of different segment for VoIPs)
• ENCRYPTION
ATTACK VECTORS
A local subnet, such as an internal network, where VoIP is used By
unplugging and/or sharing a VoIP hard phone’s Ethernet connection
(usually sitting on one’s desk), an attacker can connect to the voice
network.
A local network that is using wireless technology with untrusted users,
such as a coffee shop, hotel room, or conference center An attacker
can simply connect to the wireless network, reroute traffic, and capture VoIP calls
A public or non-trusted network, such as the Internet, where VoIP
communication is used An attacker who has access to a public network
can simply sniff the communication and capture telephone calls.
• Compromising the VOIPs phone’s configuration file
• Uploading a malicious configuration file
UNCONVENTIONAL VOIP SECURITY
THREATS
• VoIP Phishing
• Caller ID Spoofing
• Anonymous Eavesdropping and Call Redirection
• Spam Over Internet Telephony