Security in IP telephony (VoIP) David Andersson Erik Martinsson.

Slides:



Advertisements
Similar presentations
Presented By:- Yash Jariwala Paras Patel Deep Amrutiya.
Advertisements

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Nicolas FISCHBACH Senior Manager, IP Engineering/Security - COLT Telecom - version 1.0 Voice over IP (VoIP)
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Fundamentals of Multimedia Part III: Multimedia Communications and Networking Chapter 15 : Network Services and Protocols for Multimedia Communications.
Voip Calls Recording Solution MiaRec Business.
Review of a research paper on Skype
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Application Layer – Lecture.
File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.
Voice over Internet Protocol (VoIP) Training and Development.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
K. Salah 1 Chapter 28 VoIP or IP Telephony. K. Salah 2 VoIP Architecture and Protocols Uses one of the two multimedia protocols SIP (Session Initiation.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,
Rajeev Bevara CS-555 Security Threats in VoIP. What is VoIP ? ➔ VOIP - Voice Over Internet Protocol. ➔ Delivery of voice communications and multimedia.
Leveraging Existing Application Processors in Mobile Devices to Implement VoIP Client.
By: Christopher Henderson.  What is VoIP?  How is it being used?  VoIP’s main Security Threats.  Availability of Service  Integrity of Service 
Web2forDev Learning Opportunity [venue], [date] CTA is an ACP-EU institution working in the field of information for development. It operates under the.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
UC Security with Microsoft Office Communication Server R1/R2 FRHACK Sept 8, 2009 Abhijeet Hatekar Vulnerability Research Engineer.
Copyright Security-Assessment.com 2005 VoIP 2 Is free too Expensive? by Darren Bilby and Nick von Dadelszen.
How to construct world-class VoIP applications on next generation hardware David Duffett, Aculab.
Elizabeth Correa- System Solutions Architect
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
Application Layer 2-1 Chapter 2 Application Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012.
Packetizer ® Copyright © 2008 H.325 Beyond Today’s Second Generation Systems Paul E. Jones Rapporteur, ITU-T Q12/16 1.
1 TAC2000/ IP Telephony Lab IP Telephony (Voice over IP) Associate Professor Quincy Wu Graduate Institute of Communication.
Media Server Streaming Elizabeth Canela David Vera Bernard James Lilian Ohanian.
Support Services & IP Multimedia Subsystem (IMS)
VoIP Security Assessment: Methods and Tools H. Abdelnur, V. Cridlig, R. State and O. Festor Madynes, LORIA-INRIA.
January 23-26, 2007 Ft. Lauderdale, Florida Host media processing – revisited Faye McClenahan – Aculab.
Applied Communications Technology Voice Over IP (VOIP) nas1, April 2012 How does VOIP work? Why are we interested? What components does it have? What standards.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
Setup and Evaluate Quality of Service of VoIP on SCOLD Systems Sherry Adair Hakan Evecek Elizabeth Gates.
RTP Encryption for 3G Networks Rolf Blom, Elisabetta Carrara, Karl Norrman, Mats Näslund Communications Security Lab Ericsson.
Developing with VoiceXML Building a Video Conference Application.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Remote Connectivity and VoIP Hacking
Voice over IP by Rahul varikuti course instructor: Vicky Hsu.
ﺑﺴﻢﺍﷲﺍﻠﺭﺣﻣﻥﺍﻠﺭﺣﻳﻡ. Group Members Nadia Malik01 Malik Fawad03.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
1 Client Software and Mail Hosts Client PC has client software that communicates with user’s mail host Mail hosts deliver outgoing mail to.
.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.
Voice over IP B 林與絜.
Toshiba Confidential 1 Presented by: Philipe BC Da’Silva SESSION INITIATION PROTOCOL.
August 3-4, 2004 San Jose, CA VoIP Quality and Network Performance Mike Moldovan Director of Engineering, Telephony,
Developing Applications with Host Media Processing David Asher.
VoIP -Voice over Internet Protocol COE 341 Self-Learning Assignment By: Ayman Al-Bassam Amar Farouk Merah
Fs Streaming Media a presentation by Florian Seidel.
Chapter 6 Remote Connectivity and VoIP Hacking Last modified
Cooperation between stations in wireless networks Andrea G. Forte, Henning Schulzrinne Department of Computer Science, Columbia University Presented by:
Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 1 – Introduction to VoIP.
Address Spoofing, DoS, and VoIP Groups 5 and 6. Spoofing, DoS, and VoIP MAC Address Spoofing MAC Address Spoofing IP Spoofing IP Spoofing DNS Spoofing.
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
S Postgraduate Course in Radio Communications. Application Layer Mobility in WLAN Antti Keurulainen,
Presented by Maria Shah. Road Map  VoIP Benefits  VoIP Protocols  VoIP Analysis  Advantages  Disadvantages  Implementing  Security  Summary.
VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.
Protocols and the TCP/IP Suite Overview and Discussion
VOICE AND VIDEO OVER IP VOIP, RTP, RSVP.
Remote Connectivity and VoIP Hacking
VoIP Signaling Protocols Framework
Presentation transcript:

Security in IP telephony (VoIP) David Andersson Erik Martinsson

Background VoIP is becoming very popular - money to be saved! - new features Not trivial to implement (QoS, availability, security) Services released with focus only on functionality

Goals Get an overview of VoIP Find out about the security threats Relevance to language-based security? Study some attacks against VoIP

What we have done Learned about VoIP technology - common network setups - protocols Evaluation of VoIP threats Studying and testing some attacks Skype

A Network Setup

Protocols SIP and RTP most common Both open and defined by IETF RTP flexible media transfer protocol SIP is an initialization protocol SIP uses text based messages SIP reuses many existing standards

Security: VoIP vs POTS Very different networks trying to achieve the same goals POTS is physically difficult to attack VoIP has more security features but is open for attacks over the entire world through the Internet

Security: Threats VOIPSA (VoIP Security Alliance) has made an extensive list of threats A mixture of threats in POTS and in IP- networks

Security: Language-Based? VoIP is a complex system Secure networking has well known solutions, but… …end-devices are hard to control The key to securing VoIP is to secure the clients!

Attacks SIP-attacks: - Bombing - Cancel/Bye - Call hijacking RTP eavesdropping

Attacks: SIP Possible to generate SIP packets with i.e. SiVus (The VoIP Vulnerability Scanner) Attacks must be done within timeframe of a call or sometimes during the initial handshake Software for real-time attack is needed

Attacks: sniffing RTP Ethereal can analyze RTP and find media streams Open codecs are easily decoded We could playback entire conversations!

Skype Most popular VoIP software today Proprietary protocol Information sent without using the software Secure channel (VoIP, IM, File transfer) Impossible to distinguish betweem VoIP, IM or File transfers

Evaluation VoIP is usually not very secure!! Use with caution until otherwise is proved Our goals reached