Implementation of Test-Bed for VoIPv6 Encryption

Sudan University of Science and Technology College of Engineering School of Electronic Engineering Implementation of Test-Bed for VoIPv6 Encryption A Research Submitted in Partial fulfillment for the Requirements of the Degree of B.Sc. (Honors) in Electronics Engineering Prepared By: Alkhansaa Abdallah Mohammed Doaa Salim Mohammed Walaa Faisal Mohammed Yusra Osman Alhaj Supervised By: Dr. Sami Hassan Omer September 2014 I

قال تعالى: ر ب ق د ءآت ی ت ن ي م ن ال م ل ك و ع ل م ت ن ي م ن ت ا و یل ال ا ح اد یث ف اط ر الس م او ات و ال ا ر ض أ نت و ل ی ي ف ي الد ن ی ا و ال ا خ ر ة ت و ف ن ي م س ل م ا و أ ل ح ق ن ي ب الص ال ح ین ] سورة یوسف [101 II

DEDICATION To our parents, thank you for all the unconditional dua, guidance, and support that you have always given us. To our friends, thank you for the support along the way. III

ACKNOWLEDGEMENT First and above all, we praise God. Dr. Sami Hassan Omer thanks you for your assistance throughout this research. This Thesis appears in its current form due to the assistance of several people. We would therefore like to offer our sincere thanks to all of them. assistance. Eng. Mustafa Mohammed Ahmed we deeply appreciate your Our families thank you for everything. We warmly thank and appreciate our parents for their material and spiritual support in all aspects of our life. Thank for everyone who helped to achieve this thesis. IV

ABSTRACT Internet Protocol (IP) has been used for most of modern communication systems standards as a networking protocol. It survived for over 30 years and has been an essential part of the Internet evolution. Today s Internet is a much different than it was 30 years ago. Most traditional communications media -including telephone -are being restructured by the Internet, giving new services such as voice over Internet Protocol (VoIP). As a result of increased demand for these services, the number of Internet-connected users and devices are growing at a rapid way. Adopting IP to support new services introduces many challenges such as managing networking resources efficiently and true end-to-end functionality (i.e. end-to-end security, QoS, etc.) which is not feasible with IPv4. IPv6 designed to be the successor to IPv4 with 128 bit to provide large address space. Additional features are impeded within the design to meet the demands of future networks. Implementing voice over IPv6 network with addition of encryption introduces an assortment of ways configurations. In this research The Secure Real-Time Transport Protocol (SRTP) will be used for media encryption and Transport Layer Security (TLS) for secure signaling. Testing Scenario will be conducted using soft-phones and Asterisk free PBX server running in Linux. It is expected that applying an encryption technique on VoIP will degrade QoS parameters. V

الحدیثة, المستخلص استخدم بروتوكول الانترنت كبروتوكول للاتصال في معظم معاییر أنظمة الا تصالات لا كثر من ثلاثین عاما ومث ل الا ونة الا خیرة مختلفا ضمنھا خدمات الاتصال الھاتفي أساسي في تطور جزء عن ما كان علیھ قبل ثلاثین عاما أعید بناؤھا بالانترنت مما إذ الانترنت. في الانترنت اصبح أن معظم الخدمات التقلیدیة من انتج خدمات جدیدة مثل الاتصال الھاتفي عبر برتكول الانترنت. نتیجة لازدیاد الطلب على ھذه الخدمات اصبح عدد المستخدمین المتصلین بالانترنت ینمو باضطراد.اعتماد ھذه الخدمات الجدیدة على بروتوكول الانترنت ادى لمواجھة عدة تحدیات مثل إدارة موارد الشبكة بكفاءة و التوصیل بین الا جھزة المتصلة دون الحاجة إلى وسیط مع تحقیق السریة وجودة الخدمة..الخ. - بت 128 تم تصمیم الا صدار السادس من بروتوكول الانترنت الذي یستخدم مساحة عنوان بطول لیحل محل الا صدار الرابع من بروتوكول الانترنت لزیاده مساحة العناوین مع إضافة الكثیر من الخصاي ص الجدیدة والتي ستشكل حاجة في مستقبل الشبكات. تطبیق خدمة الاتصال الھاتفي عبر بروتوكول الانترنت وإضافة خاصیة أمنیة لھ - مثل التشفیر- لھ عدة طرق للا عداد. في ھذا البحث سیتم استخدم بروتوكول تا مین النقل بالزمن الفعلي بالا ضافة لاستخدام بروتوكول أمن باستخدام Asterisk كمخدم في بیي ة طبقة النقل. سیناریو الاختبار سیتم إجراؤه في ھذا البحث Linux و ا ھل واتف الرقمیة. یتوقع تراجع معاملات جودة الخدمة (زمن التا خیر, نسبة فقدان حزم البیانات...الخ) عند تطبیق بروتوكول السریة. VI

TABLE OF CONTENTS I. استھلال DEDICATION II I ACKNOWLEDGEMENT... IV ABSTRACT...V VI.. المستخلص TABLE OF CONTENTS... VII LIST OF TABLES.X LIST OF FIGURES..XI LIST OF APPENDICE... XII ABBREVIATIONS XIII CHAPTER ONE INTRODUCTION... 17 1.1 Preface... 17 1.2 Problem Statement... 19 1.3 Proposed Solution... 19 1.4 Objective... 19 1.5 Methodology... 20 1.6 Thesis Outlines... 20 CHAPTER TWO INTERNET PROTOCOL VERSION6 BASED NETWORKS... Error! Bookmark not defined. 2.1 Introduction... Error! Bookmark not defined. 2.2 Internet Protocol version 4... Error! Bookmark not defined. 2.2.1 Short Term Solution... Error! Bookmark not defined. VII

2.2.2 Long Term Solution... Error! Bookmark not defined. 2.2.2.1 History of IPv6... Error! Bookmark not defined. 2.3 Internet Protocol version 6... Error! Bookmark not defined. 2.3.1 Benefits of IPv6 over IPv4... Error! Bookmark not defined. 2.3.2 IPv6 Main Header... Error! Bookmark not defined. 2.3.3 IPv6 Supported Protocols... Error! Bookmark not defined. 2.3.3.1 Internet Control Message Protocol version 6... Error! Bookmark not defined. 2.3.3.2 IPv6 Neighbor Discovery (ND)... Error! Bookmark not defined. 2.3.3.3 Multicast Listener Discovery (MLD)... Error! Bookmark not defined. 2.3.4 Address Architecture... Error! Bookmark not defined. 2.3.4.1 IPv6 Address Representation... Error! Bookmark not defined. 2.3.4.2 IPv6 Address Types... Error! Bookmark not defined. 2.3.5 Transition to IPv6... Error! Bookmark not defined. 2.3.6 IPv6 Lifetime Cycle... Error! Bookmark not defined. CHAPTER THREE ENCRYPTION of VOICE OVER INTERNET PROTOCOL... Error! Bookmark not defined. 3.1 Introduction... Error! Bookmark not defined. 3.2 Public Switched Telephone Network... Error! Bookmark not defined. 3.2.1 Drawbacks of the PSTN... Error! Bookmark not defined. 3.3 IP Based Networks... Error! Bookmark not defined. 3.4 Voice over Internet Protocol... Error! Bookmark not defined. 3.4.1 VoIP Generations... Error! Bookmark not defined. 3.4.1.1 First-Generation of VoIP Networks. Error! Bookmark not defined. 3.4.1.2 Second-Generation of VoIP Networks... Error! Bookmark not defined. VIII

3.4.1.3 Third-Generation of VoIP Networks Error! Bookmark not defined. 3.5 Voice Digitization and Encoding... Error! Bookmark not defined. 3.5.1 Codecs... Error! Bookmark not defined. 3.5.1.1 Waveform Codecs... Error! Bookmark not defined. 3.5.1.2 Source Codecs... Error! Bookmark not defined. 3.5.1.3 Hybrid Codecs... Error! Bookmark not defined. 3.6 ITU-T G Series... Error! Bookmark not defined. 3.6.1 Quality of Service... Error! Bookmark not defined. 3.7 VoIP Supported Protocols... Error! Bookmark not defined. 3.7.1 Transmission Protocols... Error! Bookmark not defined. 3.7.2 Signaling Protocols... Error! Bookmark not defined. 3.7.2.1 Session Initiation Protocol. Error! Bookmark not defined. 3.7.2.2 H.323... Error! Bookmark not defined. 3.7.3 Security Support Protocols... Error! Bookmark not defined. 3.7.3.1 Secure Real Time Transport Protocol... Error! Bookmark not defined. 3.7.3.2 Transport Layer Security... Error! Bookmark not defined. CHAPTER FOUR RESULTS IMPLEMENTATION VoIPv6 TEST-BED and..error! Bookmark not defined. 4.1 Testing Scenario... Error! Bookmark not defined. 4.1.1 Call Initiation... Error! Bookmark not defined. 4.1.2 Enabling Secure Call with SRTP... Error! Bookmark not defined. 4.2 G.726 Evaluation... Error! Bookmark not defined. 4.3 Result and Discussion... Error! Bookmark not defined. CHAOTER FIVE CONCLUSION AND RECOMMENDATIONS... Error! Bookmark not defined. 5.1 Conclusion... Error! Bookmark not defined. IX

5.2 Recommendations... Error! Bookmark not defined. References..Er ror! Bookmark not defined. APPENDECIES... Error! Bookmark not defined. X

LIST OF TABLES TABLE NO TITLE PAGE 3.1 SIP Messages 31 XI

LIST OF FIGURES FIGURE NO TITLE PAGE 2.1 IPv4 and IPv6 Main Header 13 2.2 IPv6 Lifetime Cycle 19 4.1 Testing Scenario 36 4.2 Delay 39 4.3 Jitter 39 4.4 Packet loss 39 5.1 Normal Call RTP Packets 41 5.2 Key Negotiation 42 XII

LIST OF APPENDICE APPENDICE TITLE PAGE A TLS Configuration in Asterisk Server 46 B TLS and SRTP-enabled SIP peer within Asterisk 47 XIII

ABBREVIATIONS 1, 2, 3G First, Second, Third Generation ADPCM AES ARP CATNIP CIDR CLNP Codecs DoS Adaptive Deferential Pulse Code Modulation Advanced Encryption Standard Address Resolution Protocol Common Architecture for the Internet Classless Inter-Domain Routing Connectionless Network Layer Protocol Coders/Decoders Denial of Service DHCPv6 Dynamic Host Configuration Protocol version 6 DNS GUI HTTP IANA ICMP ICMPv6 IETF Domain Name System Graphical User Interface Hybrid Text Transfer Protocol Internet Assigned Numbers Authority Internet Control Message Protocol Internet Control Message Protocol for IPv6 Internet Engineering Task Force IGMPv3 Internet Group Management Protocol version 3 IP IPAE IPng IPsec IPTV Internet Protocol IP Address Encapsulation Internet Protocol Next Generation Internet Protocol Security IP Television IPv4 Internet Protocol version 4 IPv6 Internet Protocol version 6 XIV

IPX Internetwork Packet Exchange ISDN Integrated Services for Digital Network ISP Internet Service Provider ITU-T International Telecommunication Union- Telecommunication Standardization Sector IVR Interactive Voice Response LAN local Area Network MCUs Multipoint Control Units MLD Multicast Listener Discovery MTU Maximum Transmission Unit NAT Network Address Translation NAT-PT Network Address Translation - Protocol Translation NAT6 Network Address Translation 6 NAT64 Network Address Translation 64 ND Neighbor Discovery OSI Open System Interconnection PAT Port Address Translation PBX Private Box Exchange PCM Pulse Code Modulation PSTN Public Switched Telephone Network QoS Quality of Service RARP Reverse Address Resolution Protocol RAS Registration Admission and Status RIR Regional Internet Registry RTCP Real Time Control Protocol RTP Real-time Transport Protocol SDP Session Description Protocol SIP Session Initiation Protocol SIP Simple Internet Protocol XV

SIPP Simple Internet Protocol Plus SLAAC Stateless Address Autoconfiguration SRTP Secure Real Time Transport Protocol SSRC Synchronization Source TCP Transport Control Protocol TCP/IP Transport Control Protocol/Internet Protocol TCP/UDP Transport Control Protocol/User Datagram Protocol TLS Transport Layer Security TUBA TCP/UDP over CLNP Addressed Networks UA User Agents UAC User Agent Clients UAS User Agent Servers UDP User Datagram Protocol VoIPv6 Voice over IP version 6 VPNs Virtual Private Networks XVI

CHAPTER ONE INTRODUCTION 17

1. INTRODUCTION 1.1 Preface For a while the range of applications that operate over the Internet, has been dominated by e-mail, and file transfer, and Web interfaces that emphasized text and images, etc. The abundance of broadband access to the Internet has increased the interest in Internet-based multimedia applications. Multimedia applications which are involve massive amounts of data for visualization and support of real-time interactivity. One of the most widespread multimedia applications is Voice over IP (VoIP). VoIP allows a user to make long-distance phone calls for a slight investment. The voice is digitized, compressed and sent over the network, then recovered at the other side. [1] The advent of VoIP followed PSTN due to the need of carrying voice over their data networks. Each device on an Internet must have a unique IP address to identify the network ID as well as the host s own ID. The Internet is a dynamic environment, the usage of the Internet is differed greatly since IPv4 was developed, which it has a theoretical upper limit of about 4.3 billion unique addresses. The actual number 18

of devices has been increased dramatically, considering the multiple Internetenabled devices such as smart phones, tablets and laptops. Thus there is inefficiency in the allocation of IPv4's addresses over the years. NAT had been put forward as substantial solution, but it emerged an issue about the end-to-end nature of IP computing. IPv6 had been presented as the best hope to meet the demands of Internet users. IPv6 provides enormous number of addresses which it enables globally unique IPs for all devices, which called off the need for NAT. IPv6 header has two QoS-related fields; flow label, and traffic class identifier, which improved QoS. Cellular telephone systems present a large deployment field for Internet Protocol devices as mobile telephone service transiting to "next-generation" 4G technologies, in which voice is provisioned as a Voice over Internet Protocol (VoIP) service. This mandates the use of IPv6 for such networks. And add acceptable level of security. Overall, it seems a sensible idea to implement VoIP on an IPv6 network to contribute to its widespread, and to make use of IPv6 features. This project emphasizes the implementation of TLS and SRTP, and the measurement of QoS parameters for the secure and unsecure telephony calls. 19

1.2 Problem Statement All fourth generation (4G) telecommunication standards are mainly based on packet switching infrastructure. Moreover IPv6 is being mandatory for such standards since the number of connected devices is growing and the bandwidth requirements are increasing. Furthermore, for most of new services true end-to-end functionality is needed which is viable only through IPv6. Thus, various configuration scenarios have been proposed to standardize an optimum scenario for implementing voice over IPv6 and adding an acceptable level of security. 1.3 Proposed Solution An implementation of test-bed platform for voice over IPv6 is needed to evaluate various scenarios and define the optimum architecture for encrypted voice over IPv6 components. 1.4 Objective To implement a Test bed. To configure IPv6 on the network nodes and asterisk server. To make voice over IPv6 calls. To sniff the voice over IPv6 conversations between two nodes. To implement secure calls based on SRTP and TLS as voice security protocols. 20

1.5 Methodology An inductive approach is concerned with data analysis to generate new theory while the deductive method begins with hypothesis. Deductive approach is adopted in this thesis to implement encrypted voice over IPv6 testing environment. Both virtual and physical platform are used to assure maximum flexibility, adaptability and reusability. The VoIP communication was tested on a LAN with installed soft- phones to make calls through it.they were selected so as to support IPv6, SIP as signaling protocol and both SRTP,TLS as VoIP security support protocols. Free PBX server AsteriskNow version was used in order to forward the calls between two soft-phones. Wireshark version 1.10.6 was used as a packet sniffer tool to capture packets, displays message exchanges and reports performance data such as quality of service parameters. 1.6 Thesis Outlines Chapter Two and chapter Three illustrate the literature review. The former give an overview of IPv6 based networks while the later describe voice over IP and an encryption technique. An explanation of testing platform for VoIPv6 and result are described in chapter Four. Then Conclusion and recommendation of future works are drawn in chapter Five. 21