VoIP Security (Voice over Internet Protocol) Brian Martin Matt Protacio February 28, 2007
VoIP Security(Voice over Internet Protocol)
Brian Martin
Matt Protacio
February 28, 2007
History of VoIP
• First “internet phone” service offered in 1995 by a company called Vocaltec– Most people didn’t yet have broadband, and
most soundcards were half duplex.
• First PC to phone service in 1998, followed by phone to phone service. Cisco, Nortel, and Lucent develop hardware VOIP switches (gateways).
• VOIP traffic exceeded 3% of voice traffic by 2000
History of VoIP (Continued)
• Around 2004 began mass marketing for “digital phone” service bundled with broadband arranged so calls would be received over regular phones.
• “Digital phone” services use an adaptor from the modem to a phone jack so there is almost no difference between that and regular phone service. Other services use software clients requiring a computer with a microphone.
VoIP vs. Old Phones
• Benefits:– More efficient bandwidth usage
– Only one type of network required, data abstraction in the network
• Criticisms:– 911 localization doesn’t always work
– Phones aren’t useable in a power outage, unless UPS are deployed
– Fax machines might not work
Common VoIP Security Threats
• VoIP Security Alliance, founded in 2005– Threat Taxonomy– Forums, Articles
• Caller misrepresentation, caller id spoofing
• Unwanted calls, spam or stalking
Common VoIP Security Threats (Continued)
• Traffic Capture• Eavesdropping• Interception• Alteration (conversion quality, content)• Black holing• Call Hijacking
– SIP (Session Initiation Protocol) register hijacking
• DoS
SIP registration hijacking with SiVuS and a botnet
• SIP– Session Initiation Protocol– Application layer control protocol for
initiating VOIP sessions– Control messages were not encrypted and
had no mechanism to verify integrity• So even if registration requires authentication, it
can be sniffed easily
The basic attack plan
• Both Callers must register with a registrar server before a call may be initiated– DoS the receiver with zombie minions– Deregister him with the registrar– Falsify his registration with SiVuS– Anyone planning to call him will not know and you
can try to claim you are the legitimate call receiver.– Chances are the intended call receiver will not
notice either
Good Ideas
• If using SIP use TLS– Transport Layer Security (encryption, basically)– The text based messages of SIP are considered a feature though
• If only VoIP appliances are connected to the the network, then no PCs are available to launch attacks from.
• Segregate data and voice to their own Virtual Lans (VLANs)
• Encrypt!!!– Prevents voice injections and casual eavesdropping
• Redundant network to deal with DoS.• Secure IP-PBX and gateway boxes
VoIP Popularity
• “VoIP use has more than doubled in the past year, according to Telegeography Research, and experts expect the growth to continue.”– New York Daily News, Februray 26, 2007
Popular VoIP Services
• Enterprise– Cisco CallManager
• Home – Vonage– Skype– Cable Companies (Time Warner, Insight,
Comcast, etc.)
Cisco CallManager
• Enterprise VoIP Product
• Marketed towards companies and organizations looking to replace legacy PBX (Private Business Exchange) systems or install a new IP telephony based system
Cisco CallManager System Design
• Phones– Deskphones, model 7960
• Ethernet, PoE (Power over Ethernet)
– Software Phone• IP Communicator• Popular for using across a
VPN
Software Phone: IP Communicator
Cisco CallManager System Design (continued)
• Servers– CallManager Subscribers and Publishers
• Windows or Linux Servers running Cisco Software
• Process all calls• Interface with existing PBX systems
CallManager Security
• Multiple VLANs– Separate VLANs for Voice and Data– Higher Security by isolating voice on
separate VLAN
• Primary Protocols– SIP– H.323
H.323 Attack
• Attacker can exploit the open standard protocol to establish malicious phone calls
• Microsoft Netmeeting can be used to initiate an H.323 Phone Call
• Malicous phone calls can be established to make international calls
• Threat can be eliminated by not allowing international dialing on lines from telephone company
IP Phone Tap
• Capture IP packets from Phone– Use Ethereal network sniffer
• Extract audio from packets
• Export audio file of phone call
Prevent Phone Tapping
• Encrypt voice traffic
• Prevent attacker from capturing traffic out of a phone– Lock down access to network switch phone
is connected to
Conclusion
• VoIP is established as the future of telephones
• Security is critical when designing and maintaining VoIP systems
Questions?