Increase reliability factor of quality of services in VoIP networks

Transcription

1 Increase reliability factor of quality of services in VoIP networks 1 Mojtaba Esfandiari.S, 2 Mina Amanian 1 Dept. of Engineering Ferdowsi University of Mashhad Mashhad, Iran 2Dept. of Computer engineering Imam Reza International University of Mashhad, Iran ABSTRACT Nowadays VoIP services are on the rise. The main reasons for this rise are special abilities and strong potential of these services such as cost saving and enabling special feature. Important protocols that can be used in VoIP services are IAX2, H323 and SIP is the most popular one. Accordingly, many of the applications on computers and smart phones use this protocol for using VoIP services. SIP's popularity has attracted attacker's attention and attackers try to access private information of users through this protocol. There are various ways for founding these types of attacks and also a variety of tools have been developed to simulate them. Signaling and sound attacks are the most important and common attacks. These types of attacks can cause error or failure of the service and also they reduce the quality of VoIP services in the networks. Although much research has been done on attacks that occur in SIP protocol and voice data encryption they mostly just mention their challenges and few approaches are presented for enhancing and improving the quality of service in these network. In this paper, we tried to increase the quality of service in these networks by increasing the reliability factor so that besides establishing a secure connection we can prevent premature call failure and thereby be able to increase trust factor in the quality of services of the networks. Keywords: PSTN, SIP, VoIP I. INTRODUCTION Today, Voice over Internet Protocol or VOIP technology is not only become an essential tool for many commercial markets in the world, but also led to the growth and prosperity of them. In fact, VoIP is a transformation of the traditional public switched telephone network (PSTN) which transfers network packet data using Internet Protocol (IP) [1]. One of the main reasons for development of VOIP is reducing the cost of telephone calls. Features such as portability, accessibility and integration of phone networks are main reasons that make VOIP a very attractive and useful network application. In this method, for make a call, the analog audio signals will be digitized using an analog to digital (ATA) converter. To connect Voice over IP networks, real-time support RTP and timely delivery mechanisms should be applied on packets. Also, signaling protocols are required to establish a communication link between phones (UAC). VoIP technology allows the use of existing network data and voice sessions and transferring voice as data packets over the IP network. Protocols SIP, IAX and H.323 are most important protocols that are used in VoIP network [2]. Developing the application of IP in telecommunication networks and enhancing the ability of these networks to support multimedia communications, the use of SIP protocol is also become more common. Also, because of its simplicity and potential, SIP is acceptable for vast development. SIP is application layer protocol that is used to store and terminate to multimedia sessions [3]. Today, with the dramatic growth of VoIP technology and use of this technology, there are many challenges for transfer voice data in the context. We need to allow to pass data packets from the Internet as real time and it needs a series of parameters and assumptions are taken into consideration. One of the challenges of using this method is that in some edge routers some policies adopted that are sensitive to the VoIP data and do not pass voice packets. In this paper, first we review the related work; then we give some background; after that we evaluate the proposed method; and finally, the conclusions are provided. II. RELATED WORKS Most researches have worked on encrypted packets as the methods listed below. In this method, strategies are provided for a secure telephone connection. For authentication in this method x.509 certificate is used and all signaling and media data are encrypted [4]. In this paper, VoIP security is one of the fundamental requirements. VoIP security is discussed in this paper so that security at the application layer and the IP layer should be applied [5]. The new method is proposed for VoIP security. This method uses the AES algorithm to encrypt VoIP connection [6]. Elliptic Curve Cryptography (ECC) encrypts data packets, this method increases the speed and efficiency than classical encryption methods and uses a smaller length key [7].

2 In this section we discuss some of the challenges and attacks on VoIP infrastructure. These attacks are classified into tree basic classes. A. Packet Spoofing and Masquerading In this attack, a hacker steals user profile and a legal identity so that hacker calls appear on behalf of another user. For example, a person may be pretending to be an employee of IT group of a company and call a host company to request the password. If an apparently permitted phone number display as caller ID, display, which is easily done with TDM or IP telephony systems and the victim may also be deceived. Hackers can bypass an IP or a DHCP server which generates IP [8]. B. VOIP SPAM and Phishing Unwanted and seductive s are called SPAM. There is no a direct correlation between SPAM and computer viruses and even credible and reliable sources messages can be one of these types of . Unwanted s are usually sent as Bulk [9]. SPAM messages are often about marketing purposes, fraud and deceit that are sent in the format of official letters. If a VoIP user receive a lot of calls every day from a voice messages generator with these purposes, he or she will be reluctant to use VOIP technology [8, 10]. C. Forge telephony attack In this attack, the VOIP server is used for unauthorized calls through traditional PSTN. For example, inefficient access control can allow stray equipment to unauthorized call (by sending VOIP requests to call processor applications) [8]. SIP protocol is sensitive to two types of attacks, one is Malformed Sip Message attacks and other is Sip Flooding attacks. Attackers can easily forge header of a SIP packet, because the header of a SIP packet contains information as Plain Text [11]. From 2010 to early 2012, 24 types of malformed attacks and vulnerabilities were identified. A type of malformed attacks operates in such way that led to application crashed. This means that the time that application will be involved in the analysis of SIP packets, because the packets were Malformed Sip Message and too complicated, was too much somehow that disrupt the processing system. Another type of attacks affected on smart mobile applications [12]. In this way, attackers change SIP messages so that when the messages were processed by the mobile application led to crash application. In second type attacks, the main objective is consuming network resources and servers that is the easiest way to disable VoIP service providers. There are many tools to generate SIP messages. These tools not only design flood attacks (Sip Flooding), but also can form Malformed Sip Message attacks changing the header of messages SIP [13]. III. BACKGROUND D. SIP SIP is a protocol has developed by IETF to manage services like VoIP and video conferencing over the Internet. In 1997, the initial version of SIP standard was provided by Schulsrinne to committee IETF. The original version of the standard was published in At the same time, SIP compliant products were presented in the market [14]. E. H.323 H323 protocol is a protocol of a set of protocols. H323 is used as media standard for International Telecommunications Union (ITU) to transmit audio and video via Internet Protocol [15]. F. IAX IAX protocol (Inter Asterisk exchange) is a protocol like SIP and H.323 except that it is particular for Asterisk Telephony Server. If two devices support IAX protocol, they can communicate through it [16]. G. RTP RTP protocol is a transfer that considers other voice transfer requirements and other real time data. RTP protocol can transmit data continuously and sequent and has a tangible and substantial performance delivering data to destination and Multicast process. Unlike TCP, RTP protocol can carry real time data such as video and audio. RTP protocol is designed to work independently under the supervision of the transport layer. In fact, this protocol is designed for OSI sevenlayer model [17]. H. Asterisk Asterisk is one of the most popular open source telephony system and a framework to create a communication. Simply, this system converts an ordinary computer into a communication server and exchanges audio and video using data network. This system can be used in small and large companies and telecommunication centers as a complete telephone system. If needed, it can be used in the development of earlier communication network and linking existing networks. Asterisk is supported by Digium Company [18]. I. Codec Codecs are used to convert digital signals to analog sound. Codecs affect on sound quality and bandwidth. Many Codecs have been provided in VoIP such as ADPCM, g.711, g , g.726, g.729, GSM, ilbc, Linear, LPC-10. The table below shows some of the codecs, along with some of their properties [7]. Code g.711(a Law) g.726 GSM LPC10 Bit Rate (kbps) Table1: codecs Frame Size (ms) IV. PROPOSED METHOD Data Size Per Frame(bytes) In communication between two servers that are geographically dispersed a secure communication can be considered. In communication between two servers, their policies should be considered and communication protocols are also important. Some filtering is based on these policies; therefore, the importance of this issue is understandable.

3 Generally, these policies can be divided into three sections: 1. Security in signaling 2. Security in transfer of audio and video media data 3. Security of reaching data packets to their destinations Policy on some routers and firewalls is sensitive to RTP and SIP messages. In this paper, we describe the secure communication between two VoIP servers so that ensure that data reaches to the destination. This means that we follow third method keeping two first policies and provide guidelines based on secure communication between two servers. Also, in this method, we have used Asterisk open source telephony system. The communication between two servers or two IP phone via the Internet can be seen in the following figure. IP Soft Asterisk Server Internet IP Asterisk Server Soft transmission. To overcome this limitation, if we change the standard of SIP protocol (encrypt), and the packages are transferred by UDP or TCP protocols, there will be no limit for making calls and no packages to drop. The second point is that routers and firewalls receive certain number of packets on unknown ports (as the point stated for Linux firewalls) and when the number reaches to threshold, the rest of the packages will be dropped. We can use the fact that if we transfer data is on a port, before it reaches the threshold, we change the port. In this case, the counter value becomes zero for new ports and packages will not be dropped. In our proposed method, at first, server 1 requests server 2 to allocate port and proposes a port number to server 2. As you can see in Figure 2, port 8898 is proposed to server 2 and server 2 reserves this port for communication with the server 2 and sends OK message with the port that the server 1 proposed to server 1. After this, the packets are exchanged between two servers on port 9988.In the meantime, if the package is close to the threshold, we can request another port. As you can see in Figure 2, port 8856 is proposed by the server 1 to server 2. If for some reasons, server 2 cannot allocate the port to server 1, sends NO message with its proposed port, which is port 9857, to the server 1. Server 1 accepts the proposed port by sending OK message along with the port proposed by server 2; then, data of parties are exchanged between the two ports. In this method, before the number of package get greater than the threshold, the port is changed in order the counter be zero. Figure1: communication between two servers In the politics of third method, in a secure communication, the number of packets that are exchanged between two servers is important. In two cases, the number of packets exchanged during a call can be assessed. The first case is when a call is missed and second is when a call is succeed. In these two cases, the number of exchanged packages is different. In a communication between two servers, some routers or firewalls consider policies for unknown data. For example, they allow only 10,000,000 packages to exchange in 1 hour and if there is more than this amount, the rest drop. For example, the policy of Linux ubuntu12.4 is as follows: UAS1 Counter=0 Port allocation request (9988) Signaling+ Data Run (RTP) OK (9988) Data(9988) Data(9988) Data(9988) UAS2 -A Input p UDP dport9988 m limit limit j accept -A Input UDP -dport j Drop For UDP protocol data on port 9988, in 1 hour, only 10,000,000 packets are allowed to pass, and more than this amount in an hour will be dropped. What should we do if in a communication between two servers over this amount data in 1 hour required? However, it should be noted that the number depends on political situation of edge routers. In this case, several issues must be considered. The first point is that the RTP packages are easily identified by routers and firewalls and can be removed by them. Therefore, we must use an alternative protocol that does not remove our packages and provides a secure communication for us. In this paper we use the UDP protocol that routers are relatively insensitive to it and can easily use it to transfer their packages. Also, it can be extended for SIP packages that means SIP protocol packets may be Drop by some routers. In this case, no contact will be established between the UAs. SIP Protocol is an Application Layer protocol and uses UDP or TCP for Counter=9,000,000 Run Request Port(8856) NO (9857) OK (9857) Data(9857) Figure2: port agreement between two servers Before making call, there should be an agreement on the port of two servers, then, call is made. SIP package on port 5060 is transferred by the client 1 to server 1 and then from server 1 to server 2, and finally to client 2. Then all messages will exchange on the port that two servers agreed.

4 UAC1 UAS1 UAS2 UAC2 Invite (SIP:5060) 9988 UDP: 9988 SIP: 5060 Trying Ringing Ringing OK ACK UDP Ports previously agreed 9988 OK ACK Figure 5- Missed call RTP Overlap Packet RTP In the second case which call is answered, and we have been examined 9 calls in 60 seconds. In Figure 6, the vertical axis represents the packages exchanged at 60 seconds and the horizontal axis represents calls in the second case UDP 9989 Figure 3: Call Setup V. EVALUATION We run Wire Shark software as is shown in the following figure. In both cases mentioned in the previous section, we measure the amount of packets exchanged. This figure shows the UDP protocol that is used between two Asterisk servers. Figure 6- Answered call The number of packages above is related to one call. However, if we have several calls simultaneously, exchanged packages will be multiplied. For example, if we have two simultaneous calls, the number of packages to be exchanged will be almost double. We have calculated simultaneous calls on both answered and missed cases and the following results were obtained. Figure 4: Data transfer between 2 servers on port agreed In the first case we examine packages exchanged on 9 calls. In Figure 5, the vertical axis represents the exchanged packages and the horizontal axis represents the amount of time it took to call in the first case is terminated. Figure 7- simultaneous calls in missed call In Figure 7, we have examined simultaneous calls in the case missed call. As you can see, based on simultaneous calls, the number of package exchanged will be multiplied. In Figure 7, the vertical axis represents exchange packages and the horizontal axis represents the number of simultaneous calls.

5 In the proposed method, due to packages encryption, there is no overload. Also, we ensure that no package is dropped and there is a secure communication because router doesn t realize RTP packages and after a while, our packages will not be dropped. Also, RTP packets are exchanged in the form of UDP packets; so, routers and firewalls are not aware of RTP packets and we can easily exchange our packages. A script in this method counts the number of input and output packages before they reach the threshold changes the port should be applied on both Asterisk servers. Pseudo-code for this script is shown below. Figure 8- simultaneous calls in answered call In Figure 8, we have examined simultaneous calls in the case answered call. As you can see, based on simultaneous calls, the number of package exchanged will be multiplied. In Figure 8, the vertical axis represents exchange packages and the horizontal axis represents the number of simultaneous calls. We have examined missed call for 9 calls and have obtained the number of exchanged packages. Then, in order to have a criterion for exchanged packages, we obtain the average of exchanged packages on 9 calls. We do the same for case 2 that the call is answered. Finally, we have two averages, one for exchanged packages when the call is missed and other for exchanged packages in a one minutes answered call. In each case, we consider the average of exchanged packages. Average formula is as follows: No answer Answer In case of missed calls, average of exchanged packages is 2327 and in answered calls the average is Now, we should calculate the average of simultaneous missed call that led to block port after one hour. X is the number of simultaneous missed call that led to block port after one hour. No answer X value is also calculated for answered calls. Answer In case of missed calls if we have an average of 72 simultaneous calls in a minute, before an hour our packages are greater than the threshold; so, we lose some of packages. Also, in case of missed call, if we have average of 27 simultaneous calls in one hour, before one hour packages are greater than the threshold. while(send or recv packet) { counter=check_counter(); If (counter >threshold) {run-port-allocation (); counter=set_counter_zero() else increase_counter(); function run-port-allocation () { allocate=false; while (! allocate) {port=port-allocation (); res=port-request (port); if (res[a] =1) { exec-change-port (); allocated=true; else {port=res [1]; if (available-port ()) {exec-change-port (); allocated=true; At the beginning of each send or receive of the packet on the specified port, counter value is increased by one unit and after it approaches the threshold run-port-allocation function is executed. In this function at first one of the servers send a new port to another server, if the second server s port is free then it sends ok message; otherwise it sends no message with a new free port. If the first server is free on this port then the new port agreement is done and two servers send and receive their data on this new port and this process continues till counter value approaches the threshold (figure 2). Now, if a policy defined on the port we send our data through and allow a certain amount of packages to be transferred in one hour, we change the port before the amount reach to threshold and transfer packages easily. In this way, there is no need to encryption and RTP packets can easily passed through router. If the router or firewall adopts policies that are sensitive to the audio packages and we exchange audio data regardless to such policies, after a period when the exchanged packages exceed the

6 threshold, all packets will be dropped. The following diagram shows that without the proposed method after exceeding the threshold, all packets will be dropped. Figure 9- result of experiment that do not use our approach In our proposed method, as shown in figure 10, after reaching the threshold which is here, a little time it takes to change the port and then information exchange on the new port. VI. CONCLUSION Nowadays with the rapid growth of technology, VoIP web services have been used widely and hence have drawn the attention of the attackers to them. Some of these attacks reduce the quality of the service and its reliability. Most approaches for secure communication between two servers are focused on encryption and they pay less attention to the improvement of the quality of services In this paper we tried to establish a secure connection between VoIP servers in order to avoid the probable disconnection and therefore increasing the reliability of the quality of services. In our approach we focused on increasing the reliability of quality of services and unlike the other approaches we do not use the encryption of packet and hence the approach has less overhead. REFERENCES [1] Ehlert, S., Zhang, G., Geneiatakis, D., Kambourakis, G., Dagiuklas, T., Markl, J., & Sisalem, D. (2008). Two layer Denial of Service prevention on SIP VoIP infrastructures. Computer Communications, 31(10), [2] Amanian, M., Moghaddam, M., & Roshkhari, H. (2013). New method for evaluating anti-spit in VoIP networks. Paper presented at the Computer and Knowledge Engineering (ICCKE), th International econference on. [3] Sisalem, D., Floroiu, J., Kuthan, J., Abend, U., & Schulzrinne, H. (2009). SIP security: Wiley. Figure 10- result of experiment that use our approach A more efficient way in proposed method is so that before the amount reaches to threshold value, when there is no data exchange, we change to the port in which case the there is no need to a little stop like the figure10. As you can see in figure 11, we send and receive data without stopping and use the time efficiently. [4] Treßel, A., & Keller, J. (2006). A system for secure IP telephone conferences. Paper presented at the Network Computing and Applications, NCA Fifth IEEE International Symposium on. [5] Moon, K., Moon, M., & Meshram, B. (2012). Ramrao Adik Inst. of Technol., Univ. of Mumbai, Navi Mumbai, India. Paper presented at the Radar, Communication and Computing (ICRCC), 2012 International Conference on. [6] Wu, C.-Y., Wu, K.-P., Shih, J., & Lee, H.-M. (2011). VoIPS: VoIP Secure Encryption VoIP Solution Security- Enriched Urban Computing and Smart Grid (pp ): Springer. [7] Sankar, R., Subashri, T., & Vaidehi, V. (2011). Implementation and integration of efficient ECDH key exchanging mechanism in software based VoIP network. Paper presented at the Recent Trends in Information Technology (ICRTIT), 2011 International Conference on. [8] Dantu, R., Fahmy, S., Schulzrinne, H., & Cangussu, J. (2009). Issues and challenges in securing VoIP. computers & security, 28(8), Figure 11- result of experiment that use our approach efficiently [9] Azad, M. A., & Morla, R. (2011). Multistage spit detection in transit voip. Paper presented at the Software, Telecommunications and Computer Networks (SoftCOM), th International Conference on. [10] Soupionis, Y., & Gritzalis, D. (2011). Aspf: Adaptive antispit policy-based framework. Paper presented at the Availability, Reliability and Security (ARES), 2011 Sixth International Conference on.

7 [11] Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., Ehlert, S., & Sisalem, D. (2006). Survey of security vulnerabilities in session initiation protocol. IEEE Communications Surveys and Tutorials, 8(1-4), [12] Ehlert, S., Geneiatakis, D., & Magedanz, T. (2010). Survey of network security systems to counter SIP-based denial-ofservice attacks. computers & security, 29(2), [13] Seo, D., Lee, H., & Nuwere, E. (2013). SIPAD: SIP VoIP anomaly detection using a stateful rule tree. Computer Communications, 36(5), [14] Hossein Yaghmaee Moghaddam, M., Amanian, M., Barghi, F., & Khosravi Roshkhari, H. (2014). A Survey of Different SPIT Mitigation Methods and a Presentation of a Comprehensive SPIT Detection Framework. International Journal of Machine Learning & Computing, 4(2). [15] Packetizer, I. H. 323 versus SIP: A Comparison, [16] Boucadair, M. (2009). Inter-Asterisk Exchange (IAX): Deployment Scenarios in SIP-Enabled Networks (Vol. 22): John Wiley & Sons. [17] Gritzalis, D., & Mallios, Y. (2008). A SIP-oriented SPIT management framework. computers & security, 27(5), [18] Van Meggelen, J., Madsen, L., & Smith, J. (2007). Asterisk: The future of telephony: " O'Reilly Media, Inc.".