VOIP SECURITY ISSUES AND RECOMMENDATIONS

Transcription

1 VOIP SECURITY ISSUES AND RECOMMENDATIONS Sathasivam Mathiyalakan MSIS Department, College of Management, University of Massachusetts Boston Phone: (617) ; ABSTRACT VoIP is the hottest trend in telecommunications. Prior research shows that the VoIP technology is at the introductory stage in technology adoption with solid growth expected over the next few years as both consumers and businesses adopt VoIP technology to cut costs, improve productivity and efficiency, integrate with other applications, seek enhanced capabilities, and digital convergence. But, security issues tend hinder its adoption. In this study, we identify VoIP security challenges, risks and threats, and offer some recommendations for mitigating these risks. Keyword: MIS, IT, Security, VoIP INTRODUCTION Voice over Internet Protocol (VoIP) is the hottest trend in telecommunications (Walsh & Kuhn, 2005). VoIP is the transmission of voice over traditional packet-switched IP networks (Walsh & Kuhn, 2005). VoIP is also known as Internet telephony or IP Telephony. The analog signals (voice) are converted digitized packets and then sent over a IP network. The digital packets have a destination address but they follow no fixed path. At the destination packets are re-assembled and delivered. To enable VoIP, broadband access, a computer, and software are required. Additional hardware such as servers, switches, routers, and others may be required depending on the volume and nature of traffic. Readers are urged to consult VarShney, Snow, McGivern, & Howard (2002) for an excellent review of the VoIP history and technology. VoIP permits the integration of data, voice, and video into one communication channel. The term digital convergence refers to this phenomenon of multiple media delivered over a single network. Some of the applications and services include PC based distance learning solutions, video conferencing, live webcasting, video streaming, collaboration and team management software, security surveillance, contact center applications, remote multimedia solutions and unified messaging ((Tobin & Bidoli, 2006). To compete in the new economy firms including are looking at many strategic options. Recent events suggest that firms in particular large ones are exploring the use of Voice over Internet Protocol (VoIP) as a means to cut costs, to improve productivity, and the firm s strategic position. The use of VoIP enables a firm to reduce costs, improve worker and organizational

2 productivity, provide greater functionality and better integration with computer based applications, and improve the strategic position of the firm. Recent studies project VoIP market to grow (Roberts, 2005a) significantly over the next few years. An Osterman Research Report dated February 2005 suggests that VoIP penetration of US organizations will increase from 10% to 45% by the end of Another Osterman Research Report, also dated February 2005 suggests that approximately 17% of US organizations have either completed voice and data convergence or are near completion. A Juniper Research report dated September 2004 forecasts that VoIP adoption will rise to 17% of US households by 2009 from its current value of 1% of all US broadband households in The factors that promote the growth of VoIP include low cost of the software, wide availability of analog adapters, growing availability of broadband, and relative high costs for traditional calls (Roberts, 2005a). VoIP security is a major issue to both Network administrators and managers. A security outbreak is likely to result in loss of service, denial of service, eavesdropping, spoofing, toll fraud, spam, unavailability of emergency calls. Research shows that VoIP security continues to be the key barrier to VoIP adoption (Sass, 2006). The practitioner literature is rich with How to articles on VoIP security. As security plays a key consideration in VoIP acceptance and adoption, the purpose of this article is to review the literature, identify security risks, and suggest recommendations. This article is organized interms of 6 sections. Next, we discuss VoIP adoption issues. In section 3, we discuss VoIP security implementation challenges. In section 4 identify and catalog VoIP security threats. Guidelines for securing a VoIP network are in section 5. In section 6 we provide some summary remarks. BACKGROUND TO VOIP & VOIP SECURITY IMPLEMENTATION CHALLENGES Transition to a VoIP network increases the risk profile of a corporate network due to complexity, the presence of new access points to the network, new routing patterns and configurations, the use of new devices and protocols which in turn increases the number of vulnerable points, and the presence of a new channel for blended threats (Roberts, 2005b). Walsh and Kuhn (2005) identify several challenges associated with implementing VoIP security measures. These challenges deal with supporting protocols, VoIP vs. data network security, and the need for new technologies. Below we provide a brief description of these challenges as noted in Walsh and Kuhn (2005). H.323 and Session Initiation Protocol (SIP) are the common protocols used in VoIP networks. H.323 is based on the recommendations of the International Telecommunication Union. It encompasses other protocols such as H.225, H.245, and T.120. H.323 provides the necessary specification for audio and video communication in packetized network environment. In addition to its use in VoIP, H.323 is also used in applications such as NetMeeting and Ekiga. SIP is an application level protocol and is the IETF specification for a two way communication session. Initially SIP was designed to be simple and elegant. It is text based and inherited some

3 aspects of Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) (Roberts, 2005). But, over the years SP has become more complex. Readers are urged to visit the sites and for additional information on these two protocols. As the architecture of the two networks are different, the need to implement different protocol specific security mechanisms arises. The addition of upper layer protocols and messaging structures increases the threat profile of the already flawed IP protocol (Sass, 2006). Many configurable parameters such as addresses of voice terminals, routers, and firewalls exist in a packet network. VoIP networks also have specialized software such as call managers. As a VoIP network has dynamically reconfigurable parameters, many dynamically configurable parameters exist. When compared to data networks, these add additional complexity of VoIP networks. The stricter performance constraints of VoIP also pose additional VoIP security concerns. Issues pertaining to Quality of Service (QoS), Infrastructure, and Security trade offs highlight the differences between VoIP and data networks. The need to maintain appropriate level of QoS poses some restrictions on security. VoIP networks are mores sensitive to delays than data networks. Latency, jitter, and packet loss all present concerns within a VoIP network. Latency is the delay in packet delivery. Security implementation mechanism such as encryption and firewalls while providing a means to secure the network also introduce delay in network traffic. Such delays can cause the VoIP message to become a mess. VoIP relies on Real Time Transport Protocol (RTP) which does not guarantee packet delivery. Even a packet loss of 1% can make the VoIP call meaningless and thereby affecting the QoS. Jitter is jitter is the variation in the time between packets arriving, caused by network congestion, timing drift, or route changes. A jitter buffer can be used to handle jitter ( Buffer overflows and improper packet handling can cause security flaws such as Denial of Service and disclosure of system critical information. As VoIP and data are on the same network, opportunities for eavesdropping exist. Buffer overflows can also cause the insertion of malicious code within the VoIP software. The availability of network information on IP phone can cause security flaws such as downloading from a hacker controlled server. Privacy issues and denial of service (DoS) issues may surface if VoIP web based applications have weak access control, script vulnerabilities, and inadequate parameter validation. The convergence of voice and data traffic may enable hackers to manipulate or functioning of the phone system. Firewalls are used routinely in many network to protect a network. The use of such firewalls may interfere with the operations of a VoIP network which uses dynamic port trafficking and call setup procedures. Newer tools such as Application Level gateways (ALG) may be able overcome this issue by providing firewalls with necessary instructions from an application aware agent.

4 VOIP SECURITY RISKS, THREATS, AND VULNERABILITIES Several techniques and methodologies exist for classifying VoIP security threats. Radware (2005) categorizes the security threats as attacks on VoIP network operating system devices, configuration weaknesses, IP infrastructure attacks, VoIP protocol implementation vulnerabilities, and VoIP application level attacks. Mihai (2006) classifies the threats in terms of protocol layers signaling, transport, and application. The threats pertaining to the signaling protocol layer are denial of service, man in the middle/call hijacking. Transport layer threats arise from eavesdropping, RTP insertion attacks, and RTCP insertion attacks. Application layer threats pertain to software vulnerabilities. Roberts (2005b) links the security threats to QoS and categories the threats interms of service disruption, service interception, and service fraud and abuse. Roberts also notes the presence of other threats such as fire, flood, earthquake, poorly trained users, and environmental threats. The VoIP Security Alliance (VoIPSA) a consortium of major vendors, providers, security leaders, and business leaders recently released a report on a taxonomy for classifying VoIP security and threats. The alliance defines security as 1) the right to protect privacy, 2) a method of achieving privacy and 3) ways to keep communication systems and content free from unauthorized access, interruption, delay or modification. The security threats are grouped interms of unlawful monitoring (traffic analysis, packet snooping, spying on signaling, and eavesdropping on content), interruption of service (specific denial of service, general denial of service, physical intrusion, loss of power, and performance latency), unauthorized signal or traffic modification (spoofing and impersonation, false caller identification, signal replay, vocal impersonation, vocal replay, service abuse, improper bypass of adjustments to billing, and improper access to service) and bypassing refused consent. A large number of threats exist as shown in Table 1. We outline the major ones. A proper knowledge of these threats facilitates the development of security recommendations which are provided in the next section. GUIDELINES FOR SECURING THE VoIP NETWORK The following guidelines based on Kuhn, Walsh, & Fries (2005) and Sass (2006) may serve to protect the network from the threats noted previously. 1. To ensure security and adequate performance dedicated VoIP components are necessary. 2. To isolate attacks voice and network traffic should be separated and use DNS/DHCP servers. 3. Ports should have separate MAC addresses and any unused ports should be disabled.

5 4. Appropriate network architecture should be developed. To mitigate the security problems, Internet Protocol Security (IPsec) virtual private network or secure shell for remote management and auditing and encryption at the router or gateway. 5. As VoIP networks provide greater latitude for eavesdropping and monitoring traffic, physical controls needs to be present and implemented. The hardware should be physically secured. 6. The VoIP operating system should be kept up to date any unneeded service should be disabled. 7. Encrypted and authenticated communication between network components is vital. 8. Hosts on switched ports should not be able to or be aware of traffic not intended for them. 9. If situation warrants, the use of soft phone applications should be discouraged to ensure that these applications with a PC which uses a software and a voice headset. Worms, viruses, and web browser flaws may pose risks for softphone applications. 10. The statutory requirements for VoIP calls may be different for VoIP calls from traditional calls. Legal advice may be necessary for privacy and record retention issues. 11. Use VoIP ready firewalls and other strategies and security mechanism need to be used to prevent packet sniffing. 12. Additional power backups maybe necessary to ensure smoothing functioning should power outages occur. 13. If the need to integrate mobile phone with VoIP system exists, then it is recommended that WiFi Protected Access (WPA) security protocol be used than Wired Equivalent Privacy (WEP) protocol. 14. Firewalls are required if the traffic flows between voice and data networks. SUMMARY REMARKS VoIP is a newest technology and researchers speculate that its use could provide rewards to both the individual and the organization. The Telecom Insider newsletter identifies the following seven VoIP trends for 2006 that will have a bearing on its adoption. These include a possible retaliation by Internet access providers who may block VoIP calls, consolidation and partnerships, growth in broadband penetration, growth in wireless use, Session Initiation Protocol (SIP) to become the standard for delivering VoIP calls, regulatory threats, and availability of sophisticated multimedia applications. The main issue that dampens its widespread acceptance and adoption is security. The purpose of this study is to identify security threats and suggest some guidelines for improving security.

6 While many of these recommendations are from practitioner sources, it is not clear whether they will adequately negate the security threats. A great deal of academic work needs to be conducted before verifiable security recommendations leads to widespread acceptance of VoIP technology. Available upon request from the author. REFERENCES Term Call Black Holing Call Pattern Tracking Call redirection and hijacking Call Rerouting Conversation Alteration Conversation Degrading Conversation Impersonation and Hijacking Conversation Reconstruction Denial of Service Eavesdropping False Caller Identif. Fax Alteration Fax Reconstruction Message integrity Number Harvesting Packet spoofing and masquerading Replay attacks Rogue device Service abuse Text Reconstruction Toll fraud Traffic Capture Voice mail bombing (Vbombing) Video Reconstruction Voic Reconstruction Definition Any unauthorized method of dropping, absorbing or refusing to pass IP or another essential element in any VoIP protocol which has the effect of preventing or terminating a communication. The unauthorized analysis by any means of any traffic from or to any node or collection of nodes on the network. It includes monitoring and aggregation of traffic for any form of unauthorized pattern or signal analysis. A call intended for one user is redirected. Any method of unauthorized redirecting of an IP or other essential element of any VoIP protocol with the effect of diverting communication. Any unauthorized modification of any of information in the audio, video and/or text portion of any communication, including identity, status or presence information. The unauthorized and intentional reduction in quality of service (QoS) of any communication. The injection, deletion, addition, removal, substitution, replacement or other modification of any portion of any communication with information which alters any of its content and/or the identity, presence or status of any of its parties. Any unauthorized monitoring, recording, storage, reconstruction, recognition, interpretation, translation and/or feature extraction of any audio or voice portion of any communication including identity, presence or status. An attack on a system that causes loss of service to the users of that system. The unauthorized interception of voice packets or RTP media streams and the decoding of signaling messages and the intercepted data The signaling of an untrue identity or presence. Any unauthorized modification of any of information in a facsimile or other document image, including header, cover sheet, status and/or confirmation data. feature extraction of any portion of any document image in any communication including identity, presence or status. Compromise where the data has been altered in transit The authorized collection of IDs, which may be numbers, strings, URLs, addresses, or other identifiers in any form which represent nodes, parties or entities on the network. Packet or person impersonation which may include fake Caller ID and phishing attempts Retransmission of a legitimate session so the recipient device reprocesses the data A misconfigured or unauthorized device or a device about to fail and displaying aberrant behavior. The use of Corporate systems in a manner for which it was not intended. feature extraction of any portion of any text in any communication including identity, presence or status. The theft of telephony services. The unauthorized recording of traffic by any means and includes packet recording, packet logging and packet snooping for unauthorized purposes. The delivery of multiple voice mail messages (possibly thousands) to a VoIP device and is unique to VoIP networks. feature extraction of any portion of any moving images in any communication including identity, presence or status. feature extraction of any portion of any voice mail message. Table 1: VoIP Security Threats Definitions from Roberts (2005b) and VoIPSA