Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Security in IP telephone (VoIP)

advertisement 
Security in IP telephony (VoIP)
David Andersson
Erik Martinsson
Background
• VoIP is becoming very popular
- money to be saved!
- new features
• Not trivial to implement (QoS, availability,
security)
• Services released with focus only on
functionality
Goals
•
•
•
•
Get an overview of VoIP
Find out about the security threats
Relevance to language-based security?
Study some attacks against VoIP
What we have done
• Learned about VoIP technology
- common network setups
- protocols
• Evaluation of VoIP threats
• Studying and testing some attacks
• Skype
A Network Setup
Protocols
•
•
•
•
•
•
SIP and RTP most common
Both open and defined by IETF
RTP flexible media transfer protocol
SIP is an initialization protocol
SIP uses text based messages
SIP reuses many existing standards
Security: VoIP vs POTS
• Very different networks trying to achieve
the same goals
• POTS is physically difficult to attack
• VoIP has more security features but is
open for attacks over the entire world
through the Internet
Security: Threats
• VOIPSA (VoIP Security Alliance) has
made an extensive list of threats
• A mixture of threats in POTS and in IPnetworks
Security: Language-Based?
• VoIP is a complex system
• Secure networking has well known
solutions, but…
• …end-devices are hard to control
• The key to securing VoIP is to secure the
clients!
Attacks
• SIP-attacks:
- Bombing
- Cancel/Bye
- Call hijacking
• RTP eavesdropping
Attacks: SIP
• Possible to generate SIP packets with i.e.
SiVus (The VoIP Vulnerability Scanner)
• Attacks must be done within timeframe of
a call or sometimes during the initial
handshake
• Software for real-time attack is needed
Attacks: sniffing RTP
• Ethereal can analyze RTP and find media
streams
• Open codecs are easily decoded
• We could playback entire conversations!
Skype
• Most popular VoIP software today
• Proprietary protocol
• Information sent without using the
software
• Secure channel (VoIP, IM, File transfer)
• Impossible to distinguish betweem VoIP,
IM or File transfers
Evaluation
• VoIP is usually not very secure!!
• Use with caution until otherwise is proved
• Our goals reached
Related documents
- deepakdeshwal.in,Deepak Yadav Meerut,Deepak
- deepakdeshwal.in,Deepak Yadav Meerut,Deepak
ANSWERS - Weebly
ANSWERS - Weebly
(Avaya) Updated 9-5
(Avaya) Updated 9-5
Safety First!
Safety First!
Voice Over IP
Voice Over IP
file - Critical Ultrasound Journal
file - Critical Ultrasound Journal
Key Connect
Key Connect
VoIP%2BUnlimited%2B-%2BSWERN%2BUser
VoIP%2BUnlimited%2B-%2BSWERN%2BUser
(Panasonic) Updated 9-5
(Panasonic) Updated 9-5
VoIP
VoIP
VoIP
VoIP
server attackers
server attackers
Detection and Prevention of SIP Flooding Attacks in Voice over IP
Detection and Prevention of SIP Flooding Attacks in Voice over IP
ppt - MMLab
ppt - MMLab
VoIP Gateway - XBLUE Networks
VoIP Gateway - XBLUE Networks
Utilizing Voice over Internet Protocol (VoIP) in
Utilizing Voice over Internet Protocol (VoIP) in
Unit 16 – Communication Systems
Unit 16 – Communication Systems
TEL 500 VOICE COMMUNICATIONS REACTION PAPER 2
TEL 500 VOICE COMMUNICATIONS REACTION PAPER 2
Notifying the Public Emergency Alert System (EAS)
Notifying the Public Emergency Alert System (EAS)
CONTENTS Project Title Tools Used
CONTENTS Project Title Tools Used
VOIPBox BRI
VOIPBox BRI
FCC Regulation of Non-Interconnected VoIP Services and the “Cloud”
FCC Regulation of Non-Interconnected VoIP Services and the “Cloud”
Download
advertisement