1 / 14

Security in IP telephony ( VoIP) David Andersson Erik Martinsson

Security in IP telephony ( VoIP) David Andersson Erik Martinsson. Background. VoIP is becoming very popular - money to be saved! - new features Not trivial to implement (QoS, availability, security) Services released with focus only on functionality. Goals. Get an overview of VoIP

york
Download Presentation

Security in IP telephony ( VoIP) David Andersson Erik Martinsson

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in IP telephony (VoIP)David AnderssonErik Martinsson

  2. Background • VoIP is becoming very popular- money to be saved!- new features • Not trivial to implement (QoS, availability, security) • Services released with focus only on functionality

  3. Goals • Get an overview of VoIP • Find out about the security threats • Relevance to language-based security? • Study some attacks against VoIP

  4. What we have done • Learned about VoIP technology- common network setups- protocols • Evaluation of VoIP threats • Studying and testing some attacks • Skype

  5. A Network Setup

  6. Protocols • SIP and RTP most common • Both open and defined by IETF • RTP flexible media transfer protocol • SIP is an initialization protocol • SIP uses text based messages • SIP reuses many existing standards

  7. Security: VoIP vs POTS • Very different networks trying to achieve the same goals • POTS is physically difficult to attack • VoIP has more security features but is open for attacks over the entire world through the Internet

  8. Security: Threats • VOIPSA (VoIP Security Alliance) has made an extensive list of threats • A mixture of threats in POTS and in IP-networks

  9. Security: Language-Based? • VoIP is a complex system • Secure networking has well known solutions, but… • …end-devices are hard to control • The key to securing VoIP is to secure the clients!

  10. Attacks • SIP-attacks:- Bombing- Cancel/Bye- Call hijacking • RTP eavesdropping

  11. Attacks: SIP • Possible to generate SIP packets with i.e. SiVus (The VoIP Vulnerability Scanner) • Attacks must be done within timeframe of a call or sometimes during the initial handshake • Software for real-time attack is needed

  12. Attacks: sniffing RTP • Ethereal can analyze RTP and find media streams • Open codecs are easily decoded • We could playback entire conversations!

  13. Skype • Most popular VoIP software today • Proprietary protocol • Information sent without using the software • Secure channel (VoIP, IM, File transfer) • Impossible to distinguish betweem VoIP, IM or File transfers

  14. Evaluation • VoIP is usually not very secure!! • Use with caution until otherwise is proved • Our goals reached

More Related