563.13.1 VoIP security. Presented by: Nalin Pai VoIP Group: Milan Lathia, Nalin Pai, Zahid Anwar, Mike Tucker University of Illinois Spring 2006. Agenda. Provide an overview of VoIP. Provide an understanding of how a SIP-based VoIP infrastructure operates,
563.13.1 VoIP security Presented by: Nalin Pai VoIP Group: Milan Lathia, Nalin Pai, Zahid Anwar, Mike Tucker University of Illinois Spring 2006
Agenda • Provide an overview of VoIP. • Provide an understanding of how a SIP-based VoIP infrastructure operates, • Describe the security vulnerabilities and security mechanisms currently used to protect SIP-based VoIP systems, • Outline the project which will be accomplished by the team during the term.
Voice packets transmitted using IP Traditional networking infrastructure carries voice traffic Analog voice is digitized and transmitted as IP packets Standards based (e.g., H.323, G.711, G.729, RTP, UDP, IP, RSVP) What is VoIP?
Lower cost of ownership – Cost savings are the primary short-term reason to converge voice, data and video onto a single IP network. Easy implementation of innovative services. – Unified Messaging, Instant Messaging etc. In the future, Internet Telephony Service Providers (ITSP) may use a single infrastructure for providing both, Internet access and Internet telephony – Only data-oriented switches could be deployed for switching data as well as packetized voice – Multiplexing data and voice could also result in better bandwidth utilization than in today's over-engineered voice-or-nothing links Why VoIP?
VoIP users may also profit of its software-oriented nature: – Software solutions may be easily extended and integrated with other services and applications – E.g. whiteboarding, electronic calendar, or WWW – Deployment of new IP telephony services requires significantly lower investment in terms of time and money than in the traditional PSTN environment Why VoIP? (2)
VoIP Market • 56% of all phone lines in Western Europe will be VoIP by 2009. • The number of residential VOIP customers more than tripled to 4.2 million users in 2005, and is expected to hit 18 million by 2008. • US VOIP subscribers grew to 4.5 million and industry revenue surpassed $1 billion in 2005. • The market for VoIP services in Asia is expected to rise from nearly $5.5 billion in 2004 to over $10 billion by 2009. • 25% of new phone lines in Q3 2005 in Asia were VoIP lines. Source: TEQConsult Group
VoIP standards • H.323 (ITU) • - H.225 call control protocol • - H.245 media control protocol • - RTP (Real-time transport protocol) for media • - H.235 security • Other standards related to codecs. • Session information protocol (SIP) • - IETF standard • - text based request response messages • - Uses SDP (session description protocol) to • describe media content • - Uses RTP for media.
VoIP Deployment Models • Enterprise, the VoIP infrastructure is deployed in the enterprise network, • Hosted, the VoIP infrastructure is deployed by a service provider in the network and • Peer-to-Peer, employs a highly distributed infrastructure.
V V V V Present Enterprise Hosted Deployment (PSTN Transport) ENUM DNS WAN Application Server AAA Router Enterprise B Enterprise A PSTN GW PSTN GW PSTN PSTN Phone
V V Present: Service Provider Deployment(PSTN Transport) Service Provider AAA Application Server ENUM DNS PSTN GW SBC WAN PSTN Router PSTN Phone Enterprise B Enterprise A
Future?: “Pure” IP VoIP Call Service Provider AAA ENUM DNS SBC Router Enterprise B Enterprise A
How skype works • Two types of nodes, ordinary nodes and super nodes • Central log server, all other services are decentralized. • Super nodes aid NAT traversal • Communication between two end points behind symmetric NAT takes place through a relay host
Firewall/NAT Traversal Issues in VoIP • Firewalls are designed for outgoing connections, thus incoming calls are rejected. • Voice signaling contains connection addresses which may not be publicly routable.
Firewall/NAT Traversal Solutions for VoIP • Interactive Connectivity Establishment (ICE) draft-ietf-mmusic-ice-06 • Uses STUN to discover, create and verify connectivity paths • Uses TURN to relay media if necessary • Session Border Controllers (media relay)
References • NIST- Security Considerations for Voice Over IP Systems, D. Richard Kuhn et al • SIP: Session Initiation Protocol RFC 3261 • FCC advisory notice on 911 and VoIP http://www.fcc.gov/cgb/consumerfacts/voip911.pdf • An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol - Salman A Baset http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf