Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

TEL 500 VOICE COMMUNICATIONS REACTION PAPER 2

advertisement 
TEL 500
VOICE COMMUNICATIONS
REACTION PAPER 2
SUBMITTED TO: Dr. JOHN MARSH/
RONNY BULL
SUBMITTED BY: VAMSI KRISHNA
KARNATI
10/03/13
SUMMARY OF MISUSE PATTERNS IN VoIP
This paper, Misuse Patterns in VoIP was written by Juan C Pelaez, Eduardo B Fernandez, M
M Larrondo Petrie and Christian Wieser. Juan C Pelaez worked for the Researxch Lab of
U.S. Army , Eduardo B Fernandez and M.M. Larrondo Petrie worked for Florida Atlantic
University. Christian Wieser worked in the Electrical and Info. Eng. Department of
University of Oulu.
The threats posed to a system should be studied before designing a secure system. To
implement the security patterns successfully, the novices of security should be aware about
the enemies. The nature of attacks should be understood by the system to defend it from those
type of attacks. The authors of this paper have proposed “the attack pattern” to discover the
different vulnerabilities present in the VoIP networks. The attack pattern will be described
from the attacker’s side. This pattern will describe the types of attacks, ways to prevent the
attack and analysing the situation when the attack takes place. The forensic process of VoIP
network should be integrated with the misuse patterns.
VoIP network consists of many vulnerable parts which can be learned only through the
misuse patterns. It will also help in securing the network better. Many threats are posed in the
case of the deployment of VoIP network both from internal sources and external domains as
well. The main aim of these researchers is to protect the VoIP network from such threats or
attacks. A template is used to explain about this kind of pattern which is used for security
patterns and architectural patterns.
There are certain segments in a VoIP which are not monitored and misuse patterns help in
solving a case where the hacker hacks into that segment of the network. By using the
template, the misuse patterns help in making sure that all the evidence sources and contexts
have been considered. Using a sequence diagram, the authors found out the result of the
proposed approach. Objects derived from classes are used in the sequence diagram normally.
The messages can be related to the classes of the system. The message contains data.
Information related to the attack can be found using the combination of the class diagrams
and sequence diagrams.
The authors have illustrated the attack pattern in this paper using misuse patterns for theft of
service, call interception and DoS. SIP and H.323 are the signalling standards used in VoIP
networks. In this paper, the authors have considered the H.323 conditions. SIP attacks are
regarded as a different pattern. The different components of H.323 are connected using layer
2 switches. A voice call will be placed on IP network from a PSTN through a gateway.
Analog phones and PBX switches are used by the PSTN. The traffic will be filtered using the
firewalls and routers which are present in the IP network. The calls will be processed by an IP
– PBX server. This helps in setting up the calls and also routing them to other devices.
Softphones will be installed on wireless devices or PCs.
A flood of messages will be sent to disrupt the VoIP network in the case of a DoS attack.
With this disruption of the network, the quality of the messages will degrade eventually
which prevents the users from using the network or the service. Denial of Service attack takes
place making use of few vulnerabilities. They are listed as follows:

Lack of security standards and expertise.

The deployment process of VoIP focused more on the functionality part and not on
the security part. This implies that strong authentication is absent in the VoIP
networks.

Because of being analog, VoIP is more prone to this attack.

Presence of implementation flaws is possible because of the rush in implementing the
VoIP networks and standards.

During the communication of the enterprise VoIP with the other parts of a LAN,
Internet can play the role of an untrusted network where the interception of packets is
easy.

Because of the continuous transfer of media by the VoIP network over the IP packets,
the traffic of VoIP can act as protection against the DoS attacks.
By flooding a VoIP server, DoS attack can be launched. This leads to the non-availability of
the voice services and also degradation. This kind of attack can be made against
devices/networks accepting signalling like the components of VoIP network, gateways or IP
phones. To gain similar results, the attackers will also make use of resource starvation attack
or the TCP SYN flood attack. Huge flood of packets will be generated using multiple systems
in a distributed denial of service attack. The process used in launching a massive distributed
DoS is that the attacker will infect the terminal devices using some malicious software and
will later trigger that device.
A way to monitor the RTCP transmission and the voice packets is provided by the VoIP call
interception. This attack is something similar to tapping a wire in a PSTN. Calls traversing in
a network should be intercepted. This attack can be successful because of few vulnerabilities
like:

Few implementations lack security mechanisms. RTP is an incomplete protocol.

Information in the case of RTP is stored on the header of the packet.

Softphones are more prone to malicious software and so it is easy for the virus to
spread through it.

WEP products can be cracked using the software available in public in the case of
wireless VoIP.

Video and voice packets are more prone to the attacks in the wireless environment.
The data present in these packets will be exposed in this case.

The potential of call interception will be increased in few instances because packet
sniffers are available online which can be downloaded and used.
The attacker can record or listen to the conservations which are made in private through VoIP
call interception. The content present in the hacked packets can be modified by the attacker
by intercepting the packets. In this case, the attacker acts as man in the middle. In this data
and signalling are affected as a result of this attack.
Access to the data present on the VoIP network can be gained by an attacker by means of the
theft of service attack. The attacker imitates the subscriber and makes free calls. To reach the
maximum communication load, adequate capacity is required by the VoIP system. This is the
case where a user without authorization is trying to make a call which is very expensive and
also this attack can be made utilising few vulnerabilities, like:

Because of insufficient security mechanisms, this attack takes place by passing
malicious software to the terminal devices.

Calls can be placed in the name of other user by stealing their user details.

Manipulation of billing systems and the usage of phone is possible.

There is risk involved in the accessibility and portability of a phone.

IP telephone not attended.

Spoofing of MAC address is easy.

Legitimate users disclose their data used for authentication.
Many techniques are used to accomplish this attack. The hacker can place a call using the
identification or authorization details of other users. This is done without the consent of the
actual user whose identification has been stolen. Placing a rogue IP phone is a complex
process.
RESOURCES USED:
The authors referred to many Conference and IEEE papers to carry out this research
efficiently. In this research, the authors basically discussed about three types of attacks of
misuse patterns in VoIP. For each attack, they set up a sequential diagram or a class diagram.
They quoted a problem and carried out a research and gave a solution to that problem.With
this they also mentioned the consequences as well as countermeasures. In each class diagram,
they used devices like terminal device, layer 2 switch, gatekeeper, IP-PBX, router, firewall,
PBX, PSTN, analog phone, VoIP network and other devices. They placed calls while testing
each type of attack and studied the reasons for the attacks and the preventive measures to be
taken.
REPEATABILITY OF THE RESEARCH:
This research can definitely be repeated by a group of SUNYIT students. This will be a
practical way of learning how the attacks are caused. It is not difficult to setup the required
environment as the authors have performed the labs using real time situation where the
resources used are available out in the market. By performing this research, they might come
up with new questions which will help them carry forward the research.
EXTENDABILITY OF THE RESEARCH:
This research can be extended by a group of SUNYIT students by further studying about
more attacks which take place in the VoIP network. I am sure that there are more threats
other than the mentioned three threats. With the enhancement in technology, different
problems and new attacks emerge every day.
REACTION/CRITIQUE:
This paper was a clear explanation about Denial of Service attack, call interception in VoIP,
theft of service in VoIP. More attacks should have been mentioned that take place in the
VoIP environment. A more detailed solution for each attack would have been better. The
class diagrams helped in better understanding of the attacks.
Related documents
- deepakdeshwal.in,Deepak Yadav Meerut,Deepak
- deepakdeshwal.in,Deepak Yadav Meerut,Deepak
ANSWERS - Weebly
ANSWERS - Weebly
Security in IP telephone (VoIP)
Security in IP telephone (VoIP)
file - Critical Ultrasound Journal
file - Critical Ultrasound Journal
TNM HW # 3 – Enterprise Network Management
TNM HW # 3 – Enterprise Network Management
VoIP Gateway - XBLUE Networks
VoIP Gateway - XBLUE Networks
VoIP
VoIP
Next Gen Communication Sharecase
Next Gen Communication Sharecase
Download
advertisement